JP2023118884A - Router, control program, terminal device, and communication system - Google Patents

Abstract

To prevent port opening not intended by users.SOLUTION: A router 11 relays communication based on setting between a WAN 18 and a LAN 19. The router 11 monitors a reception packet. When a monitoring result of the reception packet meets a predetermined condition, the router 11 gives the user a notification, and accepts consent information indicating that the user has consented to a setting change. The router 11 changes the setting of the router 11 according to an acceptance result of the consent information.SELECTED DRAWING: Figure 1

Description

The present invention relates to routers, control programs, terminal devices, and communication systems.

Conventionally, UPnP (Universal Plug and Play) is known as one of the protocols that enable participation in a computer network simply by connecting devices. Also, there is known a server that manages address information for a server under a router having a port forwarding function and enables access from a wide area network (Patent Document 1 below).

Japanese Patent Application Laid-Open No. 2004-266320

However, if the above-described conventional technology is abused, it is possible to cause the router to open an unauthorized port unintended by the user and intrude into the internal network from the wide area network side.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and an object of the present invention is to suppress unintended opening of a port by a user.

A router according to the present invention relays communication between a wide area network and a local area network based on settings, and includes a monitoring unit that monitors received packets, and a monitoring result obtained by the monitoring unit under a predetermined condition. a control unit that notifies the user when the conditions are satisfied, receives consent information indicating that the user has consented to the change of the setting, and changes the setting according to the acceptance result of the consent information; Be prepared.

A router control program according to the present invention causes a computer to function as the monitoring section and the control section of the router.

A terminal device according to the present invention is a terminal device capable of communicating with a router that relays communication between a wide area network and a local area network, when the result of monitoring received packets by the router satisfies a predetermined condition. a notification unit that notifies a user; a reception unit that receives from the user an operation indicating that the router setting change has been accepted after the notification by the notification unit; and a control unit for causing the router to change the setting accordingly.

A control program for a terminal device of the present invention is for causing a computer to function as the reception unit and the control unit of the terminal device.

A communication system of the present invention includes the router and the terminal device.

According to the present invention, it is possible to provide a router, a control program, a terminal device, and a communication system capable of suppressing port opening unintended by the user.

1 is a diagram showing a schematic configuration of a communication system 10 that is an embodiment of the present invention; FIG. 3 is a diagram showing a configuration example of a router 11; FIG. 2 is a diagram illustrating a configuration example of a terminal device 12; FIG. 5 is a flow chart showing an example of monitoring control processing by the router 11 of the first embodiment; 6 is a flow chart showing an example of consent confirmation processing by the terminal device 12 of the first embodiment; 4 is a flow chart showing an example of list management processing by the router 11 of Embodiment 1. FIG. 4 is a sequence diagram showing operation example 1 in the communication system 10 of embodiment 1. FIG. FIG. 11 is a sequence diagram showing an operation example 2 in the communication system 10 of the embodiment 1; FIG. 11 is a sequence diagram showing an operation example 3 in the communication system 10 of the embodiment 1; FIG. 10 is a diagram showing an example of display by the terminal device 12 in response to a push notification from the router 11 according to the first embodiment; 10 is a flow chart showing an example of monitoring control processing by the router 11 of the second embodiment; 10 is a flowchart showing an example of acceptance confirmation processing by the terminal device 12 of Example 2; FIG. 11 is a flow chart showing an example of list management processing by the router 11 of the second embodiment; FIG. FIG. 10 is a sequence diagram showing an operation example 1 in the communication system 10 of the second embodiment; FIG. 11 is a sequence diagram showing an operation example 2 in the communication system 10 of the second embodiment; FIG. 12 is a sequence diagram showing an operation example 3 in the communication system 10 of the embodiment 2; FIG. 10 is a diagram showing an example of display by the terminal device 12 in response to a push notification from the router 11 of the second embodiment; 14 is a flow chart showing an example of monitoring control processing by the router 11 of the embodiment 3; 14 is a flowchart showing an example of acceptance confirmation processing by the terminal device 12 of Example 3. FIG. FIG. 12 is a flowchart showing an example of port opening stop processing by the router 11 of the third embodiment; FIG. FIG. 11 is a sequence diagram showing an operation example in the communication system 10 of Example 3; FIG. 14 is a diagram showing an example of display by the terminal device 12 in response to a push notification from the router 11 of Example 3; FIG. 16 is a flow chart showing an example of access block processing by the router 11 of the fourth embodiment; FIG. FIG. 16 is a flow chart showing an example of acceptance confirmation processing by the terminal device 12 of Example 4; FIG. FIG. 16 is a flow chart showing an example of transmission source registration processing by the router 11 of the fourth embodiment; FIG. FIG. 12 is a sequence diagram showing an operation example 1 in the communication system 10 of the embodiment 4; FIG. 14 is a sequence diagram showing an operation example 2 in the communication system 10 of the embodiment 4; FIG. 14 is a diagram showing an example of display by the terminal device 12 in response to a push notification from the router 11 of Example 4;

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Schematic configuration of communication system 10 that is one embodiment of the present invention)
FIG. 1 is a diagram showing a schematic configuration of a communication system 10 that is one embodiment of the present invention. A communication system 10 includes a router 11 , a terminal device 12 , devices 13 and 14 and a server 15 .

The router 11 is connected to a WAN (Wide Area Network) 18 . The router 11 also forms a LAN (Local Area Network) 19 . The LAN 19 may be a LAN for wired communication or a wireless LAN for wireless communication. The router 11 relays communication between the WAN 18 and the LAN 19 based on its own settings.

Also, the router 11 has a UPnP function. UPnP is a function that opens ports according to request packets received from devices 13 and 14 connected to LAN 19 . The UPnP function in the router 11 includes, for example, a function related to UPnP-IGD (Internet Gateway Device) that defines the behavior of a router compatible with UPnP.

Port opening is a setting to transfer a specific port of a global IP address to a specific port of a specific private IP address in a fixed association. etc. is also called. Stopping port opening is to remove or disable this setting.

The terminal device 12 is a terminal possessed by a user who manages the router 11 . For example, the terminal device 12 can be connected to the WAN 18 and can communicate with the router 11 via the server 15 connected to the WAN 18 (for example, via the cloud). The terminal device 12 is a smart phone as an example.

The server 15 relays communications between the router 11 and the terminal device 12 . For example, the server 15 manages the network identifier (IP address, for example) of the terminal device 12 , and can send a push notification or the like to the terminal device 12 in response to a request from the router 11 . A push notification is a notification actively sent from a sender to a receiver.

Specifically, the server 15 acquires an identifier (application ID) specific to each application by communicating with the application installed in the terminal device 12 by the user. This application transmits this application ID to the router 11 when the terminal device 12 connects to the router 11, for example. This application ID is an example of a first identifier of the terminal device 12 that can be acquired by the controller of the router 11 . The IP address is an example of a second identifier that the server 15 uses for communication with the terminal device 12 . The router 11 transmits notification contents (notification information) to the server 15 together with the application ID. The server 15 transmits the content of the notification (based on the IP address) to the terminal device 12 having the corresponding application ID. This implements push notifications.

The server 15 may be a physical server device connected to the WAN 18 or a virtual server (cloud server) implemented using hardware connected to the WAN 18 . Communication between the router 11 and the terminal device 12 to be described below is performed via the server 15 .

The devices 13 and 14 are devices that connect to the LAN 19 and communicate with the WAN 18 via the router 11 . For example, each of the devices 13 and 14 includes various sensor devices such as web cameras and microphones, so-called smart home appliances such as televisions and refrigerators, NAS (Network Attached Storage), computer game machines, smartphones, tablet terminals, personal computers, etc., LAN 19 It can be various devices that can be connected to.

In the communication system 10 shown in FIG. 1, the router 11 monitors received packets from the LAN 19 side or the WAN 18 side. Then, when the monitoring result satisfies a predetermined condition, the router 11 notifies the user who owns the terminal device 12 of the security risk related to the change in the setting of the router 11, and the user sets the setting. Acceptance information to the effect that the change is accepted is received, and the setting of the router 11 is changed according to the acceptance result of the acceptance information. A specific example of processing by the router 11 will be described with reference to FIG. 4 and subsequent figures.

(Configuration example of router 11)
FIG. 2 is a diagram showing a configuration example of the router 11. As shown in FIG. The router 11 shown in FIG. 1 can be configured by the router device 20 shown in FIG. 2, for example.

The router device 20 includes a CPU (Central Processing Unit) 21, a ROM (Read Only Memory) 22, a RAM (Random Access Memory) 23, a WAN side communication module 24, a LAN side communication module 25, and an internal storage section 27. And prepare. The CPU 21 , ROM 22 , RAM 23 , WAN side communication module 24 , LAN side communication module 25 and internal storage unit 27 are connected by a common bus 26 .

The CPU 21 controls the overall operation of the router device 20 by executing a control program such as firmware read from the ROM 22 and stored in the RAM 23 . The ROM 22 stores control programs such as the aforementioned firmware and various setting data. The RAM 23 operates as a work memory for the router device 20 and temporarily stores various control programs and various data.

The WAN-side communication module 24 is a module that accesses the WAN 18 and communicates with other communication devices connected to the WAN 18 . The WAN-side communication module 24 is, for example, a communication module conforming to TCP/IP (Transmission Control Protocol/Internet Protocol).

The LAN side communication module 25 is a module that forms the LAN 19 and communicates with other communication devices (for example, the devices 13 and 14) connected to the LAN 19. FIG. The LAN-side communication module 25 may be, for example, a wireless communication module conforming to the IEEE (Institute of Electrical and Electronics Engineers) 802.11 standard, or a wired communication module conforming to the IEEE 802.3 standard. , may include both.

The internal storage unit 27 includes an internal storage 27a and an internal storage interface (I/F) 27b. The internal storage 27a is, for example, a non-volatile semiconductor memory such as flash memory or a hard disk drive. An application control program and various data files used in the router device 20 are stored in the internal storage 27a. The internal storage interface 27b controls data reading or writing when receiving a data reading or writing command for the internal storage 27a.

The monitoring unit 20a is a monitoring unit of the present invention that monitors received packets. When the result of monitoring by the monitoring unit 20a satisfies a predetermined condition, the control unit 20b notifies the user, receives consent information indicating that the user has consented to changing the setting, and receives the consent information. It is the control part of this invention which changes a setting according to a result. Each of the monitoring unit 20a and the control unit 20b is configured by, for example, the CPU 21 and at least one of the WAN side communication module 24 and the LAN side communication module 25. FIG.

(Configuration example of terminal device 12)
FIG. 3 is a diagram showing a configuration example of the terminal device 12. As shown in FIG. The terminal device 12 shown in FIG. 1 can be configured by the terminal device 30 shown in FIG. 3, for example.

The terminal device 30 includes a CPU 31, a ROM 32, a RAM 33, a liquid crystal driver 34a, a liquid crystal panel 34b, a communication module 35, an operation interface (I/F) 36, an internal storage unit 37, and a USB (Universal Serial Bus). ) controller 38a and USB connector 38b.

The CPU 31, ROM 32, RAM 33, liquid crystal driver 34a, communication module 35, operation interface 36, internal storage section 37, and USB controller 38a are connected by a common bus 39, respectively.

The CPU 31 controls the overall operation of the terminal device 30 by executing a control program such as firmware read from the ROM 32 and stored in the RAM 33 . The ROM 32 stores control programs such as firmware and various setting data. The RAM 33 operates as a work memory of the terminal device 30 and temporarily stores various control programs and data.

The liquid crystal panel 34b is a display unit that displays an image. When the liquid crystal driver 34a receives the data forming the display screen, it drives the liquid crystal panel 34b so as to display the display screen in the display area of the liquid crystal panel 34b. The liquid crystal panel 34b may be a built-in display provided in the main body of the terminal device 30, or may be an external display externally attached to the main body of the terminal device 30. FIG.

The communication module 35 is a module that performs wireless or wired communication with another communication device (for example, the server 15). For example, the communication module 35 is a cellular module or the like that can be connected to the WAN 18 via a mobile communication network by cellular wireless communication such as 3G, LTE (Long Term Evolution), 4G, and 5G.

Also, the communication module 35 may include a LAN-side communication module that accesses the LAN 19 . This LAN side communication module may be, for example, a wireless communication module conforming to the IEEE802.11 standard, or a wired communication module conforming to the IEEE802.3 standard.

The operation interface 36 is a user interface, such as a keyboard and a mouse, for user operations. Further, the operation interface 36 may be a touch panel or the like integrated with the liquid crystal panel 34b.

The internal storage unit 37 includes an internal storage 37a and an internal storage interface (I/F) 37b. The internal storage 37a is, for example, a non-volatile semiconductor memory such as flash memory or a hard disk drive. The internal storage 37a stores various files such as application control programs, document files, sound files, image files, and moving image files used in the terminal device 30 . The internal storage interface 37b controls data reading or writing when receiving a data reading or writing command for the internal storage 37a.

The internal storage 37a may be a removable non-volatile memory card. In this case, the internal storage interface 37b further comprises a memory card slot into which this memory card is installed.

The USB controller 38a transmits and receives data to and from a USB device connected via the USB connector 38b according to various USB standards.

The notification unit 30a is a notification unit of the present invention that notifies the user. The notification unit 30a is composed of, for example, a CPU 31 and a liquid crystal panel 34b. The receiving unit 30b is a receiving unit of the present invention that receives from the user an operation indicating that the change of the setting of the router 11 has been accepted after the notification by the notification unit 30a. The reception unit 30b is configured by the CPU 31 and the operation interface 36, for example.

The control unit 30c is a control unit of the present invention that causes the router 11 to change the setting according to the reception result by the reception unit 30b. The control unit 30c is configured by the CPU 31 and the communication module 35, for example.

<Example 1>
In the first embodiment, an example in which the router 11 performs a warning type dangerous UPnP block will be described. A warning-type dangerous UPnP block blocks (or temporarily permits) a request to open a port that is judged to be dangerous. It confirms the permission/refusal of the opening of the

(Monitoring and Control Processing by Router 11 of Embodiment 1)
FIG. 4 is a flow chart showing an example of monitoring control processing by the router 11 of the first embodiment. The router 11 executes, for example, the processing shown in FIG. 4 while relaying communication between the WAN 18 and the LAN 19 .

First, the router 11 uses the UPnP-IGD function to determine whether or not an AddPortMapping request has been received from a device on the LAN 19 side (for example, the devices 13 and 14) (step S41), and waits until an AddPortMapping request is received (step S41: No loop). The AddPortMapping request is a packet specifying a port number and requesting release of the port indicated by the port number, and is an example of a packet received from the LAN 19 side.

At step S41, when the AddPortMapping request is received (step S41: Yes), the router 11 determines whether or not the address of the sender of the AddPortMapping request is in the prohibited device list (step S42). This sender address is, for example, at least one of the sender's IP address and MAC (Media Access Control) address.

The prohibited device list is a list of devices, among the devices connected to the LAN 19, for which the user has prohibited port opening by UPnP. The prohibited device list may be stored in the memory of the router 11 (for example, the ROM 22, RAM 23, or internal storage 27a shown in FIG. 2), or may be stored in another device accessible from the router 11.

In step S42, if the address of the sender is in the prohibited device list (step S42: Yes), the router 11 returns an error response to the sender of the received AddPortMapping request and discards the AddPortMapping request ( Step S43) and returns to step S41.

In step S42, if the source address is not in the prohibited device list (step S42: No), the router 11 determines that the IP address of the source of the received AddPortMapping request matches the value of NewInternalClient included in the AddPortMapping request. It is determined whether or not they match (step S44). NewInternalClient stores the local IP address of the device whose port is to be opened.

In step S44, if the address of the sender does not match NewInternalClient (step S44: No), the sender of the AddPortMapping request received by the router 11 is requesting port opening for a device different from itself. The AddPortMapping request can be malicious (bad intent) and dangerous.

In this case, the router 11 determines whether or not the address of the sender of the received AddPortMapping request is in the permitted device list (step S45). This source address is, for example, at least one of a source IP address and a source MAC address. The permitted device list is a list of devices, among the devices connected to the LAN 19, for which the user has permitted port opening by UPnP. The permitted device list may be stored in the memory of router 11 or may be stored in another device accessible from router 11 .

In step S45, if the address of the transmission source is not in the permitted device list (step S45: No), the router 11 blocks the UPnP request by the received AddPortMapping request, and notifies the terminal device 12 that the UPnP request is blocked. (step S46) and returns to step S41. In the push notification of step S46, the router 11 transmits to the terminal device 12, for example, the source of the AddPortMapping request (that is, the source of the request to open the port) and information indicating the risk of opening the port. This push notification is an example of a security risk notification regarding a setting change (port opening).

In step S44, if the source address matches NewInternalClient (step S44: Yes), the router 11 determines whether the port setting requested by the received AddPortMapping request is in the dangerous setting list. (step S47). The risk setting list may be stored in the memory of router 11 or may be stored in another device accessible from router 11 .

For example, a dangerous settings list is a list of port settings that are known to be dangerous. The port setting includes setting of a transmission source for which communication is permitted, setting of a combination of a port to be opened and a protocol, and the like. For example, among settings of transmission sources that permit communication, dangerous settings include settings that permit communication from all devices. When such settings are made, devices all over the world can access the devices 13 and 14 on the LAN 19 .

Dangerous combinations of open ports and protocols include SSH (Secure Shell) port (22/TCP), Telnet port (23/TCP), HTTP (Hypertext Transfer Protocol) port (80, 443), etc. Various are known. The port to be opened is the port indicated by at least one of NewInternalPort (LAN side port number) and NewExternalPort (WAN side port number) included in the AddPortMapping request.

Also, the port settings included in the dangerous setting list may be updated as appropriate using a list reported by research and development institutions such as NICT (National Institute of Information and Communications Technology). This update may be performed automatically, for example, by the router 11 accessing the list or the like reported by the research and development institute or the like via a network such as the WAN 18, or may be performed by user operation. . Also, this list or the like may be provided through a network as list information, or may be provided by being incorporated in firmware or the like.

In step S47, if the port setting is in the dangerous setting list (step S47: Yes), the router 11 proceeds to step S45. If the port setting is not in the dangerous setting list (step S47: No), the router 11 opens the port according to the received AddPortMapping request (step S48), and returns to step S41.

In step S45, if the address of the transmission source is in the permitted device list (step S45: Yes), the router 11 proceeds to step S48 and opens the port.

(Consent Confirmation Processing by Terminal Device 12 of Embodiment 1)
FIG. 5 is a flow chart showing an example of acceptance confirmation processing by the terminal device 12 of the first embodiment. The terminal device 12 executes the processing shown in FIG. 5, for example, in a state in which communication with the router 11 is possible.

First, the terminal device 12 determines whether or not there is a push notification from the router 11 (step S51), and waits until there is a push notification from the router 11 (step S51: No loop). In step S51, when there is a push notification from the router 11 (step S51: Yes), the terminal device 12 identifies the source of the port opening request and the risk of opening the port based on the information received from the router 11 in the push notification. display (step S52). An example of display in step S52 will be described later with reference to FIG.

The terminal device 12 also accepts an operation of selecting permission or prohibition of port opening by UPnP for the displayed port opening request source (see FIG. 10, for example). Next, the terminal device 12 determines whether or not the user has selected prohibition of port opening by UPnP (UPnP prohibition) (step S53).

In step S53, if the user selects UPnP prohibition (step S53: Yes), the terminal device 12 transmits a prohibited device list registration request to the router 11 (step S54), and returns to step S51. The prohibited device list registration request is a packet requesting the router 11 to register the port opening request source displayed in step S52 in the prohibited device list.

If UPnP prohibition is not selected in step S53 (step S53: No), the terminal device 12 determines whether or not the user has selected port opening permission by UPnP (UPnP permission) (step S55). .

In step S55, if the user selects UPnP permission (step S55: Yes), the terminal device 12 transmits a permission device list registration request to the router 11 (step S56), and returns to step S51. The permitted device list registration request is a packet requesting the router 11 to register the port opening request source displayed in step S52 in the permitted device list, and is an example of consent information indicating that the user has consented to the change of the setting. is.

In step S55, if UPnP permission is not selected (step S55: No), the terminal device 12 returns to step S51. As a result, when there is no explicit consent from the user, it is possible to prevent the port opening request source from being registered in the permitted device list, thereby suppressing the port opening.

(List management processing by router 11 of embodiment 1)
FIG. 6 is a flow chart showing an example of list management processing by the router 11 of the first embodiment. The router 11 executes, for example, the processing shown in FIG. 6 in parallel with the processing shown in FIG.

First, the router 11 determines whether or not a prohibited device list registration request has been received from the terminal device 12 (step S61). When the prohibited device list registration request is received (step S61: Yes), the router 11 determines whether or not there is a port that the router 11 is open to the target device of the prohibited device list registration request ( step S62).

In step S62, if there is no open port (step S62: No), the router 11 proceeds to step S64. If there is an open port (step S62: Yes), the router 11 stops opening that port (step S63). As a result, if the port of a device for which the user has selected UPnP prohibition has been manually opened in the past, the port can be stopped.

Next, the router 11 registers the target device of the prohibited device list registration request in the prohibited device list (step S64), and returns to step S61. As a result, even if the device issues an AddPortMapping request again, the AddPortMapping request is discarded without notifying the user by the processing shown in FIG. Registration of a device in the prohibited device list is performed, for example, by adding at least one of the IP address and MAC address of the device to the prohibited device list.

In step S61, if the prohibited device list registration request has not been received (step S61: No), the router 11 determines whether or not the permitted device list registration request has been received from the terminal device 12 (step S65). If the permitted device list registration request has not been received (step S65: No), the router 11 returns to step S61.

In step S65, when the permitted device list registration request is received (step S65: Yes), the router 11 registers the device for which the permitted device list registration request is requested in the permitted device list (step S66), and returns to step S61. . As a result, when an AddPortMapping request is made again from the device, the port is opened according to the AddPortMapping request by the processing shown in FIG. 4 without notifying the user. Registration of a device in the permitted device list is performed, for example, by adding at least one of the IP address and MAC address of the device to the permitted device list.

(Example of operation in communication system 10 of embodiment 1)
FIG. 7 is a sequence diagram showing operation example 1 in the communication system 10 of the first embodiment. In the example shown in FIG. 7, it is assumed that the device 13 is programmed with an unauthorized program by a malicious third party. It is also assumed that the device 13 is neither registered in the prohibited device list nor the permitted device list.

First, it is assumed that the device 13 connected to the LAN 19 transmits an AddPortMapping request to the router 11 to open a port unintended by the user of the router 11 by the above-described unauthorized program (step S71).

Next, the router 11 judges the risk of the AddPortMapping request received in step S71 (step S72). This risk judgment is, for example, judgment by steps S42, S44, S45, and S47 shown in FIG. In the example shown in FIG. 7, it is assumed in step S47 shown in FIG. 4 that the port setting requested by this AddPortMapping request is found in the dangerous setting list.

Next, since the device 13 is not registered in the permitted device list, the router 11 blocks the UPnP request by this AddPortMapping request in step S46 shown in FIG. Notification is made to the terminal device 12 (step S73).

Next, based on the push notification in step S73, the terminal device 12 confirms that the identifier of the device 13 (requesting device) or that the port setting for opening the port requested by the device 13 is dangerous (i.e., opening the port). risk) is displayed (step S74).

Next, the terminal device 12 accepts the selection of port opening permission or prohibition displayed in step S74 (step S75). Here, it is assumed that the user selects prohibition of port opening (UPnP prohibition).

Next, the terminal device 12 transmits a prohibited device list registration request for the device 13 to the router 11 (step S76). Next, the router 11 registers the device 13 in the prohibited device list (step S77), and terminates the series of processes. As a result, even if the device 13 transmits the AddPortMapping request to the router 11 again, the AddPortMapping request is discarded without notifying the user.

FIG. 8 is a sequence diagram showing an operation example 2 in the communication system 10 of the first embodiment. In the example shown in FIG. 8, it is assumed that the device 14 shown in FIG. It is also assumed that the device 14 is neither registered in the prohibited device list nor the permitted device list.

First, it is assumed that the device 14 connected to the LAN 19 transmits an AddPortMapping request to the router 11 by normal UPnP operation (step S81).

Next, the router 11 judges the risk of the AddPortMapping request received in step S81 (step S82). The determination in step S82 is the same as the determination in step S72 shown in FIG. In the example shown in FIG. 8, it is assumed in step S82 that the port setting requested by this AddPortMapping request is found in the dangerous setting list.

Next, since the device 14 is not registered in the permitted device list at this time, the router 11 blocks the UPnP request by this AddPortMapping request in step S46 shown in FIG. A push notification is sent to the terminal device 12 (step S83).

Steps S84 and S85 are the same as steps S74 and S75 shown in FIG. However, in step S85, it is assumed that the user selects port opening permission (UPnP permission).

Next, the terminal device 12 transmits a permitted device list registration request for the device 14 to the router 11 (step S86). Next, the router 11 registers the device 14 in the permitted device list (step S87), and ends the series of processes. As a result, when the device 14 transmits the AddPortMapping request to the router 11 again, the port is opened according to the AddPortMapping request without notifying the user (see FIG. 9).

FIG. 9 is a sequence diagram showing an operation example 3 in the communication system 10 of the first embodiment. In the example shown in FIG. 9, the case where the device 14 transmits the AddPortMapping request to the router 11 again after the operation example 2 shown in FIG. 8 will be described.

First, it is assumed that the device 14 retransmits the AddPortMapping request to the router 11 by the operation of UPnP because the port was not opened in response to the AddPortMapping request in step S81 shown in FIG. 8 (step S91).

Next, the router 11 judges the risk of the AddPortMapping request received in step S91 (step S92). The determination in step S92 is the same as the determination in step S72 shown in FIG. In the example shown in FIG. 9, the AddPortMapping request in the example shown in FIG. 8 is sent again, and similarly to the example shown in FIG. be done.

However, since the device 14 is registered in the permitted device list at this time, the router 11 opens the port in response to this AddPortMapping request (step S93) in step S48 shown in FIG. finish. This enables the device 14 to communicate with the device on the WAN 18 side via the router 11 .

(Display by terminal device 12 in response to push notification from router 11 in embodiment 1)
FIG. 10 is a diagram showing an example of display by the terminal device 12 in response to the push notification from the router 11 of the first embodiment. As shown in FIG. 10, the terminal device 12 is a smart phone and has a touch panel 12a. For example, in step S52 shown in FIG. 5, the terminal device 12 displays the screen 100 on the touch panel 12a.

A screen 100 displays a message "You are trying to open a port that has a security problem. Do you want to open this port?", a character string indicating the source device of the AddPortMapping request, A string indicating the port being requested. This allows the user to recognize that there is a port opening request that is judged to be dangerous, the source of the request, and the port that is being requested to be opened, and whether or not they are intended. can be judged.

The screen 100 also includes a prohibit button 101 and a permit button 102 . The prohibition button 101 is a button for the user to select prohibition of port opening by UPnP for the displayed port opening request source. The determination in step S53 shown in FIG. 5 is, for example, determination of whether or not the prohibition button 101 has been touched by the user.

The permission button 102 is a button for the user to select permission of port opening by UPnP for the displayed port opening request source. The determination in step S55 shown in FIG. 5 is, for example, determination of whether or not the permission button 102 has been touched by the user.

In addition, even if the screen 100 includes a message or the like prompting the user to confirm that the user name and password for accessing from the outside are appropriately set for the displayed device requesting port opening. good.

In addition, instead of the above information, the screen 100 displays, for example, "Device XX uses port YY and requests to publish the device on the Internet. If this port does not perform appropriate access restrictions, , There have been many reports of abuse on the Internet.If communication from the Internet is necessary, we strongly recommend that you set the user name and password of the device appropriately and allow it. ' may be included. In this way, by notifying the user of the specific risks of not restricting access, the user can determine whether or not to allow port opening after recognizing the specific risks. In addition, by notifying the user of recommended countermeasures when access is not restricted, it is possible for the user to take appropriate measures even when opening a risky port intentionally.

As shown in FIGS. 4 to 10, when the received packet is a packet (AddPortMapping request) requesting opening of a port included in a predetermined list (dangerous port list), the router 11 of the first embodiment Then, it notifies the user, accepts consent information indicating that the user has consented to opening the port (permitted device list registration request), and opens the port according to the acceptance result of the consent information.

Thereby, the port can be opened only when there is consent from the user who understands the security risk of opening the port determined to be dangerous. Therefore, unintentional and dangerous port opening by the user can be suppressed.

Also, the router 11 notifies the user by communicating with the terminal device 12 via the server 15 that manages the network identifier of the terminal device 12 . Also, the router 11 receives consent information by communicating with the terminal device 12 via the server 15 . As a result, even if the terminal device 12 is a smartphone or the like to which an IP address is not fixedly assigned, it is possible to notify the user and accept consent information.

In addition, in the first embodiment, when the router 11 performs push notification to the terminal device 12, it once blocks the UPnP request from the device, and when it receives the permitted device list registration request from the terminal device 12, it again receives the request from the device. Although the process of opening a port when there is an AddPortMapping request has been described, the process is not limited to this. For example, when the router 11 performs a push notification to the terminal device 12, the router 11 holds the UPnP request from the device, and upon receiving the permitted device list registration request from the terminal device 12, the held UPnP request is processed. It is also possible to open the port based on the

<Example 2>
In the second embodiment, an example in which the router 11 implements a proactive risky UPnP block will be described. Proactive Dangerous UPnP Block sends a packet that imitates access to the port to the corresponding device on the LAN side when there is a request to open a port that is judged to be dangerous, thereby preventing security problems ( password, encryption method, etc.), and if there is a problem, block the open request or warn the user. It should be noted that the proactive type means a type of action that is voluntarily performed.

(Monitoring and Control Processing by Router 11 of Embodiment 2)
FIG. 11 is a flow chart showing an example of monitoring control processing by the router 11 of the second embodiment. The router 11 performs, for example, the processing shown in FIG. 11 while relaying communication between the WAN 18 and the LAN 19 .

First, the router 11 uses the UPnP-IGD function to determine whether or not an AddPortMapping request has been received (step S111), and waits until an AddPortMapping request is received (step S111: No loop).

At step S111, when the AddPortMapping request is received (step S111: Yes), the router 11 determines whether or not the port setting requested by the received AddPortMapping request is in the dangerous setting list (step S112). The determination in step S112 is similar to the determination in step S47 shown in FIG. 4, for example.

In step S112, if the port setting is not in the dangerous setting list (step S112: No), the router 11 proceeds to step S116 and opens the port. If the port setting is in the dangerous setting list (step S112: Yes), the router 11 determines whether the address of the sender of the received AddPortMapping request is in the permitted device list (step S113). The determination in step S113 is the same as the determination in step S45 shown in FIG. 4, for example.

In step S113, if the address is in the permitted device list (step S113: Yes), the router 11 proceeds to step S116 and opens the port. If the address is not in the permitted device list (step S113: No), the router 11 performs a security check on the target device requesting port opening by the received AddPortMapping request (step S114).

The security check in step S114 is detection of vulnerability in communication by the target device. Vulnerability is a security problem, and is defined, for example, in ISO/IEC27000:2009, which defines an outline and basic terms for ISMS (Information Security Management System) standards. be.

The security check is, for example, checking whether or not an appropriate password is set and whether or not appropriate encryption is applied. For example, the router 11 transmits a packet mimicking access from a device on the WAN 18 side to the target device to the device on the LAN side, and performs a security check by trying to authenticate the device.

Specifically, the router 11 accesses the target device using the port requested to be opened by the received AddPortMapping, and uses a predetermined dangerous combination of username and password (for example, username “admin” and password "password") to attempt authentication. Also, the router 11 may attempt authentication for multiple combinations of such dangerous usernames and passwords. Then, when the authentication is successful, the router 11 determines that there is a security problem (vulnerability).

Dangerous user names include factory-set user names such as “admin” and “user”. Dangerous passwords include, for example, passwords such as "pass" and "0123" that are set at the time of shipment from the factory, and passwords that consist only of common words such as "welcome."

Moreover, determination of a dangerous password is not limited to determination of match with a specific character string. For example, the router 11 determines that a password with a certain number of characters or less is dangerous, a password with a specific character type (for example, a password consisting only of numbers) is dangerous, or a combination of these determination methods. You may

Also, the router 11 determines whether or not the communication method of the target device by the port requested to be opened by the received AddPortMapping is a communication method in which appropriate encryption is performed, such as SSL (Secure Sockets Layer). An optional security check may be performed.

Next, the router 11 determines whether or not there is a security problem with the target device based on the result of the security check in step S114 (step S115). If there is no security problem (step S115: No), the router 11 proceeds to step S116. The process of step S116 is the same process as step S48 shown in FIG. 4, for example.

At step S115, if there is a security problem (step S115: Yes), the router 11 proceeds to step S117. Step S117 is the same process as step S46 shown in FIG. 4, for example. However, in the push notification of step S117, the router 11 transmits to the terminal device 12, for example, information indicating the security problem discovered by the security check and the source of the port opening request.

(Consent confirmation processing by the terminal device 12 of the second embodiment)
FIG. 12 is a flow chart showing an example of acceptance confirmation processing by the terminal device 12 of the second embodiment. The terminal device 12 executes, for example, the processing shown in FIG. 12 in a state in which communication with the router 11 is possible.

First, the terminal device 12 determines whether or not there is a push notification from the router 11 (step S121), and waits until there is a push notification from the router 11 (step S121: No loop).

In step S121, if there is a push notification from the router 11 (step S121: Yes), the terminal device 12, based on the information received from the router 11 in the push notification, checks security problems discovered by the security check, port The device that requested release is displayed (step S122). An example of the display in step S122 will be described later with reference to FIG.

Next, the terminal device 12 moves to step S123. Steps S123 and S124 are the same as steps S55 and S56 shown in FIG. 5, for example.

(List management processing by router 11 of embodiment 2)
FIG. 13 is a flow chart showing an example of list management processing by the router 11 of the second embodiment. The router 11 executes, for example, the process shown in FIG. 13 in parallel with the process shown in FIG.

First, the router 11 determines whether or not the permitted device list registration request is received from the terminal device 12 (step S131), and waits until the permitted device list registration request is received (step S131: No loop). When the permitted device list registration request is received (step S131: Yes), the router 11 registers the target device of the permitted device list registration request in the permitted device list (step S132), and returns to step S131.

Registration in the permitted device list in step S132 is similar to registration in the permitted device list in step S66 shown in FIG. 6, for example. As a result, when an AddPortMapping request is made again from the target device, the port is opened according to the AddPortMapping request by the processing shown in FIG. 11 without notifying the user.

(Example of operation in communication system 10 of embodiment 2)
FIG. 14 is a sequence diagram showing operation example 1 in the communication system 10 of the second embodiment. In the example shown in FIG. 14, it is assumed that the device 13 is programmed with an unauthorized program by a malicious third party. It is also assumed that the device 13 is not registered in the permitted device list.

Steps S141 and S142 are the same as steps S71 and S72 shown in FIG. However, the risk judgment in step S142 is, for example, the judgment in steps S112 and S113 shown in FIG. In the example shown in FIG. 14, it is assumed in step S112 shown in FIG. 11 that the port setting requested by this AddPortMapping request is found in the dangerous setting list.

Next, at step S114 shown in FIG. 11, the router 11 performs a security check on the device 13 whose release is requested by this AddPortMapping request (step S143). In the example shown in FIG. 14, it is assumed that a security problem is found in the device 13 in the security check in step S143.

In this case, the router 11 blocks the UPnP request in step S141 and sends a push notification notifying that the UPnP request has been blocked to the terminal device 12 (step S144).

Next, the terminal device 12 displays the security problem discovered by the security check and the identifier of the device 13 (port opening request source) based on the push notification of step S144 (step S145).

Next, the terminal device 12 accepts the selection of permission to open the port displayed in step S145 (step S146). Here, it is assumed that the user did not select permission to open the port (no selection).

In this case, the terminal device 12 does not send the permitted device list registration request to the router 11 . As a result, even if the device 13 sends an AddPortMapping request to the router 11 again to make a UPnP request, the UPnP request is blocked again. In addition, the user can take measures such as changing the settings of the target device with respect to the security problem displayed in step S145.

FIG. 15 is a sequence diagram showing operation example 2 in the communication system 10 of the second embodiment. In the example shown in FIG. 15, it is assumed that the device 14 shown in FIG. It is also assumed that the device 14 is not registered in the permitted device list.

First, it is assumed that the device 14 connected to the LAN 19 transmits an AddPortMapping request to the router 11 by normal UPnP operation (step S151).

Steps S152-S156 are the same as steps S142-S146 shown in FIG. That is, in this case as well, it is determined that the port setting requested by the AddPortMapping request is on the dangerous setting list, and a security problem has been found in the device 14 .

However, in step S156, it is assumed that the user intends to open the port by the device 14 and therefore selects permission to open the port (UPnP permission). In this case, the terminal device 12 transmits a permitted device list registration request for the device 14 to the router 11 (step S157). Next, the router 11 registers the device 14 in the permitted device list (step S158), and ends the series of processes.

As a result, when the device 14 transmits the AddPortMapping request to the router 11 again, the port is opened according to the AddPortMapping request without notifying the user (see FIG. 16). In addition, the user can take measures such as changing the settings of the target device with respect to the security problem displayed in step S155.

FIG. 16 is a sequence diagram showing an operation example 3 in the communication system 10 of the second embodiment. In the example shown in FIG. 16, the case where the device 14 transmits the AddPortMapping request to the router 11 again after the operation example 2 shown in FIG. 15 will be described.

First, it is assumed that the device 14 transmits an AddPortMapping request to the router 11 by normal UPnP operation (step S161). Next, the router 11 judges the risk of the AddPortMapping request received in step S161 (step S162).

The determination in step S162 is the same as the determination in step S142 shown in FIG. In the example shown in FIG. 16, the AddPortMapping request in the example shown in FIG. 15 is sent again, and it is determined that the port setting requested by this AddPortMapping request is in the dangerous setting list, as in the example shown in FIG. Suppose it was

However, since the device 14 is registered in the permitted device list at this time, the router 11 opens the port in response to this AddPortMapping request (step S163) in step S116 shown in FIG. finish.

(Display by terminal device 12 in response to push notification from router 11 in embodiment 2)
FIG. 17 is a diagram illustrating an example of display by the terminal device 12 in response to the push notification from the router 11 of the second embodiment. As shown in FIG. 17, the terminal device 12 is a smart phone and has a touch panel 12a. For example, in step S122 shown in FIG. 12, the terminal device 12 displays a screen 170 on the touch panel 12a.

A screen 170 displays a message "A device with a problem with the password or encryption method has been detected. Do you want to allow this device to open the port?" and a character string indicating the source device of the AddPortMapping request. include. As a result, the user can recognize that a release request has been made for a device with a security problem and the source of the request, and can review the security-related settings of the device. Screen 170 may also include a message such as "The password has not been set from the initial value" according to the result of the security check.

Screen 170 also includes a permission button 102 . The permission button 102 is a button for the user to select permission of port opening by UPnP for the displayed port opening request source. The determination in step S123 shown in FIG. 12 is, for example, determination of whether or not the permission button 102 has been touched by the user.

Also, instead of the above information, the screen 170 displays, for example, "Device XX uses port YY and requests to publish the device on the Internet. Authentication information (user (name, password, etc.) can be easily guessed by attackers, so many cases of abuse on the Internet have been reported.When communication from the Internet is necessary, the user name and password of the device It is strongly recommended that you set the appropriate settings and allow it." In this way, by specifically notifying the user of the vulnerability discovered by the security check, the user can determine whether or not to allow port opening after recognizing the specific vulnerability. . In addition, by notifying users of countermeasures to eliminate vulnerabilities when access is not restricted, users can take countermeasures to eliminate vulnerabilities even if they intentionally open risky ports. becomes possible to do.

As shown in FIGS. 11 to 17, the router 11 of the second embodiment receives a packet requesting opening of a port included in a predetermined list (dangerous port list), and If the vulnerability of the corresponding device is detected, accept the consent information (approved device list registration request) that the user has consented to opening the port, and set the port to open when the consent information is accepted. conduct.

As a result, if there is a vulnerability in opening a port that has been determined to be dangerous, the port can be opened only when there is consent from the user who understands the security risk. Therefore, unintentional and dangerous port opening by the user can be suppressed.

Detection of vulnerability of a device corresponding to a port is performed, for example, by accessing the device through the port. Specifically, the router 11 detects vulnerability by attempting to authenticate the device using a combination of a predetermined user name (identifier) and password. Alternatively, the router 11 may detect vulnerability by attempting to authenticate the device using either a predetermined user name (identifier) or password. Alternatively, the router 11 may detect vulnerability by determining whether the communication method of the device is a specific communication method. Alternatively, the router 11 may detect vulnerabilities by combining these methods.

In the second embodiment, when the router 11 performs push notification to the terminal device 12, it once blocks the UPnP request from the device, and when it receives the permitted device list registration request from the terminal device 12, Although the process of opening a port when there is an AddPortMapping request has been described, the process is not limited to this. For example, when the router 11 performs a push notification to the terminal device 12, the router 11 holds the UPnP request from the device, and upon receiving the permitted device list registration request from the terminal device 12, the held UPnP request is processed. It is also possible to open the port based on the

<Example 3>
In the third embodiment, an example in which the router 11 issues an unused UPnP port warning will be described. Unused UPnP port warning will ask the user if a port that is considered unnecessary is open, such as no data communication for a certain period of time, even if the port map request is permitted to use. It is.

(Monitoring control processing by router 11 of embodiment 3)
FIG. 18 is a flow chart showing an example of monitoring control processing by the router 11 of the third embodiment. The router 11 executes, for example, the processing shown in FIG. 18 while relaying communication between the WAN 18 and the LAN 19 .

First, the router 11 acquires list information of ports opened by the router 11 (step S181). This port may be opened by, for example, the method of Example 1 or Example 2, or may be opened by another method. Next, the router 11 acquires the last communication time of each port indicated by the list information acquired in step S181 (step S182). The final communication time of a port is the time at which communication using that port was last performed in the router 11 , and is obtained from the packet relay history in the router 11 , for example.

Next, the router 11 determines whether or not there is a port, among the ports indicated by the list information acquired in step S181, for which a predetermined time or more has elapsed since the last communication time acquired in step S182 (step S183). This specified time is set based on the longest time interval for the device to communicate via the router 11, which is assumed when the user is using the device connected to the LAN 19. For example, 30 days. is.

The processing of steps S181 to S183 is an example of monitoring received packets from the LAN 19 side or the WAN 18 side. In step S183, if there is no port for which the specified time or more has passed since the last communication time (step S183: No), the router 11 waits until the next polling cycle (step S184), and returns to step S181.

In step S183, if there is a port whose specified time or more has passed since the last communication time (step S183: Yes), it can be determined that the port has not been used for a long time despite being permitted to use it. . In this case, the router 11 sends a push notification to the terminal device 12 (step S185), and proceeds to step S184.

In the push notification in step S185, the router 11 indicates the target port (long-term unused port) for which a specified time or more has passed since the last communication time and the elapsed time (no communication time) since the last communication time of the port. Information is transmitted to the terminal device 12 . This push notification is an example of a security risk notification related to changing settings (stopping port opening). In other words, this push notification is a notification of security risks due to not stopping port opening.

Note that the final communication time acquired in step S182 may be the time at which the last communication using the port of the router 11 with a data transmission amount equal to or greater than a certain amount was performed. As a result, for example, traffic intended for port scanning can be excluded, and the last time the target port was actually used for data communication can be obtained.

For example, in general, in one port scan, it is confirmed whether a TCP session can be set up, and if a TCP session can be set up, it is confirmed whether input of a user name and password is accepted. It takes about 300 octets (bytes) per access to confirm whether a TCP session can be established, and about 1000 octets (bytes) per access to confirm whether input of a user name and password is accepted. Therefore, accesses that do not exceed these octets (bytes) can be considered traffic for port scanning purposes. Therefore, the constant amount of data transmission described above can be set to about 2000 octets (bytes) as an example.

(Consent Confirmation Processing by Terminal Device 12 of Embodiment 3)
FIG. 19 is a flow chart showing an example of acceptance confirmation processing by the terminal device 12 of the third embodiment. The terminal device 12 executes the processing shown in FIG. 19, for example, in a state in which communication with the router 11 is possible.

First, the terminal device 12 determines whether or not there is a push notification from the router 11 (step S191), and waits until there is a push notification from the router 11 (step S191: No loop).

In step S191, when there is a push notification from the router 11 (step S191: Yes), the terminal device 12, based on the information received from the router 11 in the push notification, determines whether the terminal device 12 has The port and the non-communication time of the long unused port are displayed (step S192). An example of the display in step S192 will be described later with reference to FIG.

In addition, the terminal device 12 accepts an operation of selecting stop of port release for the displayed long-term unused port (see FIG. 22). Next, the terminal device 12 determines whether or not the user has selected to stop opening the port (step S193). If the user does not select to stop opening the port (step S193: No), the terminal device 12 returns to step S191.

In step S193, when the user selects to stop port opening (step S193: Yes), the terminal device 12 transmits a port opening stop request to the router 11 (step S194), and returns to step S191. The port release stop request is a packet requesting the router 11 to stop the port release for the long-term unused port, and includes information that can identify the long-term unused port. The port opening stop request is an example of consent information indicating that the user has consented to the setting change (port opening stop).

(Port opening stop processing by router 11 of embodiment 3)
FIG. 20 is a flow chart showing an example of port opening stop processing by the router 11 of the third embodiment. The router 11 executes, for example, the process shown in FIG. 20 in parallel with the process shown in FIG.

First, the router 11 determines whether or not a port opening stop request is received from the terminal device 12 (step S201), and waits until a port opening stop request is received (step S201: No loop). When the port opening stop request is received (step S201: Yes), the router 11 stops port opening according to the port opening stop request (step S202), and returns to step S201.

(Example of operation in communication system 10 of embodiment 3)
FIG. 21 is a sequence diagram showing an operation example in the communication system 10 of the third embodiment. In the example shown in FIG. 21, it is assumed that the router 11 has a long-term unused port that is open but unused for a long period of time.

First, the router 11 detects a long-term unused port based on the last communication time of each port (step S211). Next, the router 11 sends a push notification notifying that there is a long-term unused port to the terminal device 12 (step S212). Next, the router 11 displays the long-term unused port and its non-communication time based on the push notification of step S212 (step S213).

Next, the terminal device 12 accepts the selection to stop opening the long-term unused port displayed in step S213 (step S214). Here, it is assumed that the user has selected to stop opening the long-term unused port.

Next, the terminal device 12 transmits a port release stop request to the router 11 (step S215). Next, the terminal device 12 stops port opening according to the port opening stop request transmitted in step S215 (step S216), and ends the series of processes.

(Display by terminal device 12 in response to push notification from router 11 in embodiment 3)
FIG. 22 is a diagram illustrating an example of display by the terminal device 12 in response to the push notification from the router 11 of the third embodiment. 22, the same reference numerals are given to the same parts as those shown in FIG. 6, and the description thereof is omitted. For example, in step S192 shown in FIG. 19, the terminal device 12 displays the screen 220 on the touch panel 12a.

A screen 220 displays the message "A port that has been unused for 30 days has been left open. Do you want to stop opening this port?" and a character string indicating the non-communication time of the used port. Thereby, the user can recognize that there is a long-term unused port that has not been used for a long time, and can determine whether or not to use the long-term unused port.

Screen 220 also includes an open stop button 221 . The release stop button 221 is a button for the user to select to stop the port release of the displayed long-term unused port. The determination in step S193 shown in FIG. 19 is, for example, a determination as to whether the open stop button 221 has been touched by the user.

In addition, instead of the above information, the screen 220 displays, for example, "Device XX uses port YY and is permitted to be published on the Internet, but has not been used for ZZ days. If unnecessary devices and ports are exposed, they may be exploited on the Internet if new vulnerabilities are discovered in the future.If communication from the Internet is unnecessary, it is strongly recommended that permission be revoked. Recommended." may be included. In this way, by specifically notifying the user of the risk of leaving a port that has not been used for a long time open, the user can recognize the specific risk and decide whether or not to continue port opening. can be judged. In addition, by notifying the user that the permission should be revoked if the port opening is unnecessary, the user is prompted to stop opening the port, thereby improving security. In addition, by notifying the user of the device that opened the port, the user can remember the circumstances and background of the opening of the port, and can easily judge whether to continue the opening of the port. can.

As shown in FIGS. 18 to 22, the router 11 according to the third embodiment, based on received packets, indicates that the port is not in use for a long period of time if communication through the open port has not been detected for a predetermined period of time or longer. If a long-term unused port is detected, acceptance information (port opening stop request) indicating that the user has consented to opening and stopping the port is accepted, and if the consent information is accepted, the port is opened. make a stop.

As a result, when there is an open port that has not been used for a long time, the port opening can be stopped if the user consents to stop opening the port. Therefore, it is possible to prevent the long-term unused port from being kept open unintentionally by the user.

<Example 4>
In a fourth embodiment, an example in which the router 11 blocks suspicious communications will be described. Suspicious communication is blocked even if the port has been opened with the user's permission, but after a certain period of time has passed since the user's permission was specified, if the port is connected from an address that has never been connected before, the communication will be temporarily blocked. , to reconfirm permission to the user.

(Access block processing by router 11 of embodiment 4)
FIG. 23 is a flow chart showing an example of access block processing by the router 11 of the fourth embodiment. The router 11 executes, for example, the processing shown in FIG. 23 while relaying communication between the WAN 18 and the LAN 19 .

First, based on the packet received from the WAN 18 side, the router 11 determines whether or not the port being opened by the router 11 is accessed (step S231), and waits until the port being opened is accessed ( Step S231: No loop).

In step S231, if there is an access to the open port (step S231: Yes), the router 11 determines whether or not a specified time or more has elapsed since the port that was accessed was opened (step S232). ). This specified time is set based on the longest expected time from the opening of the port to the first normal access to the port, and is one week as an example.

In step S232, if the prescribed time or more has not passed since the port was opened (step S232: No), it can be determined that the access in step S231 is normal. In this case, the router 11 adds the access source address to the source list (step S233).

The sender list is a list of senders whose safety has been confirmed among the devices on the WAN 18 side. The source list may be stored in the memory of router 11 or may be stored in another device accessible from router 11 . Next, the router 11 relays the access to the LAN 19 side (step S234) and returns to step S231.

In step S232, if the specified time or more has passed since the port was opened (step S232: Yes), the router 11 determines whether the source address of the access in step S231 is included in the source list. (Step S235).

At step S235, if the source address is included in the source list (step S235: Yes), the router 11 can determine that the access at step S231 is a normal access. In this case, the router 11 proceeds to step S234. The processing of steps S231, S232, and S235 is an example of monitoring received packets from the WAN 18 side.

In step S235, if the source address is not included in the source list (step S235: No), the access in step S231 is from a device that has not been accessed in the period immediately after the port is opened, and is malicious. access based on

In this case, the router 11 blocks the access, sends a push notification notifying that the access has been blocked to the terminal device 12 (step S236), and returns to step S231. In the push notification of step S236, the router 11 transmits information indicating, for example, the target port accessed in step S231 and the source of the access (for example, source address) to the terminal device 12. This push notification is an example of a security risk notification regarding a setting change (registration to the sender list).

In addition, in step S233, the router 11 may not add the source address of the access to the source list if the data transmission amount of the access in step S231 is less than a certain amount. As a result, for example, it is possible not to register a device that only receives traffic for the purpose of port scanning from being registered in the source list. As described above, this fixed amount of data transmission can be, for example, about 2000 octets (bytes).

(Consent Confirmation Processing by Terminal Device 12 of Embodiment 4)
FIG. 24 is a flow chart showing an example of acceptance confirmation processing by the terminal device 12 of the fourth embodiment. The terminal device 12 executes, for example, the processing shown in FIG. 24 in a state in which communication with the router 11 is possible.

First, the terminal device 12 determines whether or not there is a push notification from the router 11 (step S241), and waits until there is a push notification from the router 11 (step S241: No loop). When there is a push notification from the router 11 (step S241: Yes), the terminal device 12, based on the information received from the router 11 in the push notification, identifies the port to which the access was made, the source of the access, is displayed (step S242). An example of display in step S242 will be described later with reference to FIG.

The terminal device 12 also accepts an operation of selecting permission to access from the displayed transmission source (see FIG. 28). Next, the terminal device 12 determines whether or not the user has selected access permission (step S243). If the user does not select access permission (step S243: No), the terminal device 12 returns to step S241.

In step S243, if the user selects access permission (step S243: Yes), the terminal device 12 transmits a source registration request to the router 11 (step S244), and returns to step S241. The source registration request is a packet that requests the router 11 to register the access source device in the source list, and includes, for example, information that can identify the access source. The transmission source registration request is an example of consent information indicating that the user has consented to the change of settings (registration in the transmission source list).

(Transmission source registration processing by router 11 of embodiment 4)
FIG. 25 is a flowchart illustrating an example of source registration processing by the router 11 of the fourth embodiment. The router 11 executes, for example, the process shown in FIG. 25 in parallel with the process shown in FIG.

First, the router 11 determines whether or not a source registration request has been received from the terminal device 12 (step S251), and waits until a source registration request is received (step S251: No loop). If the source registration request has been received (step S251: Yes), the router 11 registers the accessed source device in the source list according to the source registration request (step S252), and returns to step S251. .

As a result, when the target device accesses again, the access is relayed by step S234 shown in FIG. 23 without notifying the user. On the other hand, if the router 11 does not receive the source registration request for the target device, when the target device accesses again, the access is blocked in step S236 shown in FIG. . As a result, port release is substantially stopped for the port that has been accessed.

(Example of operation in communication system 10 of embodiment 4)
FIG. 26 is a sequence diagram showing operation example 1 in the communication system 10 of the fourth embodiment. In the example shown in FIG. 26, the user connects the device 14 to the LAN 19 and opens the port by UPnP, and immediately after that, the device 261 on the WAN 18 side accesses the device 14 as intended by the user. do. As an example of such a situation, the user connects the web camera as the device 14 to the LAN 19, and immediately after that, the user uses the user's smartphone or the like as the device 261 to access the web camera via the WAN 18. situation.

First, the device 14 connected to the LAN 19 transmits an AddPortMapping request to the router 11 (step S261). Next, the router 11 opens the port according to the AddPortMapping request transmitted at step S261 (step S262). This port opening may be performed, for example, by the method of Example 1 or Example 2, or may be performed by another method.

Next, it is assumed that the router 11 is accessed from the device 261 on the WAN 18 side to the device 14 within a specified time after the port is opened in step S262 (step S263). In this case, the router 11 determines whether or not to permit this access (step S264). Here, since this access is within the specified time after the port is opened, the router 11 determines that this access is permitted.

Next, the router 11 registers the device 261, which is the source of the access in step S261, in the source list (step S265). Next, the router 11 relays the access of step S261 to the device 14 (step S266), and the series of processing ends.

FIG. 27 is a sequence diagram showing operation example 2 in the communication system 10 of the fourth embodiment. In the example shown in FIG. 27, after the operation example 1 shown in FIG. 26, the device 14 is connected to the device 14 from the device 262 on the WAN 18 side different from the device 261 after the specified time has elapsed since the port was opened in step S262 shown in FIG. A case in which there is an unintended access by the user will be described. Here, it is assumed that the device 262 is not registered in the sender list of the router 11 .

First, it is assumed that the router 11 is accessed from the device 262 on the WAN 18 side to the device 14 after a specified time has elapsed since the port was opened in step S262 shown in FIG. 26 (step S271). In this case, the router 11 determines whether or not to permit this access (step S272).

Here, since this access is after the specified time has passed since the port was opened, the router 11 determines that the access from the device 262 is not permitted (not permitted). In this case, the router 11 blocks access from the device 262 and sends a push notification to the terminal device 12 notifying that the access has been blocked (step S273).

Next, the terminal device 12 displays the accessed target port and the source of the access (device 262) based on the push notification of step S273 (step S274). The terminal device 12 also accepts selection of access permission from the displayed transmission source (step S275). Here, it is assumed that the user did not select access permission (no permission).

In this case, the terminal device 12 does not send the source registration request to the router 11 . As a result, even if the device 262 attempts to access the device 14 from the router 11 again, the access is blocked again.

(Display by terminal device 12 in response to push notification from router 11 in embodiment 4)
FIG. 28 is a diagram illustrating an example of display by the terminal device 12 in response to the push notification from the router 11 of the fourth embodiment. 28, the same reference numerals are assigned to the same parts as those shown in FIG. 6, and the description thereof is omitted. For example, in step S242 shown in FIG. 24, the terminal device 12 displays a screen 280 on the touch panel 12a.

Screen 280 displays a message "There was an access request from an address that has never been accessed. Do you want to allow access from this address?" and a character string indicating the source address of the As a result, the user can recognize that there has been an access from a device that has never been accessed, and can determine whether or not to permit access from that device.

Screen 280 also includes an access permission button 281 . The access permission button 281 is a button for the user to select permission of access from the displayed sender. The determination in step S243 shown in FIG. 24 is, for example, determination of whether or not the access permission button 281 has been touched by the user.

In addition, instead of the above information, the screen 280 displays, for example, "Device XX uses port YY and is permitted to be published on the Internet, but access from a different location than usual is permitted. We have reviewed the communication.If this communication is what you intended, please allow it.If not, please close this message." In this way, by issuing a notification instructing the user to allow communication from a location (address) different from that of usual access only when it is intended by the user, the user can decide whether to allow that access. It can be easily determined whether or not

As shown in FIGS. 23 to 28, the router 11 according to the fourth embodiment, on the basis of the received packet, waits until a predetermined time elapses after opening the open port. When a packet requesting access by that port is received from a device on the WAN 18 side that has not been accessed by the port, consent information (sender registration request) to the effect that the user has consented to registration of the device on the sender list is sent. When the acceptance information is accepted, the device is registered in the transmission source registration request.

Accordingly, the port can be substantially opened only when the user approves the access from the device that was not accessed immediately after the port was opened. Therefore, it is possible to suppress substantial port opening unintended by the user.

In the fourth embodiment, the configuration for blocking access to suspicious communication has been described, but the user may select to stop opening the corresponding port for suspicious communication. When the user selects to stop opening the corresponding port, the router 11 transmits a port opening stop request to the terminal device 12, and the router 11 stops opening according to the port opening stop request.

(Regarding Examples 1 to 4)
According to Embodiments 1 to 4 described above, it is possible for the user to easily grasp security risks associated with port management by UPnP or the like, and to perform appropriate settings for the router 11 .

Examples 1 to 4 described above can also be combined. That is, in the communication system 10, the warning-type dangerous UPnP block of the first embodiment, the proactive-type dangerous UPnP block of the second embodiment, the unused UPnP port warning of the third embodiment, and the suspicious communication block of the fourth embodiment. Two or more of these processes may be performed in parallel.

(Modification)
Although UPnP has been described as the function of the router 11 that opens ports in response to request packets received from the devices 13 and 14 connected to the LAN 19, this function is not limited to UPnP and may be similar.

Also, instead of packets such as AddPortMapping, a similar packet may be used. For example, in UPnP of IPv6 (Internet Protocol Version 6), the command WANIPv6FirewallControl:AddPinhole( ) is used instead of AddPortMapping. Therefore, in IPv6, this WANIPv6FirewallControl:AddPinhole( ) packet may be used instead of AddPortMapping.

Also, although the case where the terminal device 12 is a smartphone has been described, the terminal device 12 is not limited to a smartphone, but may be a tablet terminal, a personal computer, or any other type of information terminal capable of communicating with the router 11. can.

Also, although the configuration in which the terminal device 12 communicates with the router 11 via the server 15 has been described, the configuration is not limited to this. For example, the terminal device 12 may communicate with the router 11 via the WAN 18 without the server 15 . Moreover, the terminal device 12 may communicate with the router 11 without going through the WAN 18 by connecting to the LAN 19 .

Also, regarding various notifications by the terminal device 12, the notification using the screen display has been described, but the terminal device 12 may perform various notifications by voice or the like. Also, regarding acceptance of various selections by the terminal device 12, acceptance by touch operation has been described, but the terminal device 12 may accept various selections from the user by button operation, voice input, or the like.

Although the configuration using push notification for various notifications from the router 11 to the terminal device 12 has been described, the router 11 may use e-mail or the like for various notifications to the terminal device 12 .

(Regarding the control program)
The control program stored in the ROM 22 of the router device 20 and the control program stored in the ROM 32 of the terminal device 30 are stored in a computer-readable non-transitory storage medium. . Such a "computer-readable storage medium" is, for example, an optical medium such as a CD-ROM (Compact Disc-ROM), or a magnetic storage medium such as a USB memory or a memory card. Also, such a control program can be provided by downloading via a network.

As described above, this specification discloses the following matters.

The disclosed router is a router that relays communication between a wide area network and a local area network based on settings, and includes a monitoring unit that monitors received packets, and a monitoring result obtained by the monitoring unit under a predetermined condition. a control unit that notifies the user when the conditions are satisfied, receives consent information indicating that the user has consented to the change of the setting, and changes the setting according to the acceptance result of the consent information; Be prepared.

The disclosed router is such that the received packets are packets from the local area network.

The disclosed router has a function of opening a port in response to a request packet received from a device connected to the local area network, and the setting is a setting related to the function.

In the disclosed router, the function is a UPnP (Universal Plug and Play) function.

The disclosed router is such that the notification is a security risk notification regarding the change of the configuration.

In the disclosed router, the control unit makes the notification by communicating with the terminal device of the user via the server.

In the disclosed router, the control unit receives the consent from the user by communicating with the terminal device of the user via a server.

In the disclosed router, the server manages a first identifier of the terminal device of the user that can be acquired by the control unit, and a second identifier of the terminal device that the server uses for communication with the terminal device. and the controller transmits the first identifier and the notification information to the server, thereby performing the notification via the server.

In the disclosed router, the condition is that the received packet is a packet requesting opening of a port included in a predetermined list, and the change in setting is opening of the port. be.

In the disclosed router, when the control unit detects that the received packet is a packet requesting opening of a port included in the list and that a device corresponding to the port is vulnerable, the user can Acceptance information to the effect that the opening of the port has been accepted is accepted, and the port is set to be opened when the acceptance information is accepted.

In the disclosed router, the control unit detects the vulnerability by accessing the device through the port.

In the disclosed router, the control unit attempts to authenticate the device using at least one of a predetermined identifier and password, thereby detecting the vulnerability.

In the disclosed router, the control unit detects the vulnerability by determining whether the communication method of the device is a specific communication method.

In the disclosed router, the condition is that, based on the received packet, communication through an open port in the setting is not detected for a predetermined time or longer, and the change in the setting causes the opening of the port. It is an open stop.

In the disclosed router, with respect to the port that is open in the setting, the disclosed router does not access the port until a predetermined time has passed since the port was opened. A packet requesting access through the port is received from the device, and the change in setting is permission of the access from the device.

The disclosed control program is for causing a computer to function as the monitoring section and the control section of the router.

The disclosed terminal device is a terminal device capable of communicating with a router that relays communication between a wide area network and a local area network, and the result of monitoring received packets by the router satisfies a predetermined condition. a notification unit that notifies a user; a reception unit that receives from the user an operation indicating that the router setting change has been accepted after the notification by the notification unit; and a control unit for causing the router to change the setting accordingly.

The disclosed control program is for causing a computer to function as the reception section and the control section of the terminal device.

The disclosed communication system includes the router and the terminal device.

REFERENCE SIGNS LIST 10 communication system 11 router 12, 30 terminal device 12a touch panel 13, 14, 261, 262 device 15 server 18 WAN
19 LANs
20 router device 20a monitoring unit 20b, 30c control unit 21, 31 CPU
22, 32 ROMs
23, 33 RAM
24 WAN side communication module 25 LAN side communication module 26, 39 bus 27, 37 internal storage unit 27a, 37a internal storage unit 27b, 37b internal storage interface 30a notification unit 30b reception unit 34a liquid crystal driver 34b liquid crystal panel 35 communication module 36 operation interface 38a USB controller 38b USB connector 100, 170, 220, 280 Screen 101 Prohibition button 102 Permission button 221 Stop opening button 281 Access permission button

Claims (19)

A router that relays communication based on settings between a wide area network and a local area network,
a monitoring unit that monitors received packets;
When the result of monitoring by the monitoring unit satisfies a predetermined condition, a notification is sent to the user, consent information indicating that the user has consented to the change of the setting is received, and according to the acceptance result of the consent information, a control unit that changes the setting by
router. The router of claim 1, wherein
A router, wherein the received packet is a packet from the local area network. A router according to claim 1 or 2,
having a function of opening a port in response to a request packet received from a device connected to the local area network;
The router, wherein the settings are settings related to the function. A router according to claim 3, wherein:
A router whose function is a UPnP (Universal Plug and Play) function. A router according to any one of claims 1 to 4,
The router, wherein the notification is a security risk notification regarding the change of the configuration. A router according to any one of claims 1 to 5,
The control unit is a router that performs the notification by communicating with the terminal device of the user via a server. A router according to any one of claims 1 to 6,
A router in which the control unit receives the consent information by communicating with the terminal device of the user via a server. A router according to claim 6 or 7,
The server is a server that manages a first identifier of the terminal device of the user that can be acquired by the control unit and a second identifier of the terminal device that the server uses for communication with the terminal device,
A router in which the control unit performs the notification via the server by transmitting the first identifier and the notification information to the server. A router according to any one of claims 1 to 8,
the condition is that the received packet is a packet requesting opening of a port included in a predetermined list;
The change in the setting is the opening of the relevant port on the router. A router according to claim 9,
When the received packet is a packet requesting the opening of a port included in the list and the vulnerability of a device corresponding to the port is detected, the user consents to the opening of the port. A router that accepts consent information to that effect, and sets the port to be opened when the consent information is received. 11. The router of claim 10, wherein
A router in which the control unit detects the vulnerability by accessing the device through the port. 12. The router of claim 11, wherein
A router in which the control unit detects the vulnerability by attempting to authenticate the device using at least one of a predetermined identifier and a password. A router according to claim 11 or 12,
The router, wherein the control unit detects the vulnerability by determining whether the communication method of the device is a specific communication method. A router according to any one of claims 1 to 13,
The condition is that, based on the received packet, communication through an open port in the setting has not been detected for a predetermined time or longer;
A router in which the change in the setting is to stop the opening of the port. A router according to any one of claims 1 to 14,
The condition is that a device on the wide area network that has not accessed a port that is open in the settings until a predetermined time has passed since the port was opened, receipt of a packet requesting access,
A router in which the change of the setting is permission of the access from the device. A control program for causing a computer to function as the monitoring unit and the control unit of the router according to any one of claims 1 to 15. A terminal device capable of communicating with a router that relays communication between a wide area network and a local area network,
a notification unit that notifies a user when the result of monitoring received packets by the router satisfies a predetermined condition;
a reception unit that receives from the user an operation indicating that the user has consented to the change in the router settings after the notification by the notification unit;
a control unit for causing the router to change the setting in accordance with the reception result by the reception unit;
terminal device. A control program for causing a computer to function as the reception unit and the control unit of the terminal device according to claim 17. a router according to any one of claims 1 to 15;
a terminal device according to claim 17;
communication system including.

Images