TW201112675A - Wireless routers and method for preventing malicious scanning by using the wireless routers - Google Patents

Wireless routers and method for preventing malicious scanning by using the wireless routers Download PDF

Info

Publication number
TW201112675A
TW201112675A TW98131435A TW98131435A TW201112675A TW 201112675 A TW201112675 A TW 201112675A TW 98131435 A TW98131435 A TW 98131435A TW 98131435 A TW98131435 A TW 98131435A TW 201112675 A TW201112675 A TW 201112675A
Authority
TW
Taiwan
Prior art keywords
packet
response packet
icmp
wireless router
response
Prior art date
Application number
TW98131435A
Other languages
Chinese (zh)
Other versions
TWI410080B (en
Inventor
Hua-Jui Peng
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW98131435A priority Critical patent/TWI410080B/en
Publication of TW201112675A publication Critical patent/TW201112675A/en
Application granted granted Critical
Publication of TWI410080B publication Critical patent/TWI410080B/en

Links

Abstract

The invention provides a method for preventing malicious scanning by using a router. The method includes the following steps: transmitting the UDP port scanning packet sent by WAN user computer to LAN server; receiving the response packet from the LAN server; determining whether the received response packet is the ICMP port unreachable packet or not; when the received response packet is the ICMP port unreachable packet, then determining whether this response packet is the normal response packet or not; when the response packet is the normal packet, discarding this response packet and informing the LOG system to note this UDP port scanning event. This invention also provides a wireless router. Using this invention can prevent malicious attackers to do UDP scanning effectively.

Description

201112675 六、發明說明: 【發明所屬之技術領域】 [醒]本發明涉及一種無線路由器及利用該無線路由器預防惡 意掃描的方法。 【先前技術】 [證]一般無線路由器本身或是LAN (Local Area Netw〇rk, 局域網)端的伺服器都會開啟一些UDP(USer Datagram Protocol ’用戶資料報協定)埠,給用戶蠕電腦提供相 應的服務。但網路上惡意的使用者會利用掃描以及聽取 埠的方法來得知哪些埠是開啟的’再利用這些埠做為進 入點或是攻擊點。所以預防惡意攻擊者的掃描是保護無 線路由器本身或是LAN端伺服器最有效方法。 【發明内容】 [0003] 鑒於以上内容,有必要提供一種無線路由器及利用該無 線路由器預防惡意掃描的方法,其讓惡意使用者無法得 知所掃描的璋是否開啟,保護無線路由器本身或是LAN端 飼服器。 [0004] 一種無線路由器,安裝有日誌日系統並分別與至少一台 WAN用戶端電腦以及至少一台LAN端伺服器相連。所述的 無線路由器包括:轉發模組,用於當WAN用戶端電腦發送 UDP蜂掃描封包時,將此封包轉發至LAN端伺服器;接收 模組’用於接收來自LAN端伺服器的回應封包;判斷模組 ,用於根據接收模組所接收的回應封包的報文格式判斷 所接收的回應封包是不是ICMP埠無法到達封包;所述的 判斷模組還用於當該回應封包是ICMP埠無法到達封包時 098131435 表單編號A0101 第4頁/共16頁 0982053934-0 201112675 根據此回應封包的連線記錄判斷此(⑽璋無法到達封 Ο疋不疋正#的回應封包;保護模組,用於當該回應封 包是ICMP槔無法到達封包且不是正常的回應封包時,將 此回應封包丢棄’並通知日料、統記錄此次琿掃描事件 0 [0005] -種利用無線路由H預防惡意掃描的方法,該方法包括 步驟:當糊用戶端電腦發送_埠掃描封包時,無線路 由器將。亥卿埠掃描封包轉發至LAN端飼服器;無線路由 0 器接收LAN職職的賴封包;根制接㈣回應封包 的報文格式判斷所接收的回應封包是否為則㈣無法到 達封包;當所接收的回應封包MCMp._無法到達封包時 ’根據此回應封包的連線記錄,判_此_封包是否是 正常的回應封包;當此回應封包不是正常的回應封包時 ’將此回應封包丢棄,通知日$系統記錄此次醫棒掃描 事件。 [0006] ❹ 相較於習知技術,本發明所述預防惡意掃描的方法,若 存在攻擊者對LAN端伺服器作掃描,則無線路由器通過丟 棄 LAN端伺服器產生的 ICMP (lnternet c〇ntr〇1 Mes_ sage Protocol ’網際控制報文協議)埠無法到達封包 ,避免洩漏LAN端伺服器的埠之開關狀態,從而保護無線 路由器本身或是LAN端飼服器不被惡意使用者攻擊。 [0007] 【實施方式】 針對本發明的專業辭彙注釋如下: [0008] 埠(Port):指網路中面向連接服務和無連接服務的通信 098131435 協定埠,是一種抽象的軟體結構,包括一些資料結構和 表單編號 A〇101 頁/共 Μ ! 〇982〇53934-0 201112675 ι/ο (基本輸入輸出)缓衝區。它是一個軟體結構’被客 戶程式或服務進程用來發送和接收資訊。一個埠對應一 個16比特的數。邏輯意義上的埠,一般是指TCP/IP協議 (傳輸控制協定/網際互連協議)中的埠,埠號的範圍從0 到65535,比如用於瀏覽網頁服務的80埠,用於FTP服務 的21埠等等。 [00〇9] 埠掃描:Port Scanning,是通過連接到目標系統的 TCP協定或UDP協定埠,來確定什麼服務正在運行。 [0010] UDP埠掃描(UDP Port Scanning):是執行埠掃描來 決定哪個用戶資料報協定(UDP)埠是開放的過程。(JDP掃 描能夠被駭客用於發起攻擊或用於合法的目的。UDpj:車掃 描的建立基礎為向一個關閉的UDP埠發送資料時會得到 ICMP PORT Unreachable消息回應’如果向我們想掃描 的主機發送UDP資料,沒有接受到ICMP PORT Unreachable消息時,可以假設遑個埠是開放的。 [0011] ICMP : Internet Control Message Protocol ,201112675 VI. Description of the Invention: [Technical Field of the Invention] [Wake] The present invention relates to a wireless router and a method for preventing malicious scanning using the wireless router. [Prior Art] [Certificate] The general wireless router itself or the LAN (Local Area Netw〇rk, LAN) server will open some UDP (USer Datagram Protocol) to provide users with corresponding services. . However, malicious users on the Internet will use scanning and listening to the tricks to know which ones are open. 'Reuse these as an entry point or an attack point. Therefore, preventing malicious attackers from scanning is the most effective way to protect the wireless router itself or the LAN server. SUMMARY OF THE INVENTION [0003] In view of the above, it is necessary to provide a wireless router and a method for preventing malicious scanning by using the wireless router, which makes it impossible for a malicious user to know whether the scanned UI is turned on, and protects the wireless router itself or the LAN. End feeding machine. [0004] A wireless router is installed with a log day system and is respectively connected to at least one WAN client computer and at least one LAN server. The wireless router includes: a forwarding module, configured to forward the packet to the LAN server when the WAN client computer sends the UDP beacon packet; and the receiving module is configured to receive the response packet from the LAN server. The determining module is configured to determine, according to the message format of the response packet received by the receiving module, whether the received response packet is not reachable by the ICMP, and the determining module is further configured to: when the response packet is ICMP埠Unable to reach the package 098131435 Form No. A0101 Page 4 / Total 16 pages 0992053934-0 201112675 According to the connection record of the response packet, judge this ((10)璋 can not reach the response packet of the seal not correct; protection module, use When the response packet is ICMP 槔 unable to reach the packet and is not a normal response packet, discard the response packet and notify the data, and record the 珲 scan event 0 [0005] - use wireless routing H to prevent malicious a method for scanning, the method comprising the steps of: when the paste client sends a _ scan packet, the wireless router forwards the scan packet to the LAN terminal feeder; The line receives the LAN service's sufficiency packet from the 0 device; the root system (4) responds to the packet's message format to determine whether the received response packet is (4) the packet cannot be reached; when the received response packet MCMp._ cannot reach the packet' According to the connection record of the response packet, it is judged whether the packet is a normal response packet; when the response packet is not a normal response packet, 'this response packet is discarded, and the notification day $ system records the medical bar scan event. [0006] ❹ Compared with the prior art, the method for preventing malicious scanning according to the present invention, if an attacker scans a LAN server, the wireless router discards the ICMP generated by the LAN server (Intelternet c〇). Ntr〇1 Mes_ sage Protocol 'Internet Control Message Protocol') can not reach the packet, to avoid leaking the switch state of the LAN server, thus protecting the wireless router itself or the LAN server from being attacked by malicious users. [0007] [Embodiment] The professional vocabulary for the present invention is as follows: [0008] ) (Port): refers to the connection-oriented service and the connectionless service in the network. Letter 098131435 Agreement 埠, is an abstract software structure, including some data structures and form numbers A 〇 101 pages / Μ 〇 〇 〇 34 34 53934-0 201112675 ι / ο (Basic input and output) buffer. It is a software The structure 'is used by client programs or service processes to send and receive information. A 埠 corresponds to a 16-bit number. 逻辑 in the logical sense, generally refers to the TCP/IP protocol (Transmission Control Protocol/Internet Protocol) The nickname ranges from 0 to 65535, such as 80埠 for browsing web services, 21埠 for FTP services, and so on. [00〇9] 埠 Scan: Port Scanning is to determine what service is running by connecting to the target system's TCP protocol or UDP protocol. [0010] UDP Port Scanning: A process of performing a scan to determine which User Datagram Protocol (UDP) is open. (JDP scanning can be used by hackers to launch attacks or for legitimate purposes. UDpj: Car scanning is based on the ICMP PORT Unreachable message sent when sending data to a closed UDP port. 'If you want to scan the host When sending UDP data, if you do not receive the ICMP PORT Unreachable message, you can assume that it is open. [0011] ICMP: Internet Control Message Protocol,

Internet控制報文協議。是TCP/IP協定族的—個子協定 ,用於在IP主機、路由器之間傳遞控制消息。控制消_ 是指網路通不通、主機是否可達、路由是否可用等網Z 本身的消息。 [0012] 如圖是本發明預防惡意掃料方法較佳實施例的架 構示意圖。所述的架構包括至少—台膽用戶端 無線路由器up) 2以及至少-台UN端词服器3。所述的 WAN用戶端電腦1的ADSL Modern (圖中未示出 ® )或者 098131435 表單編號A0101 第6頁/共16頁Internet Control Message Protocol. It is a sub-protocol of the TCP/IP protocol family, which is used to transfer control messages between IP hosts and routers. Control elimination _ refers to the message of the network Z itself, such as the network is unreachable, the host is reachable, and the route is available. [0012] As shown in the drawings, a schematic diagram of a preferred embodiment of the method for preventing malicious scanning of the present invention is shown. The architecture includes at least a platform client wireless router up 2 and at least a NAS client. The ADSL Modern (not shown in the figure) of the WAN client computer 1 or 098131435 Form No. A0101 Page 6 of 16

0982C 201112675 [0013] [0014] Ο [0015] [0016] [0017] ❹0982C 201112675 [0013] [0016] [0017] [0017]

Cable Modern (圖中未示出)通過網路線與無線路由器 2的WAN谭(圖中未示出)相連,所述的LAN端伺服器3通 過網路線與無線路由器2的LAN埠相連(圖中未示出)。 所述的無線路由器2中安裝日誌系統21。所述的日誌系統 21用於準確及時的記錄系統發生的所有事件,例如記錄 UDP埠(圖中未示出)被掃描的事件。 如圖2所示,是本發明無線路由器的功能模組圖。所述的 無線路由器還包括轉發模組2〇1 '接收模組202、判斷模 組203以及保護模組2〇4。 所述的轉發辑組201,用於當WAN用戶端電腦1發送UDP璋 掃描封包時,將此封包轉發至LAN端伺服器3。 所述的接收模組202,用於接收來自LAN端伺服器3的回應 封包。 所述的判斷模組203,用於根據接收模組2p2所接收的回 應封包的報文格式判斷所接收的回應封包是不是ICMP PORT UnreachabledCMP埠無法到達)封包。當所接收 的回應封包的報文格式中IP頭部的Protocol位為1,當 Type = 3和Code=3.時,判斷此回應封包即為ICMP PORT Unreachable封包;否則判斷此回應封包不是ICMP PORT Unreachable封包。 所述的轉發模組201,還用於當所接收的回應封包不是 ICMP PORT Unreachable封包時,將此回應封包轉發給 WAN用戶端電腦1進行處理。 098131435 表單編號A0101 第7頁/共16頁 0982053934-0 [0018] 201112675 [0019]所述的判斷模組2 〇 3還用於根據此回應封包的連線記錄判 斷此ICMP PORT Unreachable封包是不是正常的回應 封包。當此回應封包屬於先前正常建立連線之後又斷線 所產生的正常回應封包時,或者當該封包是之前曾進入 過LAN端伺服器3進行過資料交換的UDP連線產生的正常回 應封包時’則判斷模組203判斷該icmP PORT Unreachable封包為正常的回應封包;當在單一時間内 該回復的ICMP PORT Unreachable超過一定數量,則判 斷模組203判斷其不是正常的回應封包。 [〇〇2〇]所述的保護模組204,用於當判斷模組203判斷此回應封 包是ICMP PORT Unreachable.封包且不是正常的回應封 包時,將此回應封包丟棄,通知日誌系統21記錄此次UDp 埠被掃描事件,並顯示給使用者知道。 [〇〇21]所述的保護模組204還用於當判斷模組203判斷此回應封 包是ICMP PORT Unreachable封包且是再常的回應封包 時,將此回應封包丟棄。 [0022]如圖3所示,是本發明預防惡意掃描的方法較佳實施例的 流程圖。 [0023] [0024] [0025] 098131435 步驟S10 ’當WAN用戶端電腦1發送UDP埠掃描封包時 發模組201將WAN用戶端電腦1所發送的UDPi皁掃打 轉 發至LAN端伺服器3。 步驟S11 ’接收模組202接收LAN端伺服器3的回應封勺 步驟S12,判斷模組203判斷所接收的回應封包是否、ICMP PORT Unreachable封包。若此回應封包是ία 表單編號A0101 第8頁/共16頁 09820539 201112675 [0026] [0027] Ο [0028] ❹ [0029] [0030] PORT Unreachable封包,則進入步驟S14 ;若此回應封 包不是ICMP PORT Unreachable封包,則進入步驟S13 〇 步驟S13,轉發模組201將此回應封包轉發給WAN用戶端 電腦1進行處理,結束流程。 步驟S14,判斷模組203根據此回應封包的連線記錄判斷 此IMCP PORT Unreachable封包是否是正常的回應封包 。若判斷此IMCP PORT Unreachable封包不是正常的回 應封包,則進入步驟S15。若判斷此IMCP PORT Unreachable封包是正常的回應封包,則進入步驟S1 6。 步驟S15,保護模組204將此回應封包丟棄,避免洩漏 LAN端伺服器3的埠的開關狀態,保護無線路由器2本身或 是LAN端伺服器3不被惡意使用者攻擊,同時通知日誌系 統21記錄此次UDP埠被掃描的事件,並顯示給使用者知道 ,結束流程。 步驟S16,保護模組204將此回應封包丟棄,然後結束流 程。 綜上所述,本發明符合發明專利要件,爰依法提出專利 申請。惟,以上所述者僅爲本發明之較佳實施例,本發 明之範圍並不以上述實施例爲限,舉凡熟悉本案技藝之 人士援依本發明之精神所作之等效修飾或變化,皆應涵 蓋於以下申請專利範圍内。 【圖式簡單說明】 圖1為本發明預防惡意掃描的方法較佳實施例的架構示意 098131435 表單編號A0101 第9頁/共16頁 0982053934-0 [0031] 201112675 圖。 [0032]圖2為本發明無線路由器的功能模組圖。 闕W3為本發明預防惡意掃描的方法的較佳實施例的流程圖 【主要元件符號說明】 [0034] WAN用戶端電腦1 [0035] 無線路由器2 [0036] 日誌系統21 [0037] LAN端伺服器3 [0038] 轉發模組201 [0039] 接收模組202 [0040] 判斷模組203 [0041] 保護模組204 ':: ... .Cable Modern (not shown) is connected to the WAN Tan (not shown) of the wireless router 2 through a network route, and the LAN server 3 is connected to the LAN port of the wireless router 2 through a network route (in the figure) Not shown). The log system 21 is installed in the wireless router 2. The log system 21 is used to accurately and timely record all events that occur in the system, such as recording events that are scanned by UDP (not shown). As shown in FIG. 2, it is a functional module diagram of the wireless router of the present invention. The wireless router further includes a forwarding module 2〇1' receiving module 202, a determining module 203, and a protection module 2〇4. The forwarding group 201 is configured to forward the packet to the LAN server 3 when the WAN client computer 1 sends a UDP scan packet. The receiving module 202 is configured to receive a response packet from the LAN server 3. The determining module 203 is configured to determine, according to the message format of the response packet received by the receiving module 2p2, whether the received response packet is an ICMP PORT Unreachable CMP (unreachable) packet. When the protocol bit of the received response packet format is 1 in the IP header, when Type = 3 and Code=3., the response packet is judged to be an ICMP PORT Unreachable packet; otherwise, the response packet is not an ICMP PORT. Unreachable packet. The forwarding module 201 is further configured to: when the received response packet is not an ICMP PORT Unreachable packet, forward the response packet to the WAN client computer 1 for processing. 098131435 Form No. A0101 Page 7 / Total 16 Page 0992053934-0 [0018] The decision module 2 〇3 is also used to determine whether the ICMP PORT Unreachable packet is normal according to the connection record of the response packet. Response packet. When the response packet belongs to a normal response packet generated by a disconnection after the previous normal connection establishment, or when the packet is a normal response packet generated by a UDP connection that has previously entered the LAN side server 3 for data exchange. Then, the judging module 203 judges that the icmP PORT Unreachable packet is a normal response packet; when the ICMP PORT Unreachable of the reply exceeds a certain amount within a single time, the judging module 203 judges that it is not a normal response packet. The protection module 204 is configured to: when the determining module 203 determines that the response packet is an ICMP PORT Unreachable. packet and is not a normal response packet, discarding the response packet, and notifying the log system 21 to record The UDp is scanned for events and displayed to the user. The protection module 204 is further configured to discard the response packet when the determining module 203 determines that the response packet is an ICMP PORT Unreachable packet and is a frequent response packet. [0022] As shown in FIG. 3, it is a flow chart of a preferred embodiment of the method for preventing malicious scanning of the present invention. [0025] [0025] 098131435 Step S10' When the WAN client computer 1 sends a UDP scan packet, the module 201 forwards the UDPi soap sent by the WAN client computer 1 to the LAN server 3. Step S11' The receiving module 202 receives the response packet from the LAN server 3, step S12, and the determining module 203 determines whether the received response packet is an ICMP PORT Unreachable packet. If the response packet is ία Form No. A0101 Page 8/16 pages 09920539 201112675 [0026] [0027] ❹ [0029] [0030] PORT Unreachable packet, proceed to step S14; if the response packet is not ICMP If the PORT Unreachable packet is sent to step S13 to step S13, the forwarding module 201 forwards the response packet to the WAN client computer 1 for processing, and ends the process. In step S14, the determining module 203 determines, according to the connection record of the response packet, whether the IMCP PORT Unreachable packet is a normal response packet. If it is judged that the IMCP PORT Unreachable packet is not a normal response packet, it proceeds to a step S15. If it is determined that the IMCP PORT Unreachable packet is a normal response packet, then the process proceeds to step S16. In step S15, the protection module 204 discards the response packet to avoid leaking the switch state of the LAN server 3, and protects the wireless router 2 itself or the LAN server 3 from being attacked by malicious users, and notifies the log system 21 at the same time. Record the event that this UDP file was scanned and display it to the user to know and end the process. In step S16, the protection module 204 discards the response packet and then ends the process. In summary, the present invention complies with the requirements of the invention patent and submits a patent application according to law. The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited to the above-described embodiments, and equivalent modifications or variations made by those skilled in the art in light of the spirit of the present invention are It should be covered by the following patent application. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a preferred embodiment of a method for preventing malicious scanning according to the present invention. 098131435 Form No. A0101 Page 9 of 16 0982053934-0 [0031] 201112675. 2 is a functional block diagram of a wireless router of the present invention.阙W3 is a flow chart of a preferred embodiment of the method for preventing malicious scanning according to the present invention. [Main component symbol description] [0034] WAN client computer 1 [0035] Wireless router 2 [0036] Log system 21 [0037] LAN side servo 3 [0038] forwarding module 201 [0039] receiving module 202 [0040] determining module 203 [0041] protection module 204 ':: ... .

:丨: C· :- V:丨: C· :- V

[0042] 將WAN用戶端電腦發送的UDP埠蜂描封包轉發至[αν飼服 器S10 [0043] 接收LAN伺服器的回應封包S11 [0044] 判斷所接收的回應封包是否為ICMP埠無法到達封包S12 [0045] [0046] [0047] 098131435 將其轉發給WAN用戶端電腦進行處理S13 判斷是否是正常的回應封包S14 將此回應封包丟棄並通知日誌系統記錄此次UDP璋被掃描 事件S15 0982053934-0 表單編號A0101 第10頁/共16頁 201112675 [0048] 將此回應封包丟棄S16 Ο ❹ 098131435 表單編號A0101 第11頁/共16頁 0982053934-0[0042] forwarding the UDP packet sent by the WAN client computer to the [ανfeeder S10 [0043] receiving the response packet S11 of the LAN server [0044] determining whether the received response packet is an ICMP 埠 unreachable packet S12 [0047] [0047] 098131435 forward it to the WAN client computer for processing S13 to determine whether it is a normal response packet S14 to discard this response packet and notify the log system to record the UDP 璋 scan event S15 0982053934- 0 Form No. A0101 Page 10 of 16 201112675 [0048] Discard this response packet S16 Ο 098 098131435 Form No. A0101 Page 11 of 16 0982053934-0

Claims (1)

201112675 七 098131435 申請專利範圍: .^鱗路由器,該無線路由时袭有日《統並分別與 二广N用戶端電腦以及至少〜台un端伺服器相連 ,所述的無線路由器包括: 柄、、且,用於當WA㈣戶端電腦發送耐埠掃描封包時 ,將此封包轉發至LAN端伺服器; 接收模組,用於接收來自LAN端飼服器的回應封包. ΙΓΓ,用於根據所接收的回應封包的報文格式判斷所 接收的回應封包是不是ICMP埠無法到達封包; 所述的判斷模組還用於當該回應封 p 到達封包疋不是正常的回應封包; 保護模組,用於當該回應封包yCMp蜂無法到達封包且 常的回應封包時,將此回應封包丢棄,並通知曰該 糸統S己錄此次埠掃描事件。 ;;: • 範圍^項所述·線路由器,所述的保護模 組還用於當該封包是ICMP埠無法到 應封包時’將此回應封包丢棄。、疋正常的回 ·=利申請範園第1項所述之無線路由器,所述的轉發模 :且還用於當該回應封包不是ICMP痒無法到達封包時將 該回應封包轉發至WAN用戶端電腦處理。 -種利用無線㈣惡轉料方法 由器安裝有日以統並分別與至少—她㈣戶蠕電^ 及至少一台LAN端伺服器相連,該方法包括步驟:膝 &當電腦細DP卿描封包時,無線路由哭 表軍編號AOJ0J 第12頁/共】6頁 0982053934-0 201112675 將該UDP埠掃描封包轉發至LAN端伺服器; b.無線路由器接收LAN端伺服器的回應封包; C .根據所接收的回應封包的報文格式判斷所接收的回應 封包是否為IC Μ P璋無法到達封包; d. 當所接收的回應封包是ICMP埠無法到達封包時,根據 此回應封包的連線記錄,判斷此回應封包是否是正常的回 應封包; Ο e. 當此回應封包不是正常的回應封包時,將此回應封包 丟棄,通知曰誌系統記錄此次UDP埠掃描事件。 如專利申請範圍第4項所述之利用無線路由器預防惡意掃 描的方法,該方法還包括步驟: 當所接收的回應封包不是ICMP埠無法到達封包時,將此 回應封包轉發給WAN用戶端電腦進行處理。 如專利申請範圍第4項所述之利用無線路由器預防惡意掃 描的方法,該方法還包括: Ο 當此回應封包是IC Μ P埠無法到達封包且是正常的回應封 包時,將此回應封包丟棄。 098131435 表單編號Α0101 第13頁/共16頁 0982053934-0201112675 七098131435 Patent application scope: .^ scale router, the wireless router hits the day and is connected to the second wide N client computer and at least ~ unend server respectively, the wireless router includes: handle, And, when the WA (four) client computer sends the tamper-evident scanning packet, the packet is forwarded to the LAN server; the receiving module is configured to receive the response packet from the LAN server. ΙΓΓ, according to the received The response packet format of the response packet determines whether the received response packet is not reachable by the ICMP packet; the determining module is further configured to: when the response packet p arrives at the packet, the response packet is not normal; the protection module is used for When the response packet yCMp cannot reach the packet and responds to the packet frequently, the response packet is discarded, and the system S has been notified that the scan event has been recorded. ;;: • The range of the line router, the protection module is also used to discard the response packet when the packet is ICMP 埠 unable to reach the packet.疋 疋 疋 = = 申请 申请 申请 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线 无线Computer processing. - The use of wireless (four) evil transfer method is installed by the device and connected with at least - her (four) household creeper ^ and at least one LAN end server, the method includes the steps: knee & when the computer fine DP Qing When the package is drawn, the wireless routing crying army number AOJ0J page 12/total] 6 pages 0992053934-0 201112675 forwards the UDP scan packet to the LAN server; b. the wireless router receives the response packet from the LAN server; According to the received message format of the response packet, it is judged whether the received response packet is an IC Μ P璋 cannot reach the packet; d. When the received response packet is ICMP 埠 unable to reach the packet, the response packet is connected according to the response packet Record, determine whether the response packet is a normal response packet; Ο e. When the response packet is not a normal response packet, discard the response packet and notify the system to record the UDP scan event. The method for preventing malicious scanning by using a wireless router according to the fourth aspect of the patent application, the method further comprising the steps of: forwarding the response packet to the WAN client computer when the received response packet is not ICMP 埠 unable to reach the packet; deal with. The method for preventing malicious scanning by using a wireless router according to the fourth aspect of the patent application, the method further includes: 丢弃 discarding the response packet when the response packet is an IC Μ P埠 unable to reach the packet and is a normal response packet . 098131435 Form No. Α0101 Page 13 of 16 0982053934-0
TW98131435A 2009-09-18 2009-09-18 Wireless routers and method for preventing malicious scanning by using the wireless routers TWI410080B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98131435A TWI410080B (en) 2009-09-18 2009-09-18 Wireless routers and method for preventing malicious scanning by using the wireless routers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98131435A TWI410080B (en) 2009-09-18 2009-09-18 Wireless routers and method for preventing malicious scanning by using the wireless routers

Publications (2)

Publication Number Publication Date
TW201112675A true TW201112675A (en) 2011-04-01
TWI410080B TWI410080B (en) 2013-09-21

Family

ID=44909331

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98131435A TWI410080B (en) 2009-09-18 2009-09-18 Wireless routers and method for preventing malicious scanning by using the wireless routers

Country Status (1)

Country Link
TW (1) TWI410080B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205105A (en) * 2020-09-01 2022-03-18 威联通科技股份有限公司 Network malicious behavior detection method and switching system using same

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6957348B1 (en) * 2000-01-10 2005-10-18 Ncircle Network Security, Inc. Interoperability of vulnerability and intrusion detection systems
GB0022485D0 (en) * 2000-09-13 2000-11-01 Apl Financial Services Oversea Monitoring network activity
US7290283B2 (en) * 2001-01-31 2007-10-30 Lancope, Inc. Network port profiling
US8438241B2 (en) * 2001-08-14 2013-05-07 Cisco Technology, Inc. Detecting and protecting against worm traffic on a network

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205105A (en) * 2020-09-01 2022-03-18 威联通科技股份有限公司 Network malicious behavior detection method and switching system using same

Also Published As

Publication number Publication date
TWI410080B (en) 2013-09-21

Similar Documents

Publication Publication Date Title
US11489858B2 (en) Malware detection for proxy server networks
EP2127313B1 (en) A containment mechanism for potentially contaminated end systems
US8261351B1 (en) DNS flood protection platform for a network
US8112801B2 (en) Method and apparatus for detecting malware
CN107710680B (en) Method and device for sending network attack defense strategy and network attack defense
US8874723B2 (en) Source detection device for detecting a source of sending a virus and/or a DNS attack linked to an application, method thereof, and program thereof
US7818795B1 (en) Per-port protection against denial-of-service and distributed denial-of-service attacks
US20190058731A1 (en) User-side detection and containment of arp spoofing attacks
WO2008131658A1 (en) Method and device for dhcp snooping
US7773540B1 (en) Methods, system and apparatus preventing network and device identification
Hugelshofer et al. OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
WO2011020254A1 (en) Method and device for preventing network attacks
Kavisankar et al. A mitigation model for TCP SYN flooding with IP spoofing
US20080168563A1 (en) Storage medium storing terminal identifying program terminal identifying apparatus, and mail system
WO2019096104A1 (en) Attack prevention
TW201132055A (en) Routing device and related packet processing circuit
JP5596626B2 (en) DoS attack detection method and DoS attack detection device
TW201112675A (en) Wireless routers and method for preventing malicious scanning by using the wireless routers
JP5385867B2 (en) Data transfer apparatus and access analysis method
KR101188308B1 (en) Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor
Shing An improved tarpit for network deception
JP3784799B2 (en) Attack packet protection system
JP4280245B2 (en) Flood attack prevention method and apparatus
Fleizach et al. Slicing spam with occam's razor
JP2008028720A (en) Ip network apparatus capable of controlling send side ip address arrogating ip packet, and send side ip address arrogating ip packet control method

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees