WO2013091407A1 - Procédé de filtrage de commande telnet et dispositif et système de sécurité de réseau - Google Patents

Procédé de filtrage de commande telnet et dispositif et système de sécurité de réseau Download PDF

Info

Publication number
WO2013091407A1
WO2013091407A1 PCT/CN2012/081546 CN2012081546W WO2013091407A1 WO 2013091407 A1 WO2013091407 A1 WO 2013091407A1 CN 2012081546 W CN2012081546 W CN 2012081546W WO 2013091407 A1 WO2013091407 A1 WO 2013091407A1
Authority
WO
WIPO (PCT)
Prior art keywords
command
character
telnet
client
server
Prior art date
Application number
PCT/CN2012/081546
Other languages
English (en)
Chinese (zh)
Inventor
薛智慧
李世光
蒋武
吴功伟
Original Assignee
华为数字技术(成都)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为数字技术(成都)有限公司 filed Critical 华为数字技术(成都)有限公司
Publication of WO2013091407A1 publication Critical patent/WO2013091407A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/08Protocols specially adapted for terminal emulation, e.g. Telnet

Definitions

  • Telnet command filtering method Telnet command filtering method, network security device and system.
  • the application is filed on December 23, 2011, the Chinese Patent Office, the application number is 201110437645.8, and the invention name is "Telnet command filtering method, network security device and system".
  • Priority is hereby incorporated by reference in its entirety.
  • the embodiments of the present invention relate to the field of network security technologies, and in particular, to a Telnet command filtering method, a network security device, and a system. Background technique
  • Telnet is the standard protocol and main method for Internet remote login services. It provides users with the ability to complete remote host work on local clients.
  • the user can install the Telnet program on the client. If the user needs to remotely manage the server, the Telnet program on the client can be started, and the commands required by the server are input in the Telnet program. After being transmitted to the server, it can be run on the server. For the user, these commands are just as input directly on the console of the server, which is very convenient. However, the user may be mishandled in some cases, and the commands sent by the client to the server may cause the server to crash.
  • the embodiment of the invention provides a Telnet command filtering method, a network security device and a system, so as to ensure reliable operation of the server when the user sends a command to the server through the Telnet program on the client.
  • An embodiment of the present invention provides a method for filtering a Telnet command, including: Obtain each line of Telnet commands sent by the client to the server from the client and server interaction messages;
  • the Telnet command is a command that needs to be blocked. If the recognition result is that the Telnet command is a command that needs to be blocked, the Telnet command is filtered.
  • An embodiment of the present invention provides a network security device, which is deployed between a client and a server, and the network security device includes:
  • the command obtaining module is configured to obtain, according to the interaction message between the client and the server, each line of the Nett command sent by the client to the server;
  • a content identification module configured to identify content of the Telnet command
  • the filtering processing module is configured to filter the Telnet command if the telnet command is a command that needs to be blocked.
  • An embodiment of the present invention provides a network security system, including: a client, a network security device, and a server that are sequentially connected, wherein the network security device uses the network security device.
  • the network security device can obtain each line of Telnet commands sent from the client to the server, and then can identify the content of the Telnet command, and once the Telnet command is identified, the need to affect the normal operation of the server is If the command is blocked, the network security device can filter the Telnet command to ensure reliable operation of the server.
  • Embodiment 1 is a flowchart of Embodiment 1 of a Telnet command filtering method according to the present invention
  • FIG. 2 is a flowchart of Embodiment 2 of a Telnet command filtering method according to the present invention
  • FIG. 3 is a schematic diagram of a network architecture applied in Embodiment 2 of the method shown in FIG. 2; 4 is a signaling flowchart of Embodiment 3 of a Telnet command filtering method according to the present invention;
  • FIG. 5 is a schematic structural diagram of Embodiment 1 of a network security device according to the present invention.
  • Embodiment 2 of a network security device according to the present invention
  • Embodiment 7 is a schematic structural diagram of Embodiment 3 of a network security device according to the present invention.
  • FIG. 8 is a schematic structural diagram of an embodiment of a network security system according to the present invention. detailed description
  • Embodiment 1 is a flowchart of Embodiment 1 of a Telnet command filtering method according to the present invention. As shown in FIG. 1, the method in this embodiment may include:
  • Step 101 Obtain, from the interaction message between the client and the server, a Telnet command sent by the client to the server.
  • a network security device such as a gateway device or a firewall, may be deployed between the client and the server, and each row of Telnet commands sent by the client to the server may be obtained from the interaction message between the client and the server.
  • This Telnet command is the command that the user enters through the Telnet program installed on the client.
  • Step 102 Identify content of the Telnet command.
  • the network security device can identify the content of the Telnet command to know the commands that the user needs to execute the server.
  • Step 103 If the Telnet command is a command that needs to be blocked, the Telnet command is filtered.
  • the network security device may perform filtering processing on the Telnet command. It should be noted that the need to be The blocked command is a preset command that may affect the normal operation of the server. Those skilled in the art can set the command to be blocked according to the needs and the network security level.
  • the network security device can obtain each line of Telnet commands sent from the client to the server, and then can identify the content of the Telnet command. Once the Telnet command is identified, the need to affect the normal operation of the server is blocked. If the command is broken, the network security device can come over the Telnet command to ensure reliable operation of the server.
  • Step 101 in the method embodiment shown in FIG. 1 can be implemented by using two specific technical solutions.
  • the two specific technical solutions will be described in detail below.
  • the default is to send a Telnet command to the server in a single-character manner, that is, the single-character mode is used by default when the client negotiates with the server.
  • the client sends a Telnet command containing three characters "ABC" to the server.
  • the client sends the character "A” to the network security device, and the network security device caches the character "A” and the character "A”.
  • Sent to the server then the client can send "B" to the network security device, and the network security device sends "B" to the server.
  • the server since the server generally has the Lenovo function, once the server receives the Telnet command containing the two characters "AB”, the server can associate the Telnet command containing the three characters "ABC", so the server can execute "ABC”. This telnet command.
  • the cached Telnet command is "AB”
  • the "AB” Telnet command may be the allowed command.
  • the "ABC” Telnet command may be the command that needs to be blocked. Therefore, network security devices cannot guarantee reliable operation of the server.
  • the network security device can modify the default single-character mode to be in the process of the client and the server performing the option negotiation.
  • the line mode that is, the client sends a Telnet command to the server one line at a time, and then the network security device can send the negotiation option to the client mode and the server.
  • the client sends a Telnet command containing the three characters "ABC" to the server.
  • the client does not send a single character such as the character "A" or "B” to the network security device in the line mode.
  • Telnet command with three characters containing "ABC” After the input is complete, the Telnet command is sent to the network security device. Therefore, the network security device can obtain the complete Telnet command, so that only the packet containing the Telnet command needs to be parsed, and the content of the Telnet command can be obtained. Therefore, the Telnet command is reliably filtered to ensure reliable operation of the server.
  • the network security device can act as a proxy, and the network security device can establish a connection with the client and the server respectively, and perform Telnet negotiation options with the client and the server respectively, so that the client uses one line at a time.
  • Line mode sends a Telnet command to the server.
  • the client can still send Telnet commands to the server using the default single-character mode in the prior art.
  • the network security device can record the command characters input by the client and the command characters returned by the server according to the command characters during the interaction between the client and the server, and the command characters input by the client and the command characters returned by the server. Performing a comparison analysis to restore the content of each Telnet command input by the client, thereby identifying the Telnet command that the user needs to perform the server, and then filtering the Telnet command.
  • the network security device may receive the first command character input by the client and cache, send the first command character to the server, and receive a second command character that is displayed by the server according to the first command character; the network security device may Comparing the first command character and the second command character.
  • the network security device may add the first command character to the end of the regular character of the Telnet command to be executed by the client; if the first command character is a control character and the second command character is a regular character, the server has confirmed that the server has confirmed The specific Telnet command, therefore, the network security device can add the second command character to the end of the regular character of the Telnet command to be executed by the client, and determine that the server has learned the Telnet command to be executed; optionally, in order to Improve the accuracy of command recognition, if the second command character and the first life And control characters are different character, then the Telnet server command execution were treated Lenovo server but not sure you want to perform specific Telnet command, the network security device The first command character and the second command character can be added to the end of the Telnet command to be executed by the client; after the user completes the input of the Telnet command, the enter character can be input through
  • the network security device extracts the cached characters (that is, the Telnet command to be executed sequentially added) as a row of Telnet obtained by the restore.
  • the command can identify the content of each Telnet command obtained by the restore to determine whether the Telnet command contains the command keyword to be blocked. If it is included, the network security device can convert the carriage return character to a non-command character. . Since the server does not recognize non-command characters, the non-command character is invalid for the server. Accordingly, the server will not execute the Telnet command, thereby ensuring reliable operation of the server.
  • the regular characters can be 26 letters of a ⁇ z
  • the control characters can be tab, space, upper and lower direction keys corresponding operations.
  • Characters, etc. instead of command characters, can be used for ' , , ' : , , '! , and so on.
  • a person skilled in the art can know the conventional characters, control characters, and non-command characters that are required to be used according to the general knowledge, which is not limited herein.
  • FIG. 2 is a flowchart of a second embodiment of a method for filtering a Telnet command according to the present invention.
  • FIG. 3 is a schematic diagram of a network architecture applied to the second embodiment of the method shown in FIG. 2. As shown in FIG. 2 and FIG. The technical solution of the foregoing solution is implemented.
  • the method in this embodiment may include:
  • Step 201 The client sends a system packet (hereinafter referred to as SYN) to the network security device.
  • SYN system packet
  • SYN ACK system response packet
  • Step 203 The client sends a response to the network security device (hereinafter referred to as ACK).
  • the network security device can perform a three-way handshake with the client as a proxy server.
  • Step 204 The network security device sends a SYN packet to the server.
  • Step 205 The server sends a SYN ACK packet to the network security device.
  • Step 206 The network security device sends an ACK packet to the server.
  • the network security device can perform a three-way handshake with the server as a proxy client.
  • Step 207 The client sends an option negotiation request message to the network security device.
  • the line mode option is not included in the option negotiation request message.
  • the client Before the client sends a Telnet command to the server, it needs to negotiate with the server to negotiate the Telnet command in line mode or single-character mode.
  • the network security device can confirm whether the option negotiation request message contains line mode options, such as whether to include the option 'WILL LINEMODE'. In the existing default case, the option negotiation message does not include the line mode option, which is transmitted by default in single-character mode.
  • Step 208 The network security device sends an option negotiation message to the client and the server.
  • the line mode option is included in the option negotiation message.
  • the network security device can serve as a proxy server to reply an option negotiation message to the client, and the option negotiation message can include The WILL LINEMODE' option causes the client to know that the server is requesting to transfer Telnet commands in line mode.
  • the network security device can send the option negotiation message to the server as a proxy client, so that the server knows that the client requests to transmit the Telnet command in a row mode.
  • the network security device acts as a proxy, and negotiates the manner in which the Telnet command is sent between the client and the server in a row mode, that is, the client sends the Telnet command one line at a time.
  • Step 209 The network security device receives the command message of the Telnet command sent by the client in the line mode.
  • Step 210 The network security device parses the command packet, extracts the Telnet command, and matches the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command matches the content in the command content set, The Telnet command is discarded.
  • the network security device may also identify whether the content of the Telnet command includes a command keyword to be blocked, and if so, the Telnet command is required. The blocked command, therefore, the network security device can discard the Telnet command.
  • the network security device can act as a proxy to negotiate options on the mode in which the client transmits the Telnet command to the server, so that the client can transmit the Telnet command to the server in the row mode.
  • the network security device can obtain a complete and accurate Telnet command, so that the Telnet command can be identified to block the Telnet command that may affect the normal operation of the server. In turn, the server is guaranteed to operate reliably.
  • the method in this embodiment is specifically used to implement the technical solution described in the foregoing solution 2.
  • the method in this embodiment may include:
  • Step 401 Perform a three-way handshake between the client and the server.
  • Step 402 The client and the server perform option negotiation.
  • the client can send a Telnet command to the server using the default single-character mode.
  • Step 403 The client sends the character "m" to the server through the network security device;
  • the network security device can cache the character "m" locally.
  • Step 404 The server echoes the character "m" to the client through the network security device.
  • the network security device finds the echoed character "m" by comparison with the character sent before the client.
  • the network security device can confirm that the character "m” is a character in the Telnet command that the user needs to execute, then the network security device can record the character.
  • Step 405 The client sends the character "0" to the server through the network security device;
  • the network security device can cache the character "0" locally.
  • Step 406 The server echoes the character "o" to the client through the network security device.
  • the network security device finds that the echoed character "0" is the same as the character "0" sent by the client before the comparison, which is a regular character.
  • the network security device can confirm that the character “0” is the Telnet command required by the user. One character in , then the network security device can record the character “o” in After the character "m”, the character “mo” is generated.
  • Step 407 The client sends the character " ⁇ t" to the server through the network security device;
  • the client When the user presses the Tab key, the client sends the corresponding operator to the server: the character " ⁇ t".
  • the network security device can cache the character " ⁇ t" locally.
  • Step 408 The server echoes the character " ⁇ a" to the client through the network security device.
  • the network security device finds that the echoed character " ⁇ a" is different from the character " ⁇ t" sent by the client before the comparison, and both are control characters, then the network security device can learn that the server has been associated, and determine this time. The server did not determine the specific command to execute. At this point, the network security device can record the character " ⁇ t ⁇ a" at the end of the Telnet command, that is, after the character "o", to generate the character "mo ⁇ t ⁇ a".
  • Step 409 The client sends a character "r" to the server through the network security device;
  • the network security device can cache the character "r" locally.
  • Step 410 The server echoes the character "r" to the client through the network security device.
  • the network security device finds that the echoed character "r" is the same as the character "r” sent by the client before the comparison, and both are regular characters.
  • the network security device can confirm that the character “r” is the Telnet required by the user. A character in the command, then the network security device can record the character “r” at the end of the regular character, that is, after "0", and generate the character "mor ⁇ t ⁇ a".
  • Step 411 The client sends the character “ ⁇ t” to the server through the network security device;
  • the network security device can cache the character " ⁇ t" locally.
  • Step 412 The server echoes the character "e" to the client through the network security device.
  • the network security device After the network security device finds that the echoed character "e” is a regular character, and the character “ ⁇ t” sent by the client is a control character, the network security device can confirm that the server has learned the specific execution of the user. Command, the character “e” is a character in the Telnet command that the user needs to execute. At this time, the network security device can record the character “e” at the end of the regular character, that is, after the "r", generate the character. "more ⁇ t ⁇ a" repetition
  • the network security device can restore and obtain the Telnet command entered by the user through the client as "more".
  • Step 413 The client sends a carriage return character to the server through the network security device.
  • the network security device can learn that the user confirms to execute the Telnet command.
  • the network security device can recognize whether the Telnet command "more" contains the command keyword to be blocked. If it is included, the network security device can press Enter. Characters are converted to non-command characters, for example converted to "(", and will be "(" sent to the server, for the server, it is an invalid command, the server will not execute the Telnet command "more".
  • the network security device may further match the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command matches the content in the command content set, the Telnet command is required. Blocked commands.
  • the network security device can restore each line of Telnet commands transmitted by the client to the server by recording and analyzing the interactive characters during the interaction between the client and the server in the single-character mode.
  • the content of the Telnet command is identified to block Telnet commands that may affect the normal operation of the server, thereby ensuring reliable operation of the server.
  • FIG. 5 is a schematic structural diagram of Embodiment 1 of a network security device according to the present invention.
  • the network security device in this embodiment may be deployed between a client and a server, and the network security device may include: a command obtaining module 11
  • the content identification module 12 and the filtering processing module 13 are configured to: obtain, from the interaction message between the client and the server, each Telnet command sent by the client to the server; the content identification module 12 is configured to The content of the Telnet command is identified.
  • the filtering processing module 13 is configured to filter the Telnet command if the Telnet command is a command that needs to be blocked.
  • the device, the network security device of this embodiment may be used to perform the method of the method embodiment shown in FIG. 1, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • Figure 6 is a schematic structural diagram of Embodiment 2 of the network security device of the present invention.
  • the device in this embodiment is based on the device shown in Figure 5.
  • the command obtaining module 11 may include: an option negotiation processing unit. And the command obtaining unit 112, wherein the option negotiation processing unit 111 is configured to receive an option negotiation request message sent by the client before sending the command message, where the option negotiation request message does not include a line mode option; Send options to the client and the server a negotiation packet, where the option negotiation message includes the line mode option; the command obtaining unit 11 is configured to receive a command message sent by the client, where the command message includes the client usage line
  • the Telnet command sent by the mode is configured to parse the command packet to obtain a Telnet command.
  • the filtering processing module 13 is configured to discard the Telnet command if the Telnet command is a command that needs to be blocked.
  • the content identification module 12 may include: a storage unit 121 and a matching identification unit 122, where the storage unit 121 is configured to store a command content set that needs to be blocked and/or a command keyword that needs to be blocked;
  • the unit 122 is configured to match and match the content of the Telnet command with the command content set that needs to be blocked. If the content of the Telnet command is the same as the content of at least one command content in the command content set that needs to be blocked, Determining that the Telnet command is a command that needs to be blocked; or determining whether the content of the Telnet command includes a command keyword to be blocked, and if the command keyword to be blocked is included, determining the Telnet The command is a command that needs to be blocked.
  • the network security device in this embodiment may be used to perform the method in the method embodiment shown in FIG. 2, and the implementation principle and technical effects are similar, and details are not described herein again.
  • FIG. 7 is a schematic structural diagram of Embodiment 3 of the network security device of the present invention.
  • the device in this embodiment is based on the device shown in FIG. 5, and further, the command obtaining module 11 may include: a character acquiring unit 113. And a command recovery unit 114, wherein the character obtaining unit 113 is configured to extract a first command character input by the client from the packet sent by the client to the server, and cache the first command character, and send the first command character to the server.
  • the command restoring unit 114 is configured to: if the second command character is the same as the first command character and If the first command character is a regular character, the first command character is added to the end of the regular character in the Telnet command to be executed, and the initial content of the Telnet command to be executed is null; if the first command character is a control character And the second command character is a regular character, and the second command character is added to the tail of the regular character of the Telnet command to be executed by the client.
  • the filtering processing module 13 is specifically configured to: if the recognition result is that the Telnet command is a command that needs to be blocked, convert the carriage return character into a non-command character, and send the non-command character to the server.
  • the command restoring unit 114 is further configured to: add the first command character and the second command character to the client to be executed if the second command character is different from the first command character and is a control character The tail of the telnet command.
  • the content identification module 12 may specifically include: a storage unit 121 and a matching identification unit 122, wherein the storage unit 121 is configured to store a command content set that needs to be blocked and/or a command keyword that needs to be blocked; the matching identification unit 122 And matching, the content of the Telnet command is matched with the command content set that needs to be blocked, and if the content of the Telnet command is the same as the content of at least one command in the command content set that needs to be blocked, determining The Telnet command is a command that needs to be blocked; or, the content of the Telnet command is included in the content of the Telnet command, and if the command keyword to be blocked is included, the Telnet command is determined to be The command that needs to be blocked.
  • the network security device in this embodiment may be used to perform the method in the method embodiment shown in FIG. 4, and the implementation principle and technical effects are similar, and details are not described herein again.
  • FIG. 8 is a schematic structural diagram of an embodiment of a network security system according to the present invention.
  • the system in this embodiment may include: a client 1, a network security device 2, and a server 3 connected in sequence, wherein the network security device 2 may ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI> ⁇ / RTI>

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un procédé de filtrage de commande Telnet et un dispositif et un système de sécurité de réseau. Le procédé de filtrage de commande Telnet consiste à : obtenir, à partir d'un message d'interaction entre un client et un serveur, chaque ligne d'une commande Telnet envoyée par le client au serveur; identifier un contenu de la commande Telnet; et si le résultat d'identification indique que la commande Telnet doit être bloquée, effectuer un traitement de filtrage sur la commande Telnet. Selon le mode de réalisation de la présente invention, le dispositif de sécurité de réseau peut obtenir une commande Telnet envoyée par le client au serveur et peut ensuite identifier un contenu de la commande Telnet; une fois que la commande Telnet est identifiée comme étant une commande qui peut affecter le fonctionnement normal du serveur et doit être bloquée, le dispositif de sécurité de réseau peut éliminer par filtrage la commande Telnet, ce qui permet d'assurer un fonctionnement fiable du serveur.
PCT/CN2012/081546 2011-12-23 2012-09-18 Procédé de filtrage de commande telnet et dispositif et système de sécurité de réseau WO2013091407A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110437645.8A CN102546606B (zh) 2011-12-23 2011-12-23 Telnet命令过滤方法、网络安全设备和系统
CN201110437645.8 2011-12-23

Publications (1)

Publication Number Publication Date
WO2013091407A1 true WO2013091407A1 (fr) 2013-06-27

Family

ID=46352568

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/081546 WO2013091407A1 (fr) 2011-12-23 2012-09-18 Procédé de filtrage de commande telnet et dispositif et système de sécurité de réseau

Country Status (2)

Country Link
CN (1) CN102546606B (fr)
WO (1) WO2013091407A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973782A (zh) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 一种基于黑名单命令设置的运维操作控制系统及其方法
CN103647826B (zh) * 2013-12-10 2017-04-12 国家电网公司 一种Telnet模式下指令级用户权限控制方法

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546606B (zh) * 2011-12-23 2014-12-31 华为数字技术(成都)有限公司 Telnet命令过滤方法、网络安全设备和系统
CN102857520B (zh) * 2012-10-11 2015-09-30 德讯科技股份有限公司 一种字符终端Telnet协议安全访问系统及方法
CN111404889B (zh) * 2020-03-05 2023-06-09 网宿科技股份有限公司 审计方法及装置、客户端
CN112261048A (zh) * 2020-10-22 2021-01-22 广州锦行网络科技有限公司 一种基于PuTTY的命令行行为实时阻断方法
CN117688555A (zh) * 2024-02-02 2024-03-12 深圳昂楷科技有限公司 数据库的控制方法、装置、终端设备以及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070203973A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Fuzzing Requests And Responses Using A Proxy
CN101459660A (zh) * 2007-12-13 2009-06-17 国际商业机器公司 用于集成多个威胁安全服务的方法及其设备
CN101562603A (zh) * 2008-04-17 2009-10-21 北京启明星辰信息技术股份有限公司 一种通过回显解析telnet协议的方法及系统
CN102546606A (zh) * 2011-12-23 2012-07-04 成都市华为赛门铁克科技有限公司 Telnet命令过滤方法、网络安全设备和系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070203973A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Fuzzing Requests And Responses Using A Proxy
CN101459660A (zh) * 2007-12-13 2009-06-17 国际商业机器公司 用于集成多个威胁安全服务的方法及其设备
CN101562603A (zh) * 2008-04-17 2009-10-21 北京启明星辰信息技术股份有限公司 一种通过回显解析telnet协议的方法及系统
CN102546606A (zh) * 2011-12-23 2012-07-04 成都市华为赛门铁克科技有限公司 Telnet命令过滤方法、网络安全设备和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647826B (zh) * 2013-12-10 2017-04-12 国家电网公司 一种Telnet模式下指令级用户权限控制方法
CN103973782A (zh) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 一种基于黑名单命令设置的运维操作控制系统及其方法

Also Published As

Publication number Publication date
CN102546606A (zh) 2012-07-04
CN102546606B (zh) 2014-12-31

Similar Documents

Publication Publication Date Title
WO2013091407A1 (fr) Procédé de filtrage de commande telnet et dispositif et système de sécurité de réseau
US8935419B2 (en) Filtering device for detecting HTTP request and disconnecting TCP connection
US9251194B2 (en) Automatic data request recovery after session failure
WO2016082371A1 (fr) Procédé et système d'analyse de session sur la base d'un protocole ssh
US20080184354A1 (en) Single sign-on system, information terminal device, single sign-on server, single sign-on utilization method, storage medium, and data signal
JP5810761B2 (ja) 処理制御サーバーおよび処理制御方法
US20110194133A1 (en) Image forming apparatus, control method for the same, and storage medium for program
US20150013005A1 (en) Apparatus and method for detecting an attack in a computer network
US20100287270A1 (en) Control proxy apparatus and control proxy method
US10333931B2 (en) Information processing apparatus, control method, and storage medium capable of transition to a power safe mode
JP2012146197A (ja) 印刷支援装置及び印刷システム並びに印刷支援プログラム
WO2011047626A1 (fr) Procédé d'interaction de commande à distance et hôte bastion correspondant
US8763151B2 (en) Mediation processing method, mediation apparatus and system
JP6548445B2 (ja) 通信装置、通信方法及びプログラム
US10554723B2 (en) HTTP server, method for controlling the same, and image forming apparatus
JP5328472B2 (ja) ネットワーク通信装置及び方法とプログラム
CN108924061B (zh) 一种应用识别及管理方法、系统及相关装置
JP2006309642A (ja) プロトコル変換装置及びプロトコル変換プログラム
JP2010191848A (ja) 通信システム、送信装置、受信装置、及びプログラム
WO2016184025A1 (fr) Procédé et appareil de gestion de dispositif
CN115664686A (zh) 一种登录方法、装置、计算机设备和存储介质
JP4001047B2 (ja) 中継装置
EP3176986A1 (fr) Procédé, dispositif et système permettant à une passerelle de protocole de bureau à distance d'effectuer un routage et une commutation
JP2015049745A (ja) サーバ装置、情報処理方法、及びプログラム
JP4329719B2 (ja) Sipプロキシサーバ

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12859537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12859537

Country of ref document: EP

Kind code of ref document: A1