[go: up one dir, main page]

CN107426208A - A kind of method for monitoring network illegal external connection - Google Patents

A kind of method for monitoring network illegal external connection Download PDF

Info

Publication number
CN107426208A
CN107426208A CN201710605455.XA CN201710605455A CN107426208A CN 107426208 A CN107426208 A CN 107426208A CN 201710605455 A CN201710605455 A CN 201710605455A CN 107426208 A CN107426208 A CN 107426208A
Authority
CN
China
Prior art keywords
network
connection
external connection
domain name
ping
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710605455.XA
Other languages
Chinese (zh)
Inventor
赵慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710605455.XA priority Critical patent/CN107426208A/en
Publication of CN107426208A publication Critical patent/CN107426208A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

一种监控网络非法外联的方法,具体包括以下步骤:对内网中的服务器进行网络外联探测列表设置;根据网络外联探测列表发起网络连接请求;判断是否网络连接成功,如果网络连接成功,则进行告警;如果网络连接不成功,则继续发起网络连接请求。本发明技术方案中的一个技术方案通过对域名解析、Ping探测、TCP连接的定时建立,或手动的网络连接探测,当探测到所设置的域名或IP地址被连接,及时触发告警,使用户得知哪一台机器在何时对哪个域名或IP进行了非法的连接,可及时采取措施。

A method for monitoring illegal network outreach, specifically comprising the following steps: setting a network outreach detection list for a server in an intranet; initiating a network connection request according to the network outreach detection list; judging whether the network connection is successful, if the network connection is successful , then give an alarm; if the network connection is unsuccessful, continue to initiate a network connection request. One of the technical solutions of the present invention is through domain name resolution, Ping detection, timing establishment of TCP connection, or manual network connection detection. When it is detected that the set domain name or IP address is connected, an alarm is triggered in time, so that the user can obtain Know which machine made an illegal connection to which domain name or IP when, and can take timely measures.

Description

一种监控网络非法外联的方法A method of monitoring network illegal outreach

技术领域technical field

本发明涉及网络监控技术领域,具体地说是一种监控网络非法外联的方法。The invention relates to the technical field of network monitoring, in particular to a method for monitoring network illegal outreach.

背景技术Background technique

现如今,计算机和网络技术的发展,为计算机用户提供了丰富的网络和设备互联的手段。这些多种多样的互联互通方式,正在成为行业、企业规范化管理工作中,所要面对的最大挑战之一。如果在内部网络与外部网络间开出了新的联结通道,外部的黑客攻击或者病毒就能够绕过内部网络、外部网络之间的防护屏障,顺利侵入非法外联的计算机,盗窃内部网络的敏感信息和机密数据,甚至利用该机作为跳板,攻击、传染内部网络的重要服务器,导致整个内部网络工作瘫痪。所以,非法外联是影响计算机网络安全的重要方面,有效防范非法外联,对确保各信息系统安全平稳运行意义重大。Nowadays, the development of computer and network technology provides computer users with rich means of network and device interconnection. These various ways of interconnection are becoming one of the biggest challenges to be faced in the standardized management of industries and enterprises. If a new connection channel is opened between the internal network and the external network, external hackers or viruses can bypass the protective barrier between the internal network and the external network, successfully invade illegal external computers, and steal sensitive information of the internal network. Information and confidential data, and even use the machine as a springboard to attack and infect important servers of the internal network, causing the entire internal network to be paralyzed. Therefore, illegal outreach is an important aspect affecting computer network security, and effective prevention of illegal outreach is of great significance to ensure the safe and stable operation of various information systems.

发明内容Contents of the invention

本发明的目的在于提供一种监控网络非法外联的方法,用于解决计算机网络安全中容易出现非法外联的情况,从而导致整个内部网络工作瘫痪的问题。The purpose of the present invention is to provide a method for monitoring network illegal outreach, which is used to solve the problem that illegal outreach is easy to occur in computer network security, which leads to the paralysis of the entire internal network.

本发明解决其技术问题所采取的技术方案是:一种监控网络非法外联的方法,其特征是,具体包括以下步骤:The technical solution adopted by the present invention to solve the technical problem is: a method for monitoring illegal outreach on the network, which is characterized in that it specifically includes the following steps:

对内网中的服务器进行网络外联探测列表设置;Set the network outreach detection list for servers in the intranet;

根据网络外联探测列表发起网络连接请求;Initiate a network connection request according to the network outreach detection list;

判断是否网络连接成功,如果网络连接成功,则进行告警;如果网络连接不成功,则继续发起网络连接请求。Judging whether the network connection is successful, if the network connection is successful, an alarm will be issued; if the network connection is unsuccessful, continue to initiate a network connection request.

进一步地,网络外联探测列表设置包括域名解析连接的建立、Ping探测连接的建立、TCP连接的建立。Further, the setting of the network outreach detection list includes the establishment of a domain name resolution connection, a Ping detection connection, and a TCP connection.

进一步地,所述域名解析连接的建立用于探测内网环境中的服务器是否能连接外网,其具体建立方式包括:输入域名。Further, the establishment of the domain name resolution connection is used to detect whether the server in the internal network environment can connect to the external network, and the specific establishment method includes: inputting the domain name.

进一步地,所述Ping探测连接的建立用于探测该服务器是否能ping通目标IP地址,其具体建立方式包括:输入IP地址。Further, the establishment of the Ping detection connection is used to detect whether the server can ping the target IP address, and the specific establishment method includes: inputting the IP address.

进一步地,所述TCP连接的建立用于探测此机器是否能对目标IP、目标端口进行TCP连接,其具体建立方式包括:输入IP地址和端口号。Further, the establishment of the TCP connection is used to detect whether the machine can perform a TCP connection to the target IP and target port, and the specific establishment method includes: inputting the IP address and port number.

进一步地,所述发起网络请求包括自动发起网络请求和手动发起网络请求。Further, said initiating a network request includes automatically initiating a network request and manually initiating a network request.

进一步地,所述自动发起网络请求为服务器通过指令定时发送网络连接请求,包括ping探测连接的ping指令、TCP连接的telnet指令、域名解析连接的nslookup指令;Further, the automatically initiating network request is that the server regularly sends a network connection request through an instruction, including a ping instruction for a ping detection connection, a telnet instruction for a TCP connection, and an nslookup instruction for a domain name resolution connection;

所述手动发起网络请求为进行手动外联探测网络外联探测列表中的网络。The manually initiating network request is to perform manual outreach to detect networks in the network outreach detection list.

进一步地,所述网络连接成功进行告警的告警内容包括时间、服务器编号、网络连接成功的方式。Further, the alarm content of the successful network connection alarm includes time, server number, and a successful network connection method.

发明内容中提供的效果仅仅是实施例的效果,而不是发明所有的全部效果,上述技术方案中的一个技术方案具有如下优点或有益效果:The effects provided in the summary of the invention are only the effects of the embodiments, rather than all the effects of the invention. One of the above technical solutions has the following advantages or beneficial effects:

通过对域名解析、Ping探测、TCP连接的定时建立,或手动的网络连接探测,当探测到所设置的域名或IP地址被连接,及时触发告警,使用户得知哪一台机器在何时对哪个域名或IP进行了非法的连接,可及时采取措施。Through domain name resolution, Ping detection, timing establishment of TCP connection, or manual network connection detection, when the set domain name or IP address is detected to be connected, an alarm will be triggered in time, so that the user can know which machine is responding Which domain name or IP has made an illegal connection, and measures can be taken in time.

附图说明Description of drawings

图1为本发明实施例的方法流程示意图;Fig. 1 is the schematic flow chart of the method of the embodiment of the present invention;

图2为本发明实施例的自动发起网络连接请求的示意图;FIG. 2 is a schematic diagram of automatically initiating a network connection request according to an embodiment of the present invention;

图3为本发明实施例的手动发起网络连接请求的示意图。FIG. 3 is a schematic diagram of manually initiating a network connection request according to an embodiment of the present invention.

具体实施方式detailed description

为了能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。In order to clearly illustrate the technical features of the present solution, the present invention will be described in detail below through specific implementation methods and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the present invention. To simplify the disclosure of the present invention, components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and/or arrangements discussed. It should be noted that components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted herein to avoid unnecessarily limiting the present invention.

如图1所示,一种监控网络非法外联的方法,具体包括以下步骤:As shown in Figure 1, a method for monitoring illegal outreach on the network specifically includes the following steps:

对内网中的服务器进行网络外联探测列表设置;根据网络外联探测列表发起网络连接请求;判断是否网络连接成功,如果网络连接成功,则进行告警;如果网络连接不成功,则继续发起网络连接请求。Set the network outreach detection list for the server in the intranet; initiate a network connection request according to the network outreach detection list; judge whether the network connection is successful, and if the network connection is successful, issue an alarm; if the network connection is unsuccessful, continue to initiate the network connection Connection request.

网络外联探测列表设置包括域名解析连接的建立、Ping探测连接的建立、TCP连接的建立。The network outreach detection list settings include the establishment of domain name resolution connection, Ping detection connection establishment, and TCP connection establishment.

域名解析连接的建立用于探测内网环境中的服务器是否能连接外网,其具体建立方式包括:输入域名。The establishment of the domain name resolution connection is used to detect whether the server in the internal network environment can connect to the external network. The specific establishment method includes: inputting the domain name.

Ping探测连接的建立用于探测该服务器是否能ping通目标IP地址,其具体建立方式包括:输入IP地址。The establishment of the Ping detection connection is used to detect whether the server can ping the target IP address. The specific establishment method includes: inputting the IP address.

TCP连接的建立用于探测此机器是否能对目标IP、目标端口进行TCP连接,其具体建立方式包括:输入IP地址和端口号。The establishment of a TCP connection is used to detect whether the machine can perform a TCP connection to the target IP and target port. The specific establishment method includes: inputting the IP address and port number.

发起网络请求包括自动发起网络请求和手动发起网络请求。Initiating a network request includes automatically initiating a network request and manually initiating a network request.

如图2所示,自动发起网络请求为服务器通过指令定时发送网络连接请求,包括ping探测连接的ping指令、TCP连接的telnet指令、域名解析连接的nslookup指令。As shown in Figure 2, automatically initiating a network request means that the server regularly sends a network connection request through instructions, including a ping instruction for a ping detection connection, a telnet instruction for a TCP connection, and an nslookup instruction for a domain name resolution connection.

设置定时探测的时间间隔,如10分钟,每10分钟进行一次网络连接请求。Set the time interval for regular detection, such as 10 minutes, and make a network connection request every 10 minutes.

通过ping<IP>指令,如ping<10.2.92.100>,进行ping探测连接;通过telnet<IP><port>指令,如telnet<10.2.92.100><8080>,进行TCP连接;通过nslookup<域名>指令,如nslookup<www.baidu.com>,进行域名解析连接。Use ping<IP> command, such as ping<10.2.92.100>, to perform ping detection connection; use telnet<IP><port> command, such as telnet<10.2.92.100><8080>, to perform TCP connection; use nslookup<domain name> Instructions, such as nslookup<www.baidu.com>, perform domain name resolution connection.

判断是否连接成功,如果连接成功,则进行告警,告警内容包括:时间(YYYY-MM-DD),服务器XXX Ping探测(10.2.92.100)成功;或时间(YYYY-MM-DD),服务器XXX TCP连接(10.2.92.100)(8080)成功;或时间(YYYY-MM-DD),服务器XXX域名解析连接(www.baidu.com)成功。Determine whether the connection is successful. If the connection is successful, an alarm will be issued. The alarm content includes: time (YYYY-MM-DD), server XXX Ping detection (10.2.92.100) is successful; or time (YYYY-MM-DD), server XXX TCP The connection (10.2.92.100) (8080) is successful; or the time (YYYY-MM-DD), server XXX domain name resolution connection (www.baidu.com) is successful.

如图3所示,可以手动发起网络请求,根据网络外联探测列表进行手动探测,如果连接成功,则进行告警,告警内容与自动发起网络请求的告警内容相同,在此就不再赘述。As shown in Figure 3, a network request can be manually initiated, and manual detection is performed according to the network outreach detection list. If the connection is successful, an alarm is issued. The content of the alarm is the same as that for automatically initiating a network request, and will not be described here.

以上所述只是本发明的优选实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也被视为本发明的保护范围。The above is only a preferred embodiment of the present invention. For those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications are also considered as the present invention. protection scope of the invention.

Claims (8)

1. a kind of method for monitoring network illegal external connection, it is characterized in that, specifically include following steps:
Network external connection detection list is carried out to the server in Intranet to set;
List is detected according to network external connection and initiates network connecting request;
Judge whether network connection success, if network connection success, is alerted;If network connection is unsuccessful, after Supervention plays network connecting request.
2. a kind of method for monitoring network illegal external connection according to claim 1, it is characterized in that, network external connection detection list Setting includes domain name mapping establishment of connection, Ping detections establishment of connection, TCP establishment of connections.
3. a kind of method for monitoring network illegal external connection according to claim 2, it is characterized in that, domain name parsing connection Foundation be used for whether the server that detects in intranet environment can to connect outer net, it, which specifically establishes mode, includes:Inputs domain name.
4. a kind of method for monitoring network illegal external connection according to claim 2, it is characterized in that, the Ping detections connection Foundation be used for detect the server whether can ping lead to target ip address, it, which specifically establishes mode, includes:Input IP address.
5. a kind of method for monitoring network illegal external connection according to claim 2, it is characterized in that, the TCP connections are built Stand for detecting whether this machine can carry out TCP connections to Target IP, target port, it, which specifically establishes mode, includes:Input IP Address and port numbers.
6. a kind of method for monitoring network illegal external connection according to claim 1, it is characterized in that, the initiation network request Including automatically initiating network request and initiating network request manually.
7. a kind of method for monitoring network illegal external connection according to claim 6, it is characterized in that, it is described to automatically initiate network Ask be server by instructing timing to send network connecting request, include ping instructions, the TCP connections of ping detection connections Telnet instructions, the nslookup instructions of domain name mapping connection;
It is described to initiate network request manually to carry out the network in manual external connection detection network external connection detection list.
8. a kind of method for monitoring network illegal external connection according to claim 1, it is characterized in that, the network connection success The warning content alerted includes time, server numbering, the successful mode of network connection.
CN201710605455.XA 2017-07-24 2017-07-24 A kind of method for monitoring network illegal external connection Pending CN107426208A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710605455.XA CN107426208A (en) 2017-07-24 2017-07-24 A kind of method for monitoring network illegal external connection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710605455.XA CN107426208A (en) 2017-07-24 2017-07-24 A kind of method for monitoring network illegal external connection

Publications (1)

Publication Number Publication Date
CN107426208A true CN107426208A (en) 2017-12-01

Family

ID=60430874

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710605455.XA Pending CN107426208A (en) 2017-07-24 2017-07-24 A kind of method for monitoring network illegal external connection

Country Status (1)

Country Link
CN (1) CN107426208A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833412A (en) * 2018-06-20 2018-11-16 国网湖北省电力公司咸宁供电公司 Network termination monitoring and managing method in a kind of illegal external connection
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN110191102A (en) * 2019-05-09 2019-08-30 黄志英 A kind of illegal external connection comprehensive monitoring system and its method
CN110995542A (en) * 2019-12-16 2020-04-10 金蝶智慧科技(深圳)有限公司 Network state detection method, system and related equipment
CN113938305A (en) * 2021-10-18 2022-01-14 杭州安恒信息技术股份有限公司 Method, system and device for judging illegal external connection
CN114900377A (en) * 2022-07-15 2022-08-12 广州世安信息技术股份有限公司 Induction data packet-based illegal external connection monitoring method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090077298A1 (en) * 2003-12-29 2009-03-19 Apple Inc. Methods and apparatus for bridged data transmission and protocol translation in a high-speed serialized data system
CN102315992A (en) * 2011-10-21 2012-01-11 北京海西赛虎信息安全技术有限公司 Detection method for illegal external connection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090077298A1 (en) * 2003-12-29 2009-03-19 Apple Inc. Methods and apparatus for bridged data transmission and protocol translation in a high-speed serialized data system
CN102315992A (en) * 2011-10-21 2012-01-11 北京海西赛虎信息安全技术有限公司 Detection method for illegal external connection

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN108833412A (en) * 2018-06-20 2018-11-16 国网湖北省电力公司咸宁供电公司 Network termination monitoring and managing method in a kind of illegal external connection
CN110191102A (en) * 2019-05-09 2019-08-30 黄志英 A kind of illegal external connection comprehensive monitoring system and its method
CN110191102B (en) * 2019-05-09 2021-12-21 黄志英 Illegal external connection comprehensive monitoring system and method thereof
CN110995542A (en) * 2019-12-16 2020-04-10 金蝶智慧科技(深圳)有限公司 Network state detection method, system and related equipment
CN113938305A (en) * 2021-10-18 2022-01-14 杭州安恒信息技术股份有限公司 Method, system and device for judging illegal external connection
CN113938305B (en) * 2021-10-18 2024-04-26 杭州安恒信息技术股份有限公司 A method, system and device for determining illegal external links
CN114900377A (en) * 2022-07-15 2022-08-12 广州世安信息技术股份有限公司 Induction data packet-based illegal external connection monitoring method and system
CN114900377B (en) * 2022-07-15 2022-09-30 广州世安信息技术股份有限公司 Induction data packet-based illegal external connection monitoring method and system

Similar Documents

Publication Publication Date Title
CN107426208A (en) A kind of method for monitoring network illegal external connection
CN101060397B (en) Device and method for detecting network address translation device
JP5009244B2 (en) Malware detection system, malware detection method, and malware detection program
CA2968201C (en) Systems and methods for malicious code detection
US9699204B2 (en) Abnormal traffic detection apparatus and method based on modbus communication pattern learning
CN111726364B (en) Host intrusion prevention method, system and related device
CN103916490B (en) DNS tamper-proof method and device
CN104601570A (en) Network security monitoring method based on bypass monitoring and software packet capturing technology
CN103607385A (en) Method and apparatus for security detection based on browser
JP2017539039A5 (en)
CN102594825A (en) Method and device for detecting intranet Trojans
US20140115705A1 (en) Method for detecting illegal connection and network monitoring apparatus
JP6524789B2 (en) Network monitoring method, network monitoring program and network monitoring device
CN103763156A (en) Network speed measurement method and system
CN107483510A (en) A method and device for improving the accuracy of web application layer attack detection
CN103067384B (en) Threaten processing method and system, linkage client, safety equipment and main frame
CN111049784A (en) Network attack detection method, device, equipment and storage medium
JP5568344B2 (en) Attack detection apparatus, attack detection method, and program
CN104935551A (en) Device and method for preventing web page tampering
CN104219211A (en) Detection method and detection device for network security in cloud computing network
CN106713311A (en) Method and apparatus for reducing DNS hijacking risk
WO2015018200A1 (en) Method and apparatus for upgrading detection engine in firewall device
CN108243051A (en) Domain name hijacking protection processing method and device
CN106982148B (en) A method, device and system for monitoring server downtime
CN109040137A (en) For detecting the method, apparatus and electronic equipment of man-in-the-middle attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171201

RJ01 Rejection of invention patent application after publication