CN1421772A - New system safety guarding method of observing invading scan behavior - Google Patents
New system safety guarding method of observing invading scan behavior Download PDFInfo
- Publication number
- CN1421772A CN1421772A CN 01129120 CN01129120A CN1421772A CN 1421772 A CN1421772 A CN 1421772A CN 01129120 CN01129120 CN 01129120 CN 01129120 A CN01129120 A CN 01129120A CN 1421772 A CN1421772 A CN 1421772A
- Authority
- CN
- China
- Prior art keywords
- port
- scan
- monitoring
- new
- invasion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention proposes one new method of observing invasion scan behavior and prevent port invasion. The method includes of establishing port monitoring, accepting, client side data request, closing monitoring scan connecting port and other execution programs. The method features the judgement of whether or not invasion scanning exists through closing monitoring scan port, altering port, etc; monitoring and recording scan information via the port; and blocking invasion scan behavior via continuous close of scan port and altering monitoring port. The method has the advantages of accurate judgment of invasion behavior, reliable scan information record, etc.
Description
Technical field:
The present invention relates to a kind of guard method of network security, definitely say so to relate to and a kind ofly can discover a kind of technical method that the invador is scanned behavior protection system safety effectively.
Background technology:
There is not a kind of instrument can as Internet, change the world in the world today, duty is sought in shopping from network, online transaction, online investment on the net, from the broadcasting bulletin system to E-mail, from the news report to the preview, sports and amusement, no matter minor matter or global major issue, almost all knowledge since the dawn of human civilization can obtain on the net, people more and more dependency network change oneself life, enjoy the huge facility that it brings.But,, come the threat on the automatic network also to increasingly sharpen in the behind of this prosperity; total some people puts law and gives and ignoring in the society for playing one's own game; utilize network to spy on other people secret, even be engaged in illegal activity, so network security protection has become the important topic of current network security work.Inbreak scan is the first step before the invador implements to attack, and also is the gimmick that they habitually practise.Because the service of each website all is disclosed, system must respond all requests, therefore generally can't judge whether the port of people in scanning oneself, like this, detection to port scanning also just becomes a great problem, the invador utilizes this point just, by using scanner that network objectives is carried out port scanning, the distribution of various tcp ports of target remote server and the service that provides can be provided with leaving no trace, be which kind of operating system, there is any known leak, their software versions, some information of service, also just can be indirectly or recognize the existing safety problem of distance host intuitively, for next step attack is prepared.If we can have the inbreak scan stage of a kind of way before intruder attack, just can perceive the scanning behavior of port invasion effectively, and the system manager sent warning information, just can take the precautionary measures timely and effectively, simultaneously also can be by the port scanning record, judge assailant's the source position of coming,, the track of offender of public security department is had very big help system manager's recovery system after attack.
Summary of the invention:
The objective of the invention is to: solve the difficult problem that the port scanning that exists at present detects, for the user provide a kind of can discover effectively the invasion scan line for and the source and the new method of taking precautions against, be that network security protection increases new technical measures.
The new method of discovering inbreak scan behavior protection system safety of the present invention; monitor by set up port at this machine; receive client data request; closing the executive routines such as scanning connectivity port of monitoring forms; it is characterized in that: after having closed the scanning connectivity port of monitoring; rebuild a new listening port; after new port is scanned connection again; close this port again; change a new listening port again, like this, be scanned and connect a port; just close this port at once; build new port again, so circulate, and note the information that is scanned at listening port; and send warning information to the system manager, recover initial listening port then.
The invention has the advantages that: 1. monitor, can judge the port that is scanned and note scanning information, provide preparation, also follow the trail of the invador and offer help for relevant department for the system manager takes precautions against the invasion attack by setting up port; 2. the change listening port by continuously is connected with the continuous scanning that is subjected to, and can judge the inbreak scan behavior exactly; 3. by constantly closing port and the new listening port of change that is scanned connection, can stop the port scanning intrusion behavior effectively.
Description of drawings:
The present invention has given the executive routine process flow diagram of discovering inbreak scan behavior protection system safety new method.
Embodiment:
Discovering the core of inbreak scan behavior protection system safety method, is to monitor by setting up port, for the continuous invasion port scanning that occurs, takes constantly to change the measure of listening port, stops up contingent port intrusion behavior.
Its concrete implementing measure is finished by following executive routine:
1, utilizing the serverSocket technology to set up a plurality of ports at this machine monitors.
Partial code: int port=5; ServerSocket ss=new ServerSocket (port);
2, wait for client (Client) request of data (Accept).
Partial code: Socket s=ss.accept ();
3, receive client-requested.
Partial code: if (s!=null) ...;
4, close serverSocket (port monitoring).
Partial code: ss.close ();
5, utilizing the serverSocket technology to add 5 algorithm by original port sets up new port and monitors.
Partial code: port+=5; ServerSocket ss=new ServerSocket (port);
6, judge whether the port numbers of monitoring has at present satisfied the program requirement.
Partial code: if (port==50) ...;
7, writing scan information.
Partial code: insertLog (IP);
8, send a warning message.
Partial code: sendAlert (EMAIL);
9, recovering initial port monitors.
Partial code: port=5; ServerSocket ss=new ServerSocket (port);
Claims (1)
1; a kind of new method of discovering inbreak scan behavior protection system safety; monitor by set up port at this machine; receive client data request; closing executive routines such as monitoring the scanning connectivity port forms; it is characterized in that: after having closed the scanning connectivity port of monitoring; rebuild a new listening port; after new port is scanned connection again; close this port again; reconstruct a new listening port again, like this, be scanned and connect a port; just close this port at once; build new port again, so circulate, and note the information that is scanned at listening port; and send warning information to the system manager, recover initial listening port then.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01129120 CN1421772A (en) | 2001-11-27 | 2001-11-27 | New system safety guarding method of observing invading scan behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01129120 CN1421772A (en) | 2001-11-27 | 2001-11-27 | New system safety guarding method of observing invading scan behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1421772A true CN1421772A (en) | 2003-06-04 |
Family
ID=4668915
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 01129120 Pending CN1421772A (en) | 2001-11-27 | 2001-11-27 | New system safety guarding method of observing invading scan behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1421772A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1917426B (en) * | 2005-08-17 | 2010-12-08 | 国际商业机器公司 | Port scanning method and device, port scanning detection method and device, port scanning system |
| CN101272286B (en) * | 2008-05-15 | 2010-12-15 | 上海交通大学 | Network inbreak event association detecting method |
| CN101902349B (en) * | 2009-05-27 | 2012-10-31 | 北京启明星辰信息技术股份有限公司 | Method and system for detecting scanning behaviors of ports |
| CN104967609A (en) * | 2015-04-28 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Intranet development server access method, intranet development server access device and intranet development server access system |
| CN109951368A (en) * | 2019-05-07 | 2019-06-28 | 百度在线网络技术(北京)有限公司 | Anti-scanning method, device, equipment and the storage medium of controller LAN |
| CN109995727A (en) * | 2017-12-30 | 2019-07-09 | 中国移动通信集团河北有限公司 | Penetration attack behavior active protection method, device, equipment and medium |
-
2001
- 2001-11-27 CN CN 01129120 patent/CN1421772A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1917426B (en) * | 2005-08-17 | 2010-12-08 | 国际商业机器公司 | Port scanning method and device, port scanning detection method and device, port scanning system |
| CN101272286B (en) * | 2008-05-15 | 2010-12-15 | 上海交通大学 | Network inbreak event association detecting method |
| CN101902349B (en) * | 2009-05-27 | 2012-10-31 | 北京启明星辰信息技术股份有限公司 | Method and system for detecting scanning behaviors of ports |
| CN104967609A (en) * | 2015-04-28 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Intranet development server access method, intranet development server access device and intranet development server access system |
| CN104967609B (en) * | 2015-04-28 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Intranet exploitation server access method, apparatus and system |
| CN109995727A (en) * | 2017-12-30 | 2019-07-09 | 中国移动通信集团河北有限公司 | Penetration attack behavior active protection method, device, equipment and medium |
| CN109995727B (en) * | 2017-12-30 | 2021-11-09 | 中国移动通信集团河北有限公司 | Active protection method, device, equipment and medium for penetration attack behavior |
| CN109951368A (en) * | 2019-05-07 | 2019-06-28 | 百度在线网络技术(北京)有限公司 | Anti-scanning method, device, equipment and the storage medium of controller LAN |
| CN109951368B (en) * | 2019-05-07 | 2021-07-30 | 百度在线网络技术(北京)有限公司 | Anti-scanning method, device, equipment and storage medium for controller local area network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109729180B (en) | Whole system intelligent community platform | |
| Liu | Architectures for intrusion tolerant database systems | |
| Sundaram | An introduction to intrusion detection | |
| Geer | Security technologies go phishing | |
| CN105391729A (en) | Web loophole automatic mining method based on fuzzy test | |
| CN110460611B (en) | Machine learning-based full-flow attack detection technology | |
| CN110443031A (en) | A kind of two dimensional code Risk Identification Method and system | |
| CN113032793A (en) | Intelligent reinforcement system and method for data security | |
| Goldstein et al. | Enhancing Security Event Management Systems with Unsupervised Anomaly Detection. | |
| CN111181918A (en) | TTP-based high-risk asset discovery and network attack tracing method | |
| CN101719846A (en) | Security monitoring method, device and system | |
| CN1421772A (en) | New system safety guarding method of observing invading scan behavior | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN110022305A (en) | Web portal security guard system and method | |
| KR100736540B1 (en) | Web defacement checker and checking method thereof | |
| Masri et al. | Using dynamic information flow analysis to detect attacks against applications | |
| CN107509200A (en) | Equipment localization method and device based on wireless network invasion | |
| Valeur et al. | An anomaly-driven reverse proxy for web applications | |
| CN113065026A (en) | Intelligent abnormal event detection system, method and medium based on security micro-service architecture | |
| CN113132370A (en) | Universal integrated safety pipe center system | |
| Herrerias et al. | A log correlation model to support the evidence search process in a forensic investigation | |
| CN104143064A (en) | Website data security system based on association analysis of database activity and web access | |
| Zhang | A comparative study on sanction system of cyber aider from perspectives of German and Chinese criminal law | |
| CN112491875B (en) | Intelligent tracking safety detection method and system based on account system | |
| Lin et al. | Automated analysis of multi-source logs for network forensics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |