CN115515140A - Method, device, equipment and storage medium for preventing wireless network attack - Google Patents
Method, device, equipment and storage medium for preventing wireless network attack Download PDFInfo
- Publication number
- CN115515140A CN115515140A CN202211147252.8A CN202211147252A CN115515140A CN 115515140 A CN115515140 A CN 115515140A CN 202211147252 A CN202211147252 A CN 202211147252A CN 115515140 A CN115515140 A CN 115515140A
- Authority
- CN
- China
- Prior art keywords
- access point
- characteristic information
- rssi
- indication information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000004590 computer program Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 description 11
- 230000002265 prevention Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/73—Access point logical identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/90—Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Emergency Management (AREA)
- Environmental & Geological Engineering (AREA)
- Public Health (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application provides a method, a device, equipment and a storage medium for preventing wireless network attack, wherein in the method, terminal equipment receives indication information sent by a first access point, and the indication information is used for indicating the terminal equipment to disconnect network connection with the first access point; determining whether the destination address indicated by the indication information is a broadcast address; and if so, generating an early warning prompt. The terminal equipment can identify and prevent wireless network attacks, and the data security is improved.
Description
Technical Field
The present application belongs to the field of wireless local area network technology, and in particular, to a method, an apparatus, a device and a storage medium for preventing wireless network attacks.
Background
A De-authentication Flood Attack (De-authentication Flood Attack) may be referred to as a Deauth Attack for short, which is a form of wireless network denial of service Attack.
The Deauth attack may be that an attack direction sends a fabricated false disconnection request packet to a first Access Point (AP), the first Access point sends a packet agreeing to disconnection to a terminal device in the entire lan after receiving the packet, and the terminal device automatically attempts to reconnect to the first Access point after disconnection. The attacker may Set a Service Set Identifier (SSID) and a phishing access point with the same password as the first access point. During the reconnection process, the terminal device may be connected to the phishing access point, so that various privacy data on the terminal device are stolen, and the data security is low.
Disclosure of Invention
The embodiment of the application relates to a method, a device, equipment and a storage medium for preventing wireless network attacks, wherein terminal equipment can identify and prevent Deauth attacks, and the security of data is improved.
In a first aspect, an embodiment of the present application provides a method for preventing a wireless network attack, including:
receiving indication information sent by a first access point, wherein the indication information is used for indicating that the terminal equipment is disconnected from the first access point;
judging whether the destination address indicated by the indication information is a broadcast address or not;
and if so, generating an early warning prompt.
In one possible embodiment, generating the warning prompt includes:
acquiring first characteristic information before a first access point sends indication information;
acquiring second characteristic information after the first access point sends the indication information;
and generating an early warning prompt according to the first characteristic information and the second characteristic information.
In one possible embodiment, the first characteristic information comprises a strength indication RSSI of the first received signal, and/or a first basic service set identification BSSID;
the second characteristic information includes a second RSSI, and/or a second BSSID.
In one possible embodiment, the first characteristic information is a first RSSI; acquiring first characteristic information before the first access point sends the indication information, wherein the first characteristic information comprises:
acquiring a first signal sent by a first access point, wherein the sending time of the first signal is earlier than that of the indication information;
and measuring the first signal to obtain a first RSSI.
In one possible implementation mode, generating an early warning prompt according to the first characteristic information and the second characteristic information; the method comprises the following steps:
judging whether the first characteristic information is the same as the second characteristic information;
if so, acquiring the reconnection times of the terminal equipment and the first access point, and generating an early warning prompt according to the reconnection times;
if not, when the terminal equipment is reconnected with the first access point, the reconnection is cancelled, and an early warning prompt is generated.
In a possible embodiment, the first characteristic information is a first RSSI, and the second characteristic information is a second RSSI; judging whether the first characteristic information is the same as the second characteristic information, including:
determining a difference value between the first RSSI and the second RSSI;
if the difference value is larger than or equal to a first preset threshold value, determining that the first RSSI and the second RSSI are different;
and if the difference value is smaller than a first preset threshold value, determining that the first RSSI is the same as the second RSSI.
In one possible implementation mode, generating an early warning prompt according to the reconnection times; the method comprises the following steps:
judging whether the reconnection times are greater than a second preset threshold value or not;
if yes, when the terminal equipment is reconnected with the first access point, reconnection is cancelled, and an early warning prompt is generated.
In a second aspect, an embodiment of the present application provides an apparatus for preventing a wireless network attack, including a receiving module, a determining module, and a generating module, wherein,
the receiving module is used for receiving indication information sent by the first access point, wherein the indication information is used for indicating the terminal equipment to disconnect the network connection with the first access point;
the judging module is used for judging whether the destination address indicated by the indicating information is a broadcast address;
the generation module is used for generating an early warning prompt if the alarm is generated.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory;
the memory stores computer-executable instructions;
the processor executes the computer-executable instructions stored by the memory, causing the processor to perform the method of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are executed by a processor, the method of the first aspect is implemented.
In a fifth aspect, the present application provides a computer program product comprising a computer program that, when executed by a processor, implements the method of the first aspect.
In a sixth aspect, an embodiment of the present application provides a chip, where a computer program is stored on the chip, and when the computer program is executed by the chip, the method according to the first aspect is implemented.
In one possible embodiment, the chip is a chip in a chip module.
The embodiment of the application provides a method, a device, equipment and a storage medium for preventing wireless network attack, wherein in the method, terminal equipment receives indication information sent by a first access point, and the indication information is used for indicating the terminal equipment to disconnect network connection with the first access point; determining whether the destination address indicated by the indication information is a broadcast address; and if so, generating an early warning prompt. The terminal equipment can identify and prevent the Deauth attack, and the data security is improved.
Drawings
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for preventing a wireless network attack according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating a display of an early warning prompt according to an embodiment of the present disclosure;
fig. 4 is a flowchart illustrating another method for preventing wireless network attacks according to an embodiment of the present application;
fig. 5 is a flowchart illustrating a further method for preventing wireless network attacks according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an apparatus for preventing a wireless network attack according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that, although the terms "first", "second", and the like are used in the embodiments of the present application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. Alternatively, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present application.
It will be understood that the terms "comprises" and "comprising" indicate the presence of the previously mentioned features, steps, operations, but do not preclude the presence, or addition of one or more other features, steps, operations. The term "and/or" and the like as used herein can be construed as being inclusive or meaning any one or any combination. Alternatively, "a and/or B" means "any of the following: a; b; a and B'. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.
For ease of understanding, an application scenario to which the embodiment of the present application is applied is described below with reference to fig. 1.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application. Referring to fig. 1, a first access point 101 and a terminal device 102 are included. After the terminal device 102 establishes a connection with the first access point 101, data may be transmitted.
In the related art, the Deauth attacker may send a fabricated false data packet requesting disconnection to the first access point with the broadcast address as the source address, and after receiving the data packet, the first access point returns a data packet agreeing to disconnection to the broadcast address, so that the terminal devices in the entire lan all receive the data packet agreeing to disconnection. After the connection between the terminal device and the first access point is disconnected, the terminal device automatically attempts to reconnect to the first access point, and in the process of reconnection, the following problems occur:
1. an attacker can capture a data packet handshake between the first access point and the terminal equipment when reconnecting, so that the password of the first access point is stolen;
2. after stealing the password, the attacker can set a phishing access point with the same SSID and password as the first access point, and when reconnecting, the terminal equipment can be connected to the phishing access point, so that various privacy data on the terminal equipment are stolen.
In order to avoid the foregoing technical problem, an embodiment of the present application provides a method for preventing a wireless network attack, where after receiving indication information indicating disconnection, a terminal device may identify and prevent a Deauth attack by determining whether a destination address indicated by the indication information is a broadcast address, so as to improve data security.
The technical means shown in the present application will be described in detail below with reference to specific examples. It should be noted that the following embodiments may exist independently or may be combined with each other, and descriptions of the same or similar contents are not repeated in different embodiments.
Fig. 2 is a flowchart illustrating a method for preventing a wireless network attack according to an embodiment of the present application. Referring to fig. 2, the method includes:
s201, receiving indication information sent by the first access point.
The execution main body of the embodiment of the application can be terminal equipment such as a mobile phone, a smart watch and a smart screen, and can also be a device which is arranged in the terminal equipment and used for preventing wireless network attacks. The device for preventing the wireless network attack can be realized by software, and also can be realized by the combination of the software and hardware.
The indication information may be used to instruct the terminal device to disconnect the network connection from the first access point.
The indication information may be carried in a management packet.
The network connection between the terminal device and the first access point may be a Wireless Fidelity (WIFI) connection.
S202, judging whether the destination address indicated by the indication information is a broadcast address.
If yes, executing S203;
if not, the wireless network attack prevention process is ended, and a normal disconnection process is entered.
The destination address indicated by the indication information may be the destination address at which the first access point transmits the indication information.
The Broadcast Address (Broadcast Address) may be one Address dedicated to transmitting to all stations in the network simultaneously.
In a network using a Transmission Control Protocol (TCP)/Internet Protocol (IP) Protocol, an IP address where a Host Identity Document (Host ID) segment is all 1 is a broadcast address, and a broadcast packet is transmitted to all computers to which the Host ID segment relates. For example, for a 10.1.1.0 (255.255.255.0) segment whose broadcast address is 10.1.1.255 (255 is 11111111 in 2), when a packet (packet) with a destination address of 10.1.1.255 is sent out, it will be distributed to all computers on that segment.
If the destination address of the indication information sent by the first access point is the IP address of a certain terminal device, not the broadcast address, it may be determined that the disconnection operation indicated by the indication information is a normal disconnection operation.
And S203, generating an early warning prompt.
As shown in fig. 3, the terminal device may display a prompt interface, and display an early warning prompt in the prompt interface.
The early warning prompt can prompt the user that the current WIFI network is possibly attacked by Deauth, please check the network, and the like.
The user can end the wireless network attack prevention process after checking the network, and then enter the wireless network attack prevention process after receiving the indication information next time.
In the embodiment shown in fig. 2, the terminal device receives indication information sent by the first access point, where the indication information is used to indicate that the terminal device disconnects from the network of the first access point; determining whether the destination address indicated by the indication information is a broadcast address; and if so, generating an early warning prompt. The terminal equipment can identify and prevent the Deauth attack by judging whether the destination address indicated by the indication information is the broadcast address, so that the data security is improved.
On the basis of the embodiment shown in fig. 2, the terminal device may determine whether the first access point sending the indication information is attacked by Deauth according to whether the destination address is a broadcast address, and if the destination address is a broadcast address, may determine that the first access point is attacked by Deauth. In order to improve the accuracy of identifying the Deauth attack, the destination address may be determined to be a broadcast address, and then a further determination may be made, and the following describes in detail a flow of the terminal device for preventing a wireless network attack with reference to fig. 4.
Fig. 4 is a flowchart illustrating another method for preventing a wireless network attack according to an embodiment of the present application. Referring to fig. 4, the method includes:
s401, receiving indication information sent by the first access point.
It should be noted that the execution process of S401 may refer to the execution process of S201, and is not described herein again.
S402, judging whether the destination address indicated by the indication information is a broadcast address.
If yes, go to S403.
If not, the step S405 is executed, and the normal disconnection process is entered.
If the destination address is a broadcast address, it may be determined that the first access point is suspected of being attacked by Deauth, and S403 may be performed in order to determine whether the first access point is attacked by Deauth.
S403, first characteristic information before the first access point sends the indication information and second characteristic information after the first access point sends the indication information are obtained.
The first characteristic information and the second characteristic information may be the same or different.
After the terminal device establishes a connection with the first access point, first characteristic information of the first access point may be acquired.
After receiving the indication information indicating disconnection, the terminal device disconnects from the first access point, automatically enters a reconnection process, and can acquire the second characteristic information of the first access point again after reconnection.
The first feature information may include a Received Signal Strength Indicator (RSSI) of the first Received Signal and/or a Basic Service Set Identity (BSSID).
The second characteristic information may include a second RSSI, and/or a second BSSID.
The first RSSI and the second RSSI may be the same or different.
The first BSSID and the second BSSID may be the same or different.
The first RSSI may be obtained by:
acquiring a first signal sent by a first access point, wherein the sending time of the first signal is earlier than that of the indication information; and measuring the first signal to obtain a first RSSI.
The second RSSI may be obtained by referring to the first RSSI, which is not described herein again.
And S404, generating an early warning prompt according to the first characteristic information and the second characteristic information.
After receiving the indication information indicating disconnection, the terminal device disconnects from the first access point and automatically enters a reconnection process. At this time, if the first access point is the indication information issued only by the Deauth attack, the terminal device reconnects to the phishing access point which may be the same as the SSID and password of the first access point. However, the terminal device does not know that it is the phishing access point, and at this time, the terminal device may acquire the second feature information of the "first access point" again. If the first characteristic information is different from the first characteristic information, it may be determined that the first access point is attacked by Deauth.
S405, ending the wireless network attack prevention process.
After receiving the early warning prompt, the user can check the network to ensure the security of the data, then can end the wireless network attack prevention process, and enter the wireless network attack prevention process after receiving the indication information next time.
In the embodiment shown in fig. 4, the terminal device receives indication information sent by the first access point, where the indication information is used to indicate that the terminal device disconnects the network connection with the first access point; determining whether the destination address indicated by the indication information is a broadcast address; if yes, first characteristic information before the first access point sends the indication information and second characteristic information after the first access point sends the indication information are obtained, and an early warning prompt is generated according to the first characteristic information and the second characteristic information. The terminal device can judge whether the first access point is suspected to be attacked by Deauth or not by judging whether the destination address indicated by the indication information is a broadcast address or not, and then further determine that the first access point is attacked by Deauth according to the first characteristic information and the second characteristic information, so that the terminal device can correctly identify and prevent the Deauth attack, and the data security is improved.
Based on any of the above embodiments, the following describes in detail the flow of preventing the wireless network attack according to the present application with reference to fig. 5.
Fig. 5 is a flowchart illustrating a further method for preventing a wireless network attack according to an embodiment of the present application. Referring to fig. 5, the method includes:
s501, receiving indication information sent by the first access point.
It should be noted that the execution process of S501 may refer to the execution process of S201, and is not described herein again.
S502, judging whether the destination address indicated by the indication information is a broadcast address.
If yes, go to S503.
If not, go to step S508 and enter the normal disconnection process.
S503, acquiring first characteristic information before the first access point sends the indication information and second characteristic information after the first access point sends the indication information.
It should be noted that the execution process of S503 may refer to the execution process of S403, and details are not described here.
S504, whether the first characteristic information is the same as the second characteristic information is judged.
If yes, go to S505.
If not, go to S507.
If the first characteristic information is a first RSSI and the second characteristic information is a second RSSI, whether the first RSSI and the second RSSI are the same can be determined by the following method:
determining a difference between the first RSSI and the second RSSI; if the difference value is larger than or equal to a first preset threshold value, determining that the first RSSI is different from the second RSSI; and if the difference value is smaller than a first preset threshold value, determining that the first RSSI is the same as the second RSSI.
The difference may be an absolute value.
The first preset threshold may be determined according to actual conditions, and the application is not limited.
If the first characteristic information is a first RSSI and the second characteristic information is a second RSSI, the difference between the first characteristic information and the second characteristic information may mean that the difference between the first RSSI and the second RSSI is greater than or equal to a first preset threshold; the first characteristic information and the second characteristic information are the same, which means that a difference value between the first RSSI and the second RSSI is smaller than a first preset threshold.
If the first characteristic information is a first BSSID and the second characteristic information is a second BSSID, the difference between the first characteristic information and the second characteristic information may mean that the first BSSID is different from the second BSSID; the first characteristic information being identical to the second characteristic information may mean that the first BSSID is identical to the second BSSID.
If the first characteristic information includes a first RSSI and a first BSSID, and the second characteristic information includes a second RSSI and a second BSSID, the difference between the first RSSI and the second RSSI may be greater than or equal to a first preset threshold and/or the first BSSID is different from the second BSSID; the first characteristic information may be the same as the second characteristic information, which may mean that a difference value between the first RSSI and the second RSSI is less than a first preset threshold value and the first BSSID is the same as the second BSSID.
And S505, acquiring the reconnection times of the terminal equipment and the first access point.
If the terminal equipment and the first access point are disconnected, reconnection is automatically tried, and if the reconnection fails, reconnection is triggered again. The number of reconnection times may be the number of times that the terminal device sends a connection request to the first access point after disconnection.
The terminal device may generate an early warning prompt according to the reconnection times, and may specifically execute step S506 and subsequent steps.
And S506, judging whether the reconnection times are larger than a second preset threshold value.
If yes, go to S507.
If not, go to S508.
The second preset threshold may be determined according to actual conditions, and the application is not limited.
Illustratively, the second preset threshold may be 2.
The reconnection times are limited to avoid that data packets sent in the reconnection process are intercepted by other terminal equipment, so that the data security is improved.
And S507, when the terminal equipment is reconnected with the first access point, the reconnection is cancelled, and an early warning prompt is generated.
The reconnection is cancelled to improve the security of the data.
Generating the warning prompt may refer to S203, which is not described herein.
And S508, ending the wireless network attack prevention process.
It should be noted that the execution process of S508 may refer to the execution process of S405, and is not described herein again.
In the embodiment shown in fig. 5, the terminal device receives indication information sent by the first access point, where the indication information is used to indicate that the terminal device disconnects the network connection with the first access point; determining whether the destination address indicated by the indication information is a broadcast address; if yes, acquiring first characteristic information before the first access point sends the indication information and second characteristic information after the first access point sends the indication information, judging whether the first characteristic information is the same as the second characteristic information or not, and if yes, acquiring the reconnection times of the terminal equipment and the first access point; if the reconnection times are larger than a second preset threshold value, the reconnection is cancelled when the terminal equipment is reconnected with the first access point, and an early warning prompt is generated; and if the first characteristic information is different from the second characteristic information, when the terminal equipment is reconnected with the first access point, the reconnection is cancelled, and an early warning prompt is generated. The terminal equipment can correctly identify and prevent the Deauth attack, and the data security is improved.
Fig. 6 is a schematic structural diagram of an apparatus for preventing a wireless network attack according to an embodiment of the present application. Referring to fig. 6, the apparatus 10 includes a receiving module 11, a determining module 12 and a generating module 13, wherein,
the receiving module 11 is configured to receive indication information sent by a first access point, where the indication information is used to indicate that a terminal device is disconnected from a network connection with the first access point;
the judging module 12 is configured to determine whether the destination address indicated by the indication information is a broadcast address;
the generating module 13 is configured to generate an early warning prompt if the current time is longer than the preset time.
In one possible implementation, the generating module 13 includes a first obtaining submodule, a second obtaining submodule, and a generating submodule, wherein,
the first obtaining submodule is used for obtaining first characteristic information before the first access point sends the indication information;
the second obtaining submodule is used for obtaining second characteristic information after the first access point sends the indication information;
and the generating submodule is used for generating an early warning prompt according to the first characteristic information and the second characteristic information.
In one possible embodiment, the first characteristic information comprises a strength indication RSSI of the first received signal, and/or a first basic service set identification BSSID;
the second characteristic information includes a second RSSI, and/or a second BSSID.
In one possible embodiment, the first characteristic information is a first RSSI; the first obtaining sub-module is specifically configured to:
acquiring a first signal sent by a first access point, wherein the sending time of the first signal is earlier than that of the indication information;
the first signal is measured to obtain a first RSSI.
In one possible embodiment, the generation submodule comprises a determination unit and a generation unit, wherein,
the judging unit is used for judging whether the first characteristic information is the same as the second characteristic information;
the generating unit is used for acquiring the reconnection times of the terminal equipment and the first access point if the access point is in the access state, and generating an early warning prompt according to the reconnection times; if not, when the terminal equipment is reconnected with the first access point, the reconnection is cancelled, and an early warning prompt is generated.
In a possible embodiment, the first characteristic information is a first RSSI, and the second characteristic information is a second RSSI; the judging unit is specifically configured to:
determining a difference between the first RSSI and the second RSSI;
if the difference value is larger than or equal to a first preset threshold value, determining that the first RSSI and the second RSSI are different;
and if the difference value is smaller than a first preset threshold value, determining that the first RSSI is the same as the second RSSI.
In a possible implementation, the generating unit is specifically configured to:
judging whether the reconnection times are greater than a second preset threshold value or not;
and if so, canceling reconnection and generating an early warning prompt when the terminal equipment is reconnected with the first access point.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 7, the electronic device 20 may include: transceiver 21, memory 22, processor 23. The transceiver 21 may include: a transmitter and/or a receiver. The transmitter may also be referred to as a sender, a transmitter, a sending port, a sending interface, and the like, and the receiver may also be referred to as a receiver, a receiving port, a receiving interface, and the like. Illustratively, the transceiver 21, the memory 22, and the processor 23 are connected to each other by a bus 24.
the processor 23 is configured to execute the program instructions stored in the memory to enable the electronic device 20 to perform any one of the above-described methods for preventing wireless network attacks.
The transceiver 21 is used for performing a transceiving function of the electronic device 20 in the method for preventing wireless network attacks.
The electronic device 20 may be a chip, a module, an Integrated Development Environment (IDE), or the like.
The embodiment of the application provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are executed by a processor, the method for preventing wireless network attacks is implemented.
Embodiments of the present application further provide a computer program product, which can be executed by a processor, and when the computer program product is executed, any one of the above methods for preventing a wireless network attack can be implemented.
The apparatus, the electronic device, the computer-readable storage medium, and the computer program product for preventing a wireless network attack in the embodiments of the present application may implement the technical solutions shown in the embodiments of the communication method, and implement principles and beneficial effects thereof are similar, and are not described herein again.
All or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The aforementioned program may be stored in a readable memory. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned memory (storage medium) includes: read-only memory (ROM), random Access Memory (RAM), flash memory, hard disk, solid state disk, magnetic tape (magnetic tape), floppy disk (floppy disk), optical disk (optical disk), and any combination thereof.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications can be made in the embodiments of the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.
Claims (11)
1. A method for preventing wireless network attacks, comprising:
receiving indication information sent by a first access point, wherein the indication information is used for indicating a terminal device to disconnect network connection with the first access point;
judging whether the destination address indicated by the indication information is a broadcast address or not;
and if so, generating an early warning prompt.
2. The method of claim 1, wherein generating an early warning prompt comprises:
acquiring first characteristic information before the first access point sends the indication information;
acquiring second characteristic information after the first access point sends the indication information;
and generating the early warning prompt according to the first characteristic information and the second characteristic information.
3. The method of claim 2,
the first characteristic information comprises a strength indication RSSI of the first received signal and/or a first basic service set identification BSSID;
the second characteristic information includes a second RSSI, and/or a second BSSID.
4. The method of claim 3, wherein the first characteristic information is the first RSSI; acquiring first feature information before the first access point sends the indication information, wherein the first feature information comprises:
acquiring a first signal sent by the first access point, wherein the sending time of the first signal is earlier than that of the indication information;
and measuring the first signal to obtain the first RSSI.
5. The method according to any one of claims 2-4, wherein the warning prompt is generated according to the first characteristic information and the second characteristic information; the method comprises the following steps:
judging whether the first characteristic information is the same as the second characteristic information;
if yes, obtaining the reconnection times of the terminal equipment and the first access point, and generating the early warning prompt according to the reconnection times;
if not, when the terminal equipment is reconnected with the first access point, the reconnection is cancelled, and the early warning prompt is generated.
6. The method of claim 5, wherein the first characteristic information is the first RSSI and the second characteristic information is the second RSSI; judging whether the first characteristic information is the same as the second characteristic information, including:
determining a difference between the first RSSI and the second RSSI;
if the difference value is larger than or equal to a first preset threshold value, determining that the first RSSI is different from the second RSSI;
and if the difference value is smaller than the first preset threshold value, determining that the first RSSI is the same as the second RSSI.
7. The method of claim 5 or 6, wherein the warning prompt is generated according to the reconnection number; the method comprises the following steps:
judging whether the reconnection times are greater than a second preset threshold value or not;
and if so, canceling the reconnection and generating the early warning prompt when the terminal equipment is reconnected with the first access point.
8. The device for preventing wireless network attack is characterized by comprising a receiving module, a judging module and a generating module, wherein,
the receiving module is used for receiving indication information sent by a first access point, wherein the indication information is used for indicating that a terminal device is disconnected from the first access point;
the judging module is used for determining whether the destination address indicated by the indicating information is a broadcast address;
the generation module is used for generating an early warning prompt if the alarm is generated.
9. An electronic device, comprising: a processor, a memory;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored by the memory, causing the processor to perform the method of any of claims 1 to 7.
10. A computer-readable storage medium having computer-executable instructions stored thereon, which when executed by a processor, perform the method of any one of claims 1 to 7.
11. A computer program product, characterized in that it comprises a computer program which, when executed by a processor, implements the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211147252.8A CN115515140A (en) | 2022-09-19 | 2022-09-19 | Method, device, equipment and storage medium for preventing wireless network attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211147252.8A CN115515140A (en) | 2022-09-19 | 2022-09-19 | Method, device, equipment and storage medium for preventing wireless network attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115515140A true CN115515140A (en) | 2022-12-23 |
Family
ID=84505034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211147252.8A Pending CN115515140A (en) | 2022-09-19 | 2022-09-19 | Method, device, equipment and storage medium for preventing wireless network attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115515140A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008001972A1 (en) * | 2006-06-26 | 2008-01-03 | The Industry & Academic Cooperation In Chungnam National University | Method for proactively preventing wireless attacks and apparatus thereof |
| CN102238049A (en) * | 2011-08-08 | 2011-11-09 | 天津大学 | Method for detecting denial of service (DoS) attacks in media access control (MAC) layer |
| CN104320782A (en) * | 2014-10-27 | 2015-01-28 | 任子行网络技术股份有限公司 | WiFi signal blocking system and method |
| CN104333862A (en) * | 2013-07-22 | 2015-02-04 | 中国科学院信息工程研究所 | Fine granularity management and control method for wireless local area network |
| CN106658484A (en) * | 2016-11-15 | 2017-05-10 | 乐视控股(北京)有限公司 | Method for preventing wireless network attacks, terminal and wireless access point |
| CN109195166A (en) * | 2018-09-14 | 2019-01-11 | 厦门美图移动科技有限公司 | Internet access method and device |
| US10462672B1 (en) * | 2016-09-30 | 2019-10-29 | Symantec Corporation | Systems and methods for managing wireless-network deauthentication attacks |
-
2022
- 2022-09-19 CN CN202211147252.8A patent/CN115515140A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008001972A1 (en) * | 2006-06-26 | 2008-01-03 | The Industry & Academic Cooperation In Chungnam National University | Method for proactively preventing wireless attacks and apparatus thereof |
| CN102238049A (en) * | 2011-08-08 | 2011-11-09 | 天津大学 | Method for detecting denial of service (DoS) attacks in media access control (MAC) layer |
| CN104333862A (en) * | 2013-07-22 | 2015-02-04 | 中国科学院信息工程研究所 | Fine granularity management and control method for wireless local area network |
| CN104320782A (en) * | 2014-10-27 | 2015-01-28 | 任子行网络技术股份有限公司 | WiFi signal blocking system and method |
| US10462672B1 (en) * | 2016-09-30 | 2019-10-29 | Symantec Corporation | Systems and methods for managing wireless-network deauthentication attacks |
| CN106658484A (en) * | 2016-11-15 | 2017-05-10 | 乐视控股(北京)有限公司 | Method for preventing wireless network attacks, terminal and wireless access point |
| CN109195166A (en) * | 2018-09-14 | 2019-01-11 | 厦门美图移动科技有限公司 | Internet access method and device |
Non-Patent Citations (1)
| Title |
|---|
| 吴刚;薛质;: "针对WLAN的特定攻击手段与相关检测技术", 信息安全与通信保密, no. 07, 28 July 2006 (2006-07-28) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110445770B (en) | Network attack source positioning and protecting method, electronic equipment and computer storage medium | |
| CN104202729B (en) | The adding method of a kind of contact person, Apparatus and system | |
| CN105611534B (en) | Method and device for wireless terminal to identify pseudo-WiFi network | |
| WO2020057614A1 (en) | Message transmission method and device, terminal and storage medium | |
| US20150139211A1 (en) | Method, Apparatus, and System for Detecting Rogue Wireless Access Point | |
| CN115176488A (en) | Wireless intrusion prevention system, wireless network system including the same, and method of operating the wireless network system | |
| US20210282016A1 (en) | Denial of service attack detection and mitigation | |
| KR20220098777A (en) | Positioning information processing method, device and storage medium | |
| US10798125B2 (en) | System and method for network entity assisted honeypot access point detection | |
| CN106879076B (en) | Data transmission method and device | |
| US11689928B2 (en) | Detecting unauthorized access to a wireless network | |
| CN114828076A (en) | Wireless sensing measurement process management method, device, equipment and storage medium | |
| CN113784371A (en) | Communication method and device | |
| CN112153645B (en) | Method and device for preventing network from being rubbed and router | |
| CN109151790B (en) | Bluetooth device connection method and system based on network security | |
| CN111770094A (en) | Access control method of wireless network and related device | |
| CN109067764B (en) | Method and device for establishing equipment table entry | |
| CN115515140A (en) | Method, device, equipment and storage medium for preventing wireless network attack | |
| KR102285257B1 (en) | Apparatus and method for detection of wireless intrusion detection system using WiFi access point | |
| CN115150209A (en) | Data processing method, industrial control system, electronic device, and storage medium | |
| CN110139269B (en) | Code detection method and device of LTE terminal, code detection equipment and readable storage medium | |
| CN112203338B (en) | Networking method and device for wireless terminal | |
| CN113810427A (en) | Penetration testing method, terminal equipment and storage medium | |
| CN113810330A (en) | Method, device and storage medium for sending verification information | |
| CN112333053A (en) | Anti-network-rubbing method and device, routing equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |