CN106507363A - A kind of method for finding fishing access point - Google Patents
A kind of method for finding fishing access point Download PDFInfo
- Publication number
- CN106507363A CN106507363A CN201710010929.6A CN201710010929A CN106507363A CN 106507363 A CN106507363 A CN 106507363A CN 201710010929 A CN201710010929 A CN 201710010929A CN 106507363 A CN106507363 A CN 106507363A
- Authority
- CN
- China
- Prior art keywords
- message
- access point
- fishing
- wlan
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000001514 detection method Methods 0.000 claims abstract description 79
- 239000000523 sample Substances 0.000 claims abstract description 41
- 238000010835 comparative analysis Methods 0.000 claims abstract description 8
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 claims description 39
- 238000012360 testing method Methods 0.000 claims description 22
- 238000001914 filtration Methods 0.000 claims description 13
- 230000000694 effects Effects 0.000 abstract description 4
- 238000004458 analytical method Methods 0.000 description 15
- 238000013461 design Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000009975 flexible effect Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 241000251468 Actinopterygii Species 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009432 framing Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of method for finding fishing access point, for quickly finding the fishing WAP in WLAN, including:Collect the message in WLAN;Obtain the message characteristic information of message;Collect statistics information;Information comparative analysis;Judge fishing access point.The present invention can quickly have found the fishing WAP in WLAN, the safety of effective protection custom system.User side only needs detection fishing access point by wireless probe, not only cost-effective but also be easy to cover the all-network environment of user by arranging multiple wireless probes.User side can achieve detection by sending message to the server for detecting fishing access point, convenient to use.In addition, server end accurately judges access point of going fishing by Multiple detection.Also, the present invention can intuitively show radio related information and fishing access point.The detection efficiency of the present invention and high precision, effect are good.
Description
Technical field
A kind of the present invention relates to computer network field, more particularly to method for finding fishing access point.
Background technology
With computer technology and the high speed development of the network communications technology, computer network extensively should in every field
With drastically increasing the operating efficiency of people so that clothing, food, lodging and transportion -- basic necessities of life become more convenient.People at earth two ends pass through interconnection
Net can just be exchanged each other's needs.But while internet brings huge interests, offender by go fishing access point come
User account information and fund is stolen, and huge loss is brought to the normal users using network.Due to Internet communication speed
Hurry up, even if firewall software and antivirus software quantity are various, however it remains leak so that offender can utilize these softwares
Leak attacked.In prior art, the safety of whole system is often only protected by fire wall, as long as so hacker is led to
Cross trick user and access fishing access point, the account information of user input oneself, offender just can be believed by the account of user
Normally login system is ceased, so as to bypass fire wall.Using the general principle of fishing access point fishing it is:Nothing in legal arrangement
In line LAN (WLAN), legal wireless access subscriber (STA) sends out probe requests thereby;The echo probe of fishing access point please
Ask;Lure that normal accessing user (STA) is linked on the fishing access point into, realize accessing network function;Flow passes through the fishing
During access point, the fishing access point intercepts and captures customer flow so as to stealing the user profile;Even by user as entrance is attacked, real
Existing illegal objective.Prior art does not propose the technical scheme for detecting fishing access point, can only pass through to change legal accessing user
(STA) configuration come avoid go fishing access point network harm.And legal accessing user (STA) configuration is changed, on the one hand increase and use
The workload at family;On the other hand, for domestic consumer, have no ability to judge whether WAP (AP) is fishing access point
And change configuration.
Obviously this area is in the urgent need to a kind of side of a discovery fishing access point that drawbacks described above can be overcome easily operated
Method.
Content of the invention
It is an object of the present invention to provide a kind of method for finding fishing access point, which quickly can be found in WLAN
Fishing WAP, the safety of effective protection custom system.
The present invention provides a kind of method for finding fishing access point, for quickly finding that the fishing in WLAN is wireless
Access point, including:
The message in WLAN is collected, by cancelling verification of the IEEE802.11 protocol suites to message data link layer
Function collecting message, also,
Obtain the message characteristic information of message, with according to message characteristic information come collection network environment in wireless related letter
Breath, wherein,
Message characteristic information includes BSSID the and SSID information of message;
Collect statistics information, unites to the message characteristic information of all messages in current wireless Local Area Network network environment
Meter;
Information comparative analysis, according to the BSSID from laying WLAN come the BSSID of matching message,
And according to the SSID from laying WLAN come the SSID of matching message, also,
When the BSSID of message is with the BSSID mismatches of laying WLAN certainly and/or the SSID of message and from laying
When the SSID of WLAN is mismatched, output sends the information of the illegal wireless access point of message;
Judge fishing access point, receive the information of illegal wireless access point, to test to illegal wireless access point respectively
Card, to export fishing access point, wherein,
Fishing access point is the illegal wireless access point that checking cannot pass through.
It is preferred that, the method that the present invention is provided wherein, also includes:
Filtering packets before collect statistics information, classify according to message format and filtering packets, to filter out data message.
It is preferred that, the method that the present invention is provided wherein, judges that fishing access point includes:
Compare the information and the default information from laying WAP of illegal wireless access point, to detect wireless access
Whether the message that point sends includes non-from the BSSID for laying WLAN;
When message includes non-when the BSSID of WLAN is laid, the corresponding access point of detection, and export the first detection
As a result, wherein,
If the message that corresponding access point sends is included from the SSID for laying WLAN or as probe requests thereby becomes
The SSID of message is changed, then the first testing result is fishing access point for corresponding access point.
It is preferred that, the method that the present invention is provided wherein, judges that fishing access point includes:
Whether the SSID for detecting WAP is that oneself lays the SSID of WLAN, also,
When the message that WAP sends includes whether detection messages include when the SSID of WLAN is laid
The non-gateway address from laying, and the second testing result is exported, wherein,
When message includes the non-gateway address of laying certainly, the second testing result is fishing access point for corresponding access point.
It is preferred that, the method that the present invention is provided wherein, judges that fishing access point includes:
Detection property message is sent to WAP by wireless client or wireless probe, and exports the 3rd detection knot
Really, wherein,
When receiving detection property message from the network internal that lays, the 3rd testing result is fishing for corresponding access point
Access point.
It is preferred that, the method that the present invention is provided wherein, judges that fishing access point also includes:
Before detection property message is sent, detection property message is built and is input into, wherein,
Detection property message is the message with detection mark voluntarily built according to user's request.
It is preferred that, the method that the present invention is provided, wherein, sending detection property message includes:
Detection property message is sent to wireless probe, also,
Detection property message is sent to WAP by wireless probe, to detect corresponding WAP whether as fishing
Fish access point.
It is preferred that, the method that the present invention is provided also includes:
After fishing access point is judged, fishing access point alarm receives the characteristic information of fishing access point, accordingly will go fishing
The characteristic information of access point is sent to nothing by the way of short message alarm, mail alarm, sound alarm and/or system interface prompting
The custodian of line LAN, to remind custodian manually to investigate access point of going fishing, wherein,
Characteristic information includes the characteristic information of MAC Address, signal strength signal intensity, radio band, working channel and associated terminal.
It is preferred that, the method that the present invention is provided, wherein, filtering packets include:
Real-time reception message;
Keyword in the keyword of matching message and default message table;
By the keyword in message table and corresponding type of message come matching message in keyword, to recognize message
Type of message, wherein, type of message includes managing class message, control class message and data message.
It is preferred that, the method that the present invention is provided also includes:
The characteristic information of WLAN is preset before information comparative analysis, by data-interface from the network of user side
It is obtained from the characteristic information of laying WLAN or wireless local is laid by network manager's typing certainly by input module
The characteristic information of network, wherein,
Include from the characteristic information for laying WLAN from the BSSID for laying WLAN and wireless from laying
The SSID information of LAN.
A kind of method of discovery fishing access point that the present invention is provided, user side detect that fishing connects by only needing wireless probe
Access point, not only cost-effective but also be easy to cover the all-network environment of user by arranging multiple wireless probes.User side
Detection can achieve by sending message to the server for detecting fishing access point, convenient to use.In addition, server end is logical
Cross Multiple detection and accurately judge access point of going fishing.Also, the present invention can intuitively show that radio related information and fishing are accessed
Point.The detection efficiency of the present invention and high precision, effect are good.The present invention greatly improves the security of WLAN, no matter right
Enterprise information security still has lifting to the information security of personal user.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only used for solving
Release the design of the present invention.
The step of Fig. 1 is a kind of method of discovery fishing access point of present invention flow chart;
Fig. 2 is a kind of network design connection diagram of the method for finding fishing access point of the present invention;
Fig. 3 is a kind of schematic block diagram of the method for finding fishing access point of the present invention.
Reference collects:
1st, network 2, gateway 3, router
4th, server 5, fishing access point 6, non-fishing access point
7th, from laying access point wireless probe 8, the wireless probe of transmission detection property message
9th, computer 10, mobile phone 11, input module
12nd, output module 13, analysis module 14, the first packet forwarding module
15th, the second packet forwarding module 16, wireless probe
Specific embodiment
Hereinafter, a kind of embodiment of the method for discovery fishing access point of the present invention is described with reference to the accompanying drawings.
The embodiment that here is recorded is the specific specific embodiment of the present invention, for the design of the present invention is described,
It is explanatory and exemplary, should not be construed as the restriction to embodiment of the present invention and the scope of the invention.Except here record
Implement exception, those skilled in the art can also be based on the application claims and specification disclosure of that using aobvious and
Other technical schemes being clear to, these technical schemes include to here record embodiment make any obvious replacement and
The technical scheme of modification.
The accompanying drawing of this specification is schematic diagram, aids in illustrating the design of the present invention, it is schematically indicated the shape of each several part
And its correlation.
Referring to Fig. 1, a kind of method for finding fishing access point proposed by the present invention is found in WLAN for quick
Fishing WAP, including:
Step S1:The message in WLAN is collected, by cancelling IEEE802.11 protocol suites to message data link
The verifying function of layer collecting message, also,
The message characteristic information of message is obtained, so that radio frequency ring in WLAN 1 is collected according to message characteristic information
The information in border, wherein,
Message characteristic information includes BSSID the and SSID information of message;
Step S2:Collect statistics information, counts to message characteristic information, to count current wireless Local Area Network network 1
The message characteristic information of all messages in environment;
Step S3:Information comparative analysis, according to the BSSID from laying WLAN come the BSSID of matching message,
And according to the SSID from laying WLAN come the SSID of matching message, also,
When the BSSID of message is with the BSSID mismatches of laying WLAN certainly and/or the SSID of message and from laying
When the SSID of WLAN is mismatched, output sends the information of the illegal wireless access point of message;
Step S4:Judge fishing access point 5, receive the information of illegal wireless access point, to access to illegal wireless respectively
Put and verified, to export the characteristic information of fishing access point 5, wherein,
The illegal wireless access point that fishing access point 5 cannot pass through for checking.
In the present embodiment, referring to Fig. 2, wireless probe 16 can be arranged on user side.Packet forwarding module, analysis module
13rd, input module 11 and output module 12 are arranged on server end.Server end can be provided with one or more by network 1
The server 4 being connected with each other.Radio related information can also include radio band and working channel, associated terminal.Detection fishing
One end of the server 4 of access point 5 passes through nothing by being wirelessly or non-wirelessly sequentially connected router 3, gateway 2 and network 1, the other end
Line or wired be sequentially connected router 3 and wireless probe 16, wherein, router 3 and wireless probe 16 can be multiple.From laying
The wireless probe 8 of the wireless probe 7 of access point and transmission detection property message can also be separately provided.Pass through between wireless probe 16
Wirelessly or non-wirelessly network 1 is connected with each other.Can also pass through wirelessly or non-wirelessly to be connected with each other between wireless probe 16 and smart machine,
Wherein, smart machine can be computer 9 or mobile phone 10.
Referring to Fig. 3, in step sl, can receive and send radio related information by wireless probe 16.Wireless probe
16 can be arranged on user side, and wherein, user side can be smart machine, connect wireless probe 16 by smart machine, to connect
Receive and send radio related information.Radio related information includes message and message characteristic information, can also include radio band and
Working channel, associated terminal.The first packet forwarding module 14 is provided with user side, for receiving radio related information and inspection
The property surveyed message, and forward radio related information and detection property message.So only by the first packet forwarding module 14 and
Two packet forwarding module 15 are receiving and send the data between user side and server end, it is easy to accomplish, convenient produce in batches.
By 1 connection server end of network, wherein, server end can be provided with one or more and pass through multiple user sides
The server 4 that network 1 is connected with each other.Input module 11, the second packet forwarding module 15, analysis module is provided with server end
13 and output module 12, wherein, analysis module 13 includes that the WAP authentication module being connected with each other and fishing access point 5 are sentenced
Disconnected module, for collecting the radio related information of the WAP in radio related information, and comparison WLAN 1
With default from lay WLAN WAP radio related information, to judge whether access point is that fishing connects
Access point 5 simultaneously exports analysis result.
In step s 2, collect statistics information can be realized by input module 11, and wherein, input module 11 is used for defeated
Enter the radio related information from the WAP for laying WLAN, and build detection property message.
In step s3, information comparative analysis can be realized by WAP authentication module.Wireless access is examined item by item
Card module can mate the radio related information of the WAP in WLAN 1 and from the nothing for laying WLAN
The radio related information of line access point, and then detect and output illegal wireless access point and corresponding radio related information.
In step s 4, judge that fishing access point 5 can be by 5 judge module of fishing access point of analysis module 13 come real
Existing, wherein, fishing access point 5 judge module connection WAP authentication module can be according to illegal wireless access point and corresponding
Radio related information, and then respectively illegal wireless access point is verified, and exports fishing access point 5, wherein, output is fished
Fish access point 5 can be realized by output module 12.Output module 12, linking parsing module 13, for receiving analysis result,
And show and output analysis result.
The method of the data-interface that input module 11 is provided can voluntarily go design to realize with manufacturer, the webmaster of user network 1
Typically have from BSSID the and SSID data for laying WLAN in data, this data-interface can be with network management data
Docking.Input module 11 can send network management data to analysis module 13, to export fishing access point 5.So so that each
Producer can use the present invention according to the demand of oneself, increased the flexibility for using.
After 16 acquisition information of wireless probe be by probe in the message of packet forwarding module and server end forward mould
Block realizes that the transmission of information, analysis module 13 get the information that probe is reported from server 4.Wireless probe 16 is obtained all
It is 802.11 frames, the packet header of these frames has BSSID, SSID required for wireless telecommunications, analyzes according to 802.11 framing methods
Module 13 goes reverse resolution to peel off BSSID, the SSID being obtained in message.So it is easy to produce in batches, service efficiency is efficient
Really good.
Probe messages can voluntarily be gone to build by the producer of LAN safety guard system, for example with 802.11 agreements
Standard management message, it is that gateway 2, BSSID is detected wireless access that source address is legal wireless client, destination address
The BSSID of point, the specifying information inside message can in order to retain sequence number 43, (standard management message takes less than with configuration information element ID
The 43-49 of reservation), field contents be filled to " Fishing AP Probe ".The realization for building specific message can be according to producer
Demand realizing, as long as possessing detection mark beneficial to detection.Each producer is so enabled to come according to the demand of oneself
Using the present invention, the flexibility for using is increased.
So one side user side only need wireless probe 16 by detection fishing access point 5, not only cost-effective but also just
In covering 1 environment of all-network of user by arranging multiple wireless probes 16;Another aspect wireless probe 16 is by sending
Message can achieve detection to the server 4 for detecting fishing access point 5, convenient to use;In addition, the analysis mould of server end
Block 13 accurately judges access point 5 of going fishing by Multiple detection;In addition, input module 11 facilitates user according to oneself 1 environment of network
Situation carry out setting data, good using flexible effect;Also, output module 12 can intuitively show radio related information and fishing
Fish access point 5, wherein, output module 12 can be printer, display and smart machine.The detection efficiency of the present invention is high, essence
Degree is high, and effect is good.The present invention greatly improves the security of WLAN, no matter to enterprise information security or to personal use
The information security at family has lifting.
The present embodiment wherein, also includes it is further preferred that provide a method that:Filter before collect statistics information
Message, classifies according to message format and filtering packets, to filter out data message.
In the present embodiment, filtering packets can pass through the filtering module for connecting wireless probe 16.Filtering module receives nothing
The radio related information that line probe 16 is collected, and filtering packets non-data message is exported to wireless probe 16.Wireless probe
The 16 non-data messages only after forward filtering.
Non-data message so only in analysis WLAN 1, and the data message of terminal use is not analyzed, and then
Protect the privacy of the user of user side.
The present embodiment is it is further preferred that provide a method that, wherein, judgement fishing access point 5 includes:
Compare the information and the default information from laying WAP of illegal wireless access point, to detect whether as non-
WAP from the BSSID for laying.
When the WAP that WAP is the non-BSSID from laying, corresponding access point is detected, and exports first
Testing result, wherein,
If corresponding access point has from the SSID for laying WLAN or as probe requests thereby converts SSID, the
One testing result is fishing access point 5 for corresponding access point.
In the present embodiment, fishing 5 judge module of access point includes first detection module, and wherein, first detection module is examined
Survey corresponding access point and export the first testing result, and judged according to the first testing result and export fishing access point 5.
The present embodiment is it is further preferred that provide a method that, wherein, judgement fishing access point 5 also includes:
Whether the SSID for detecting WAP is that oneself lays the SSID of WLAN, also,
When the SSID of WAP is detect WAP SSID pair when the SSID of WLAN is laid
Whether the target MAC (Media Access Control) address of the message that answers is non-2 address of gateway from laying, and export the second testing result, wherein,
When the target MAC (Media Access Control) address of the corresponding messages of the SSID of WAP is non-2 address of gateway of laying certainly, second
Testing result is fishing access point 5 for corresponding access point.
In the present embodiment, fishing 5 judge module of access point includes the second detection module, and wherein, the second detection module is examined
Survey corresponding access point and export the second testing result, and judged according to the second testing result and export fishing access point 5.
The present embodiment is it is further preferred that provide a method that, wherein, judgement fishing access point 5 also includes:
Detection property message is sent to WAP by wireless client, and exports the 3rd testing result, wherein,
When receiving detection property message from inside the network 1 that lays, the 3rd testing result is to fish for corresponding access point
Fish access point 5.
In the present embodiment, fishing 5 judge module of access point includes the 3rd detection module, and wherein, the 3rd detection module is examined
Survey corresponding access point and export the 3rd testing result, and judged according to the 3rd testing result and export fishing access point 5.If
Network 1 postpones to cause detection property message dropping, the 3rd detection module retransmit detection property message with time delay.
Analysis module 13 exports fishing respectively by first detection module, the second detection module and the 3rd detection module and accesses
Point 5.So by three re-detections of first detection module, the second detection module and the 3rd detection module, can prevent missing inspection from fishing
Fish access point 5, accuracy of detection are high, substantially increase the security of user.
The present embodiment is it is further preferred that provide a method that, wherein, judgement fishing access point 5 also includes:
Before detection property message is sent, detection property message is built and is input into, wherein,
Detection property message is the message with detection mark voluntarily built according to user's request.
In the present embodiment, build and be input into detection property message to realize by building detection property message module, its
In, build detection property message module linking parsing module 13.Build detection property message module be used for according to default detection mark and
The set location of detection mark adds in messages automatically detection mark.
The present embodiment is it is further preferred that provide a method that, wherein, sending detection property message includes:
Detection property message is sent to wireless probe 16, also,
Detection property message is sent to WAP by wireless probe 16, to detect that whether corresponding WAP be
Fishing access point 5.
So can accurately judge access point 5 of going fishing.In addition, input module 11 facilitates user according to oneself 1 environment of network
Situation come set detection property message, good using flexible effect.Also, so detection efficiency and high precision.
The present embodiment also includes it is further preferred that provide a method that:
After fishing access point 5 is judged, fishing access point 5 is alerted, and receives the characteristic information of fishing access point 5, will be corresponding
The characteristic information of fishing access point 5 is sent out by the way of short message alarm, mail alarm, sound alarm and/or system interface prompting
The custodian of WLAN is given, to remind custodian manually to investigate access point 5 of going fishing, wherein,
Characteristic information includes the characteristic information of MAC Address, signal strength signal intensity, radio band, working channel and associated terminal.
In the present embodiment, the alarm of fishing access point 5 can be realized by alarm module.Alarm module, connection output
Module 12, analysis result is sent to by the way of short message alarm, mail alarm, sound alarm and/or system interface prompting
The custodian of WLAN, to remind custodian manually to investigate access point 5 of going fishing.So when discovery fishing access point
When 5, custodian just manually can be investigated to access point 5 of going fishing in time, drastically increase the security of system.
The present embodiment is it is further preferred that provide a method that, wherein, filtering packets include:
Real-time reception message;
Keyword in the keyword of matching message and default message table;
By the keyword in message table and corresponding type of message come matching message in keyword, to recognize message
Type of message, wherein, type of message includes managing class message, control class message and data message.
In the present embodiment, filtering module can include matching module.Matching module is by the pass in default message table
The keyword that key word and corresponding type of message come in matching message, to recognize the type of message of message, wherein, type of message bag
Include management class message, control class message and data message.
Management so only in analysis WLAN 1, control class message, and do not analyze the datagram of terminal use
Text, and then protect the privacy of the user of user side.
The present embodiment also includes it is further preferred that provide a method that:
The characteristic information of WLAN 1 is preset before information comparative analysis, is obtained from user network 1 by data-interface
Take from the characteristic information of laying WLAN or wireless local is laid by 1 keeper's typing of network certainly by input module 11
The characteristic information of network, wherein,
Include from the characteristic information for laying WLAN from the BSSID for laying WLAN and wireless from laying
The SSID information of LAN.
In the present embodiment, input module 11 can be arranged on user side, and linking parsing module 13 so facilitates user to make
With.
Above a kind of method of discovery fishing access point of the present invention is illustrated.A kind of for the present invention has found
The specific features of the corresponding device of method of fishing access point as shape, size and position can be according to disclosed in above-mentioned feature
Effect carries out specific design, and these designs are that those skilled in the art can realize.And, each technology of above-mentioned disclosure is special
Levy and be not limited to disclosed combining with further feature, those skilled in the art can also carry out each skill according to the purpose of the present invention
Other combinations between art feature, to realize that the purpose of the present invention is defined.
Claims (10)
1. a kind of find fishing access point method, for quickly find WLAN in fishing WAP, including:
The message in WLAN is collected, by cancelling verifying function of the IEEE802.11 protocol suites to message data link layer
To collect the message, also,
Obtain the message characteristic information of the message, with according to message characteristic information come collection network environment in wireless related letter
Breath, wherein,
The message characteristic information includes BSSID the and SSID information of the message;
Collect statistics information, counts to the message characteristic information of all messages in current wireless Local Area Network network environment;
Information comparative analysis, mates the BSSID of the message according to the BSSID from laying WLAN,
And the SSID of the message is mated according to the SSID from laying WLAN, also,
BSSID and the BSSID mismatches from laying WLAN and/or the SSID of the message when the message
With described when the SSID mismatches of WLAN are laid, output sends the letter of the illegal wireless access point of the message
Breath;
Judge fishing access point, receive the information of the illegal wireless access point, clicked through with accessing to the illegal wireless respectively
Row checking, to export fishing access point, wherein,
The fishing access point is the illegal wireless access point that checking cannot pass through.
2. method according to claim 1, wherein, also includes:
Filtering packets before collect statistics information, classify according to message format and filter the message, to filter out data message.
3. method according to claim 1, wherein, judges that fishing access point includes:
The information of the comparison illegal wireless access point is described from the information for laying WAP with default, wireless to detect
Whether the message that access point sends includes non-from the BSSID for laying WLAN;
When the message includes non-when the BSSID of WLAN is laid, the corresponding access point of detection, and export the first detection
As a result, wherein,
If the message that corresponding access point sends includes described from the SSID for laying WLAN or as detection please
The SSID for converting the message is sought, then first testing result is fishing access point for corresponding access point.
4. method according to claim 1, wherein, judges that fishing access point includes:
The SSID for detecting WAP be whether described from the SSID for laying WLAN, also,
When the message that WAP sends includes described when the SSID of WLAN is laid, the detection message
Whether include the non-gateway address from laying, and export the second testing result, wherein,
When the message includes the non-gateway address of laying certainly, second testing result is that fishing is accessed for corresponding access point
Point.
5. method according to claim 1, wherein, judges that fishing access point includes:
Detection property message is sent to WAP by wireless client or wireless probe, and exports the 3rd testing result, its
In,
When receiving the detection property message from the network internal that lays, the 3rd testing result for corresponding access point is
Fishing access point.
6. method according to claim 5, wherein, judges that fishing access point also includes:
Before detection property message is sent, the detection property message is built and is input into, wherein,
The detection property message is the message with detection mark voluntarily built according to user's request.
7. method according to claim 5, wherein, sending detection property message includes:
The detection property message is sent to wireless probe, also,
The detection property message is sent to WAP by the wireless probe, whether to detect corresponding WAP
For access point of going fishing.
8. method according to claim 1, also includes:
After fishing access point is judged, fishing access point alarm receives the characteristic information of the fishing access point, accordingly will go fishing
The characteristic information of access point is sent to nothing by the way of short message alarm, mail alarm, sound alarm and/or system interface prompting
The custodian of line LAN, to remind custodian manually to investigate access point of going fishing, wherein,
The characteristic information includes the characteristic information of MAC Address, signal strength signal intensity, radio band, working channel and associated terminal.
9. method according to claim 2, wherein, filtering packets include:
Message described in real-time reception;
Mate the keyword in the keyword and default message table of the message;
Keyword in the message is mated by the keyword and corresponding type of message in the message table, to recognize
The type of message of message is stated, wherein, the type of message includes managing class message, control class message and data message.
10. method according to claim 1, also includes:
The characteristic information of WLAN is preset before information comparative analysis, by data-interface from the Network Capture of user side
Described from the characteristic information for laying WLAN or wireless from laying described in network manager's typing by input module
The characteristic information of LAN, wherein,
Described from the characteristic information for laying WLAN include described from the BSSID for laying WLAN and described from
Lay the SSID information of WLAN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710010929.6A CN106507363B (en) | 2017-01-06 | 2017-01-06 | A method of discovery fishing access point |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710010929.6A CN106507363B (en) | 2017-01-06 | 2017-01-06 | A method of discovery fishing access point |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106507363A true CN106507363A (en) | 2017-03-15 |
| CN106507363B CN106507363B (en) | 2019-04-02 |
Family
ID=58345123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710010929.6A Active CN106507363B (en) | 2017-01-06 | 2017-01-06 | A method of discovery fishing access point |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106507363B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961683A (en) * | 2017-03-21 | 2017-07-18 | 上海斐讯数据通信技术有限公司 | A kind of method, system and finder AP for detecting rogue AP |
| CN108460103A (en) * | 2018-02-05 | 2018-08-28 | 百度在线网络技术(北京)有限公司 | Information acquisition method and device |
| CN109195166A (en) * | 2018-09-14 | 2019-01-11 | 厦门美图移动科技有限公司 | Internet access method and device |
| CN109451530A (en) * | 2019-01-03 | 2019-03-08 | 中国联合网络通信集团有限公司 | Formation gathering method and Information Collection System |
| CN109660991A (en) * | 2017-10-11 | 2019-04-19 | 腾讯科技(深圳)有限公司 | Pseudo-base station reminding method, device and storage medium |
| CN109803264A (en) * | 2018-12-24 | 2019-05-24 | 北京奇安信科技有限公司 | The method and apparatus for identifying wireless invasive |
| CN110012469A (en) * | 2019-04-29 | 2019-07-12 | 四川英得赛克科技有限公司 | A kind of hotspot legitimacy quick discrimination method under industrial control condition |
| CN110087244A (en) * | 2019-04-29 | 2019-08-02 | 新华三技术有限公司 | A kind of information acquisition method and device |
| CN113630782A (en) * | 2021-08-09 | 2021-11-09 | 迈普通信技术股份有限公司 | Wireless sharing detection method, device, system and computer readable storage medium |
| CN114173323A (en) * | 2020-08-21 | 2022-03-11 | 中芯未来(北京)科技有限公司 | Fishing WiFi detection method based on combination of terminal and cloud |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843684A (en) * | 2011-06-21 | 2012-12-26 | 航天信息股份有限公司 | Method and system for detecting rogue wireless access point in local area network |
| US20130040603A1 (en) * | 2011-08-12 | 2013-02-14 | F-Secure Corporation | Wireless access point detection |
| CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
| CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
-
2017
- 2017-01-06 CN CN201710010929.6A patent/CN106507363B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102843684A (en) * | 2011-06-21 | 2012-12-26 | 航天信息股份有限公司 | Method and system for detecting rogue wireless access point in local area network |
| US20130040603A1 (en) * | 2011-08-12 | 2013-02-14 | F-Secure Corporation | Wireless access point detection |
| CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
| CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961683A (en) * | 2017-03-21 | 2017-07-18 | 上海斐讯数据通信技术有限公司 | A kind of method, system and finder AP for detecting rogue AP |
| CN109660991A (en) * | 2017-10-11 | 2019-04-19 | 腾讯科技(深圳)有限公司 | Pseudo-base station reminding method, device and storage medium |
| CN108460103A (en) * | 2018-02-05 | 2018-08-28 | 百度在线网络技术(北京)有限公司 | Information acquisition method and device |
| CN109195166A (en) * | 2018-09-14 | 2019-01-11 | 厦门美图移动科技有限公司 | Internet access method and device |
| CN109803264A (en) * | 2018-12-24 | 2019-05-24 | 北京奇安信科技有限公司 | The method and apparatus for identifying wireless invasive |
| CN109451530A (en) * | 2019-01-03 | 2019-03-08 | 中国联合网络通信集团有限公司 | Formation gathering method and Information Collection System |
| CN109451530B (en) * | 2019-01-03 | 2022-04-22 | 中国联合网络通信集团有限公司 | Information collection method and information collection system |
| CN110012469A (en) * | 2019-04-29 | 2019-07-12 | 四川英得赛克科技有限公司 | A kind of hotspot legitimacy quick discrimination method under industrial control condition |
| CN110087244A (en) * | 2019-04-29 | 2019-08-02 | 新华三技术有限公司 | A kind of information acquisition method and device |
| CN114173323A (en) * | 2020-08-21 | 2022-03-11 | 中芯未来(北京)科技有限公司 | Fishing WiFi detection method based on combination of terminal and cloud |
| CN113630782A (en) * | 2021-08-09 | 2021-11-09 | 迈普通信技术股份有限公司 | Wireless sharing detection method, device, system and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106507363B (en) | 2019-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106507363B (en) | A method of discovery fishing access point | |
| US12200494B2 (en) | AI cybersecurity system monitoring wireless data transmissions | |
| US9584487B2 (en) | Methods, systems, and computer program products for determining an originator of a network packet using biometric information | |
| KR102163280B1 (en) | An apparatus for network monitoring based on edge computing and method thereof, and system | |
| US10152715B2 (en) | Detection of an unauthorized wireless communication device | |
| CN106789177B (en) | A kind of system of dealing with network breakdown | |
| US6879812B2 (en) | Portable computing device and associated method for analyzing a wireless local area network | |
| CN107154940A (en) | A kind of Internet of Things vulnerability scanning system and scan method | |
| US6801756B1 (en) | Method and system for dynamic evaluation of a wireless network with a portable computing device | |
| US7856656B1 (en) | Method and system for detecting masquerading wireless devices in local area computer networks | |
| US7516049B2 (en) | Wireless performance analysis system | |
| CN107197456B (en) | Detection method and detection device for identifying pseudo AP (access point) based on client | |
| US20060193300A1 (en) | Method and apparatus for monitoring multiple network segments in local area networks for compliance with wireless security policy | |
| MXPA05002559A (en) | System and method for remotely monitoring wirless networks. | |
| CN102857388A (en) | Cloud detection safety management auditing system | |
| CN111277421A (en) | System and method for network camera access safety protection | |
| CN101753333A (en) | Management system and protection method for integrating information security service | |
| CN101159636A (en) | System and method for detecting illegal access | |
| KR20120132086A (en) | System for detecting unauthorized AP and method for detecting thereof | |
| CN206332851U (en) | A kind of discovery device for access point of going fishing | |
| Meng et al. | Building a wireless capturing tool for WiFi | |
| CN105188062B (en) | It divulges a secret means of defence and device | |
| CN217607830U (en) | Comprehensive network management for smart city | |
| Deshpande et al. | Refocusing in 802.11 wireless measurement | |
| CN111479271A (en) | Wireless security detection and protection method and system based on asset attribute mark grouping |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |