CN114666072B - Illegal transfer point detection method, server, platform, system and storage medium - Google Patents
Illegal transfer point detection method, server, platform, system and storage medium Download PDFInfo
- Publication number
- CN114666072B CN114666072B CN202011406849.0A CN202011406849A CN114666072B CN 114666072 B CN114666072 B CN 114666072B CN 202011406849 A CN202011406849 A CN 202011406849A CN 114666072 B CN114666072 B CN 114666072B
- Authority
- CN
- China
- Prior art keywords
- client terminal
- message data
- address
- source
- transfer point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明实施例提供一种非法转接点检测方法、服务器、平台、系统及存储介质,所述方法包括接收客户终端发送的报文数据;所述报文数据包括源IP地址、客户终端信息和标识验证码,根据所述标识验证码确定所述报文数据的发送方是否为连接到异网的客户终端,若所述报文数据的发送方是连接到异网的客户终端,则根据所述源IP地址和客户终端信息生成检测指令,并将所述检测指令发送给所述管理平台,所述检测指令用于供所述管理平台确定所述源IP地址是否为非法转接点,上述方法利用带有标识验证码的客户终端拨测,仅需获取报文数据,无需获取路由数据和业务流量,能够有效及准确确定非法转接点。
Embodiments of the present invention provide an illegal transfer point detection method, server, platform, system, and storage medium. The method includes receiving message data sent by a client terminal; the message data includes source IP address, client terminal information, and An identification verification code, determining whether the sender of the message data is a client terminal connected to a different network according to the identification verification code, if the sender of the message data is a client terminal connected to a different network, then according to the The source IP address and client terminal information generate a detection instruction, and send the detection instruction to the management platform, the detection instruction is used for the management platform to determine whether the source IP address is an illegal transfer point, the above The method uses the client terminal dial test with the identification verification code, only needs to obtain the message data, does not need to obtain the routing data and business flow, and can effectively and accurately determine the illegal transfer point.
Description
技术领域technical field
本发明实施例涉及互联网通信技术领域,尤其涉及一种非法转接点检测方法、服务器、平台、系统及存储介质。The embodiments of the present invention relate to the technical field of Internet communication, and in particular to a method for detecting an illegal transfer point, a server, a platform, a system, and a storage medium.
背景技术Background technique
不同的运营商之间的网络访问需要通过预设的直连点来完成,其中,直连点为电信网间的物理连接,以使一个电信运营企业的用户能够与另一个电信运营企业的用户相互通信并且根据协议进行费用的结算。The network access between different operators needs to be completed through the preset direct connection point, wherein the direct connection point is the physical connection between the telecommunication networks, so that the users of one telecommunication operation enterprise can communicate with the users of another telecommunication operation enterprise Communicate with each other and settle fees according to the agreement.
为了实现在保证用户网络质量的同时,也能够节约成本,异网运营商会通过某种方式获取主流运营商的网络专线账号,通过账号作为非法转接点直接访问主流运营商的资源,会对主流运营商造成经济上的损失,同时还会造成主流运营商网络的不稳定。现有技术中,对于非法转接点的检测主要是通过在异网环境中部署软探针,软探针通过路由跟踪协议获得路由数据,再对路由数据进行分析来检测非法转接点。In order to save costs while ensuring the quality of the user network, different-network operators will obtain the private line account of the mainstream operator in some way, and use the account as an illegal transfer point to directly access the resources of the mainstream operator. Operators cause economic losses, and at the same time cause network instability of mainstream operators. In the prior art, the detection of illegal transfer points is mainly through the deployment of soft probes in different network environments. The soft probes obtain routing data through the route tracking protocol, and then analyze the routing data to detect illegal transfer points.
然而,异网运营商可能会将路由跟踪协议关闭,导致软探针无法获取路由数据,上述方法存在不能有效及准确的确定非法转接点的缺陷。However, the operator of the different network may close the routing tracking protocol, so that the soft probe cannot obtain the routing data. The above method has the defect of not being able to effectively and accurately determine the illegal transfer point.
发明内容Contents of the invention
本发明实施例提供一种非法转接点检测方法、服务器、平台、系统及存储介质,以提高对非法转接点检测的有效性及准确性。Embodiments of the present invention provide an illegal transfer point detection method, a server, a platform, a system, and a storage medium, so as to improve the effectiveness and accuracy of illegal transfer point detection.
第一方面,本发明实施例提供一种非法转接点检测方法,应用于测试服务器,包括:In the first aspect, the embodiment of the present invention provides a method for detecting an illegal transfer point, which is applied to a test server, including:
接收客户终端发送的报文数据;所述报文数据包括源IP地址、客户终端信息和标识验证码;其中,所述标识验证码为管理平台根据客户终端信息下发的数据;Receive the message data sent by the client terminal; the message data includes source IP address, client terminal information and identification verification code; wherein, the identification verification code is the data issued by the management platform according to the client terminal information;
根据所述标识验证码确定所述报文数据的发送方是否为连接到异网的客户终端;Determine whether the sender of the message data is a client terminal connected to a different network according to the identification verification code;
若所述报文数据的发送方是连接到异网的客户终端,则根据所述源IP地址和客户终端信息生成检测指令,并将所述检测指令发送给所述管理平台,所述检测指令用于供所述管理平台确定所述源IP地址是否为非法转接点。If the sender of the message data is a client terminal connected to a different network, then generate a detection instruction according to the source IP address and client terminal information, and send the detection instruction to the management platform, and the detection instruction It is used for the management platform to determine whether the source IP address is an illegal transfer point.
可选的,根据所述标识验证码确定所述报文数据的发送方是否为连接到异网的客户终端,包括:Optionally, determining whether the sender of the message data is a client terminal connected to a different network according to the identification verification code includes:
对所述报文数据进行解析处理,得到所述报文数据中的标识验证码;Analyzing the message data to obtain the identification verification code in the message data;
对所述标识验证码和第一校验信息按照预设校验规则进行运算,得到校验结果;Performing operations on the identification verification code and the first verification information according to a preset verification rule to obtain a verification result;
判断所述校验结果与第二校验信息是否一致,若一致,则确定所述报文数据的发送方是连接到异网的客户终端;Judging whether the verification result is consistent with the second verification information, if consistent, then determining that the sender of the message data is a client terminal connected to a different network;
其中,所述第一校验信息和第二校验信息为所述管理平台根据预设校验规则生成并发送给所述测试服务器的数据。Wherein, the first verification information and the second verification information are data generated by the management platform according to preset verification rules and sent to the test server.
可选的,所述测试服务器为设置在本省城域网出口的局端采集分析设备,所述报文数据包括目的IP地址或目的端口,所述接收客户终端发送的报文数据,包括:Optionally, the test server is a central office acquisition and analysis device arranged at the exit of the metropolitan area network of this province, the message data includes a destination IP address or a destination port, and the message data sent by the receiving client terminal includes:
采集本省城域网出口的报文数据;Collect the message data of the provincial MAN export;
从采集到的报文数据中筛选出包含预设的目的IP地址或目的端口的报文数据。From the collected packet data, filter out the packet data containing the preset destination IP address or destination port.
可选的,所述测试服务器为对应于目的IP地址或目的端口的测试服务器,所述报文数据包括目的IP地址或目的端口,所述接收客户终端发送的报文数据,包括:Optionally, the test server is a test server corresponding to a destination IP address or a destination port, and the message data includes a destination IP address or a destination port, and the receiving the message data sent by the client terminal includes:
接收包含所述目的IP地址或目的端口的报文数据。Receive packet data including the destination IP address or destination port.
第二方面,本发明实施例提供一种非法转接点检测方法,应用于管理平台,包括:In the second aspect, the embodiment of the present invention provides an illegal transfer point detection method, which is applied to the management platform, including:
向客户终端发送标识验证码,以使所述客户终端根据源IP地址、客户终端信息和标识验证码得到报文数据,并将得到的报文数据发送给测试服务器;Send the identification verification code to the client terminal, so that the client terminal obtains the message data according to the source IP address, the client terminal information and the identification verification code, and sends the obtained message data to the test server;
接收所述测试服务器发送的检测指令,所述检测指令包括源IP地址和客户终端信息;其中,所述检测指令是测试服务器在接收客户终端发送的报文数据,并确定所述报文数据的发送方为连接到异网的客户终端后生成并发送给管理平台的;Receiving the detection instruction sent by the test server, the detection instruction includes source IP address and client terminal information; wherein, the detection instruction is the test server receiving the message data sent by the client terminal, and determining the message data The sender is generated by a client terminal connected to a different network and sent to the management platform;
根据所述检测指令确定所述源IP地址是否为非法转接点。Determine whether the source IP address is an illegal transfer point according to the detection instruction.
可选的,根据所述检测指令确定所述源IP地址是否为非法转接点,包括:Optionally, determining whether the source IP address is an illegal transfer point according to the detection instruction includes:
根据所述客户终端信息确定与所述客户终端对应的源IP地址;determining a source IP address corresponding to the client terminal according to the client terminal information;
判断与所述客户终端对应的源IP地址和所述报文数据中的源IP地址是否一致;Judging whether the source IP address corresponding to the client terminal is consistent with the source IP address in the message data;
若不一致,则确定所述报文数据中的源IP地址为非法转接点。If not, it is determined that the source IP address in the packet data is an illegal transfer point.
可选的,所述测试服务器为设置在本省城域网出口的局端采集分析设备,所述报文数据包括目的IP地址或目的端口,所述接收测试服务器发送的检测指令,包括:Optionally, the test server is a local acquisition and analysis device arranged at the exit of the metropolitan area network of this province, the message data includes a destination IP address or a destination port, and the detection instruction sent by the receiving test server includes:
接收所述局端采集分析设备发送的检测指令;所述检测指令为局端采集分析设备在确定所述报文数据的发送方为连接到异网的客户终端后生成的。receiving a detection instruction sent by the central office collection and analysis device; the detection instruction is generated by the central office collection and analysis device after determining that the sender of the message data is a client terminal connected to a different network.
可选的,所述测试服务器为对应于目的IP地址或目的端口的测试服务器,所述报文数据包括目的IP地址或目的端口,所述接收测试服务器发送的检测指令,包括:Optionally, the test server is a test server corresponding to a destination IP address or a destination port, and the message data includes a destination IP address or a destination port, and the detection instruction sent by the receiving test server includes:
接收所述测试服务器发送的检测指令;所述检测指令为所述测试服务器在确定所述报文数据的发送方为连接到异网的客户终端后生成的。receiving a detection instruction sent by the test server; the detection instruction is generated by the test server after determining that the sender of the message data is a client terminal connected to a different network.
可选的,所述向客户终端发送标识验证码,包括:Optionally, the sending the identification verification code to the client terminal includes:
接收所述客户终端发送的客户终端ID;receiving the client terminal ID sent by the client terminal;
对所述客户终端ID进行验证,若验证通过,则向所述客户终端发送测试任务和标识验证码,以使所述客户终端根据测试任务和标识验证码得到封装后的报文数据;其中,所述测试任务包括目的IP或目的端口。Verify the ID of the client terminal, and if the verification is passed, send the test task and the identification verification code to the client terminal, so that the client terminal obtains the encapsulated message data according to the test task and the identification verification code; wherein, The test task includes destination IP or destination port.
第三方面,本发明实施例提供一种测试服务器,包括:至少一个处理器和存储器;In a third aspect, an embodiment of the present invention provides a test server, including: at least one processor and a memory;
所述存储器存储计算机执行指令;the memory stores computer-executable instructions;
所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行如第一方面任一项所述的非法转接点检测方法。The at least one processor executes the computer-executed instructions stored in the memory, so that the at least one processor executes the illegal transfer point detection method according to any one of the first aspect.
第四方面,本发明实施例提供一种管理平台,包括:至少一个处理器和存储器;In a fourth aspect, an embodiment of the present invention provides a management platform, including: at least one processor and a memory;
所述存储器存储计算机执行指令;the memory stores computer-executable instructions;
所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行如第二方面任一项所述的非法转接点检测方法。The at least one processor executes the computer-executed instructions stored in the memory, so that the at least one processor executes the illegal transfer point detection method according to any one of the second aspect.
第五方面,本发明实施例提供一种非法转接点检测系统,包括第三方面所述的测试服务器以及第四方面所述的管理平台。In a fifth aspect, an embodiment of the present invention provides an illegal transfer point detection system, including the test server described in the third aspect and the management platform described in the fourth aspect.
第六方面,本发明实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如第一方面和第二方面任一项所述的非法转接点检测方法。In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the first aspect and the second aspect are implemented. The illegal transfer point detection method described in any one of the aspects.
本发明实施例提供的非法转接点检测方法、服务器、平台、系统及存储介质,该方法通过在异网环境中设置带有标识验证码的客户终端,通过客户终端发送报文数据,通过测试服务器接收报文数据,并对报文数据进行判断,确定报文数据的发送发是否为连接到异网的客户终端发送的报文数据,若是,则将源IP地址和客户终端信息发送给管理平台,管理平台通过客户终端信息对源IP地址进行判断,确定报文数据中的源IP地址是否为非法转接点,该方法无需获取路由数据,通过标识验证码能够准确确定是否为客户终端发送的数据,再根据源IP地址是否发生改变可以确定源IP地址是否为非法转接点。The illegal transfer point detection method, server, platform, system, and storage medium provided by the embodiments of the present invention, the method sets a client terminal with an identification verification code in a different network environment, sends message data through the client terminal, and passes the test The server receives the message data, and judges the message data to determine whether the sending of the message data is the message data sent by the client terminal connected to the different network, and if so, sends the source IP address and the client terminal information to the management platform, the management platform judges the source IP address through the information of the client terminal, and determines whether the source IP address in the message data is an illegal transfer point. According to whether the source IP address changes, it can be determined whether the source IP address is an illegal transfer point.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained according to these drawings without any creative effort.
图1为本发明实施例提供的非法转接点检测方法的应用场景示意图;FIG. 1 is a schematic diagram of an application scenario of an illegal transfer point detection method provided by an embodiment of the present invention;
图2为本发明实施例提供的一种非法转接点检测方法的流程示意图;FIG. 2 is a schematic flowchart of an illegal transfer point detection method provided by an embodiment of the present invention;
图3为本发明实施例提供的一种对本省的非法转接点进行检测的方法流程示意图;Fig. 3 is a schematic flow diagram of a method for detecting an illegal transfer point in the province provided by an embodiment of the present invention;
图4为本发明实施例提供的对本省的非法转接点进行检测时的客户终端模拟应用示意图;FIG. 4 is a schematic diagram of a client terminal simulation application when detecting an illegal transfer point in the province provided by an embodiment of the present invention;
图5为本发明实施例提供的对本省的非法转接点检测时的数据处理示意图;Fig. 5 is a schematic diagram of data processing when detecting an illegal transfer point in the province provided by an embodiment of the present invention;
图6为本发明实施例提供的一种对他省的非法转接点进行检测的方法流程示意图;FIG. 6 is a schematic flowchart of a method for detecting illegal transfer points in other provinces provided by an embodiment of the present invention;
图7为本发明实施例提供的对他省的非法转接点进行检测时的客户终端模拟应用示意图;FIG. 7 is a schematic diagram of a client terminal simulation application when detecting illegal transfer points in other provinces provided by an embodiment of the present invention;
图8为本发明实施例提供的对他省的非法转接点检测时的数据处理示意图;8 is a schematic diagram of data processing when detecting illegal transfer points in other provinces provided by an embodiment of the present invention;
图9为本发明实施例提供的另一种非法转接点检测方法的流程示意图;FIG. 9 is a schematic flowchart of another method for detecting an illegal transfer point provided by an embodiment of the present invention;
图10为本发明实施例提供的另一种对本省的非法转接点进行检测的方法流程示意图;FIG. 10 is a schematic flowchart of another method for detecting illegal transfer points in the province provided by the embodiment of the present invention;
图11为本发明实施例提供的另一种对他省的非法转接点进行检测的方法流程示意图;FIG. 11 is a schematic flowchart of another method for detecting illegal transfer points in other provinces provided by the embodiment of the present invention;
图12为本发明实施例提供的一种非法转接点检测装置的结构示意图;FIG. 12 is a schematic structural diagram of an illegal transfer point detection device provided by an embodiment of the present invention;
图13为本发明实施例提供的另一种非法转接点检测装置的结构示意图;FIG. 13 is a schematic structural diagram of another illegal transfer point detection device provided by an embodiment of the present invention;
图14为本发明实施例提供的测试服务器的硬件结构示意图;FIG. 14 is a schematic diagram of a hardware structure of a test server provided by an embodiment of the present invention;
图15为本发明实施例提供的管理平台的硬件结构示意图。FIG. 15 is a schematic diagram of the hardware structure of the management platform provided by the embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例例如能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if any) in the description and claims of the present invention and the above drawings are used to distinguish similar objects and not necessarily Describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of practice in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having", as well as any variations thereof, are intended to cover a non-exclusive inclusion, for example, a process, method, system, product or device comprising a sequence of steps or elements is not necessarily limited to the expressly listed instead, may include other steps or elements not explicitly listed or inherent to the process, method, product or apparatus.
图1为本发明实施例提供的非法转接点检测方法的应用场景示意图,如图1所示,图中包含了运营商A子网、运营商A网、直连点、运营商B网和运营商B子网。其中,运营商A网为某一运营商的网络,运营商B网为除运营商A网以外的任一运营商的网络。运营商A子网是指运营商A网的地址划分的若干个小网络中的一个,运营商B子网是指运营商B网的地址划分的若干个小网络中的一个。其中,运营商A网和运营商B网互为异网,即属于不同的网络。Fig. 1 is a schematic diagram of an application scenario of an illegal transfer point detection method provided by an embodiment of the present invention. Carrier B subnet. Wherein, the operator A network is a network of a certain operator, and the operator B network is a network of any operator except the operator A network. The operator A subnet refers to one of several small networks divided by the addresses of the operator A network, and the operator B subnet refers to one of the several small networks divided by the addresses of the operator B network. Wherein, the operator A network and the operator B network are different networks from each other, that is, they belong to different networks.
在正常情况下,运营商A子网与运营商B子网通信时,需要通过运营商A网、直连点、运营商B网来与运营商B子网建立连接,但是若运营商A子网直接通过在运营商B子网建立非法转接点来访问运营商B子网的内容,则属于非法转接。其中,非法转接点可能为本省的某一IP地址,也可能为外省的某一IP地址。如图1所示,图中的线条1表示从运营商A子网到运营商B子网的合法数据流向;线条2表示从运营商A子网到运营商B子网的非法数据流向;三角形表示非法转接点。Under normal circumstances, when the subnet of operator A communicates with the subnet of operator B, it needs to establish a connection with the subnet of operator B through the network of operator A, the direct connection point, and the network of operator B. However, if the subnet of operator A If the network directly accesses the content of the operator B subnet by establishing an illegal transfer point on the operator B subnet, it is an illegal transfer. Among them, the illegal transfer point may be a certain IP address in the province, or it may be a certain IP address in other provinces. As shown in Figure 1,
在一些技术中,对于非法转接点的确定通常是在异网环境中布置软件探针,通过软件探针获取目标路由后,向上报点发送目标路由,并根据目标路由来确定是否存在非法转接点。但是,该方法中在获取路由数据时需要通过路由跟踪协议来获取目标路由。而对于异网集团来说,可以将该协议关闭,导致本网集团无法获取目标路由,进而无法确定异网集团是否在本网设置非法转接点。In some technologies, the determination of illegal transfer points is usually to arrange software probes in different network environments. After obtaining the target route through the software probes, send the target route to the reporting point, and determine whether there is an illegal transfer point based on the target route. contact. However, in this method, the target route needs to be obtained through a traceroute protocol when obtaining the routing data. For the different network group, the agreement can be closed, resulting in the network group being unable to obtain the target route, and thus unable to determine whether the different network group has set up an illegal transfer point on the network.
在另一些技术中,通过采集IDC(Internet Data Center,互联网数据中心)业务流量的方法来确定非法转接点,采集IDC业务流量的方法是指从多个维度对获取的业务流量进行统计和分析,对流量流向和协议占比进行分析以确定疑似IP。但是,该方法一方面仅能对流量进行分析,确定的非法转接点不够准确;另一方面,非法转接集团可以通过不同的协议和接口把转接的流量通过不同的转接点接入,因此,也不能有效确定非法转接点。In other technologies, illegal transfer points are determined by collecting IDC (Internet Data Center, Internet Data Center) business traffic. The method of collecting IDC business traffic refers to statistics and analysis of the acquired business traffic from multiple dimensions , analyze the traffic flow and protocol ratio to determine the suspected IP. However, on the one hand, this method can only analyze the traffic, and the determined illegal transfer point is not accurate enough; on the other hand, the illegal transfer group can use different protocols and interfaces to access the transferred traffic through different transfer points. , therefore, cannot effectively determine the illegal transfer point.
当异网集团设置非法转接点时,则报文数据在经过非法转接点时源IP地址会发生改变,因此,可以将客户终端连接在异网环境中,并对接收到的报文数据进行判断,若该报文数据为连接在异网环境中的客户终端发送的,同时该报文数据的源IP地址不是本网的源IP地址,则该报文数据对应的源IP地址为非法转接点。具体的,则可以在客户终端发送的报文数据中的插入标识验证码,以判断接收到的报文数据是否为连接在异网环境中的客户终端发送的,该过程无需获取目标路由数据,能够有效确定报文数据的源IP地址是否为非法转接点,且该方法不依赖于业务流量,可以解决采集IDC业务流量的方法确定非法转接点时带来的缺陷。When the different network group sets an illegal transfer point, the source IP address of the message data will change when passing through the illegal transfer point. Therefore, the client terminal can be connected to the different network environment, and the received message data Make a judgment, if the message data is sent by a client terminal connected to a different network environment, and the source IP address of the message data is not the source IP address of the local network, then the source IP address corresponding to the message data is illegal transfer point. Specifically, the identification verification code can be inserted into the message data sent by the client terminal to determine whether the received message data is sent by a client terminal connected to a different network environment. This process does not need to obtain the target routing data. It can effectively determine whether the source IP address of the message data is an illegal transfer point, and the method does not depend on the service flow, and can solve the defects caused by the method of collecting IDC service flow to determine the illegal transfer point.
下面以具体地实施例对本发明的技术方案进行详细说明。下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例不再赘述。The technical solution of the present invention will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments.
图2为本发明实施例提供的一种非法转接点检测方法的流程示意图,本实施例的方法可以由测试服务器执行。如图2所示,本实施例的方法,可以包括:FIG. 2 is a schematic flowchart of a method for detecting an illegal transfer point provided by an embodiment of the present invention, and the method of this embodiment may be executed by a test server. As shown in Figure 2, the method of this embodiment may include:
S201、接收客户终端发送的报文数据;所述报文数据包括源IP地址、客户终端信息和标识验证码;其中,所述标识验证码为管理平台根据客户终端信息下发的数据。S201. Receive message data sent by a client terminal; the message data includes a source IP address, client terminal information, and an identification verification code; wherein the identification verification code is data issued by the management platform according to the client terminal information.
在本实施例中,客户终端包括通过正常网络向测试服务器发送报文数据的客户终端,还包括连接在异网环境中,并在发送的报文数据中设置有标识验证码的客户终端,其中,连接在异网环境中的客户终端被称为软探针客户端。测试服务器和异网环境中的客户终端相互配合,通过客户终端模拟互联网业务,测试服务器对客户终端发送的报文数据进行接收。其中,客户终端的数量可以为多个,且要连接在异网的不同位置,避免被对方分析到而进行屏蔽,出现探测失效的情况。In this embodiment, the client terminal includes a client terminal that sends message data to the test server through a normal network, and also includes a client terminal that is connected in a different network environment and is provided with an identification verification code in the message data sent, wherein , the client terminal connected in a different network environment is called a soft probe client. The test server cooperates with the client terminal in the different network environment to simulate Internet services through the client terminal, and the test server receives the message data sent by the client terminal. Among them, the number of client terminals can be multiple, and they must be connected to different locations on different networks, so as to avoid being analyzed by the other party and being shielded, and detection failure occurs.
客户终端发送的报文数据中包括源IP地址、客户终端信息和标识验证码,其中,源IP地址指的是客户终端在发送报文时的IP地址;客户端信息是指客户端的ID或客户端的名称以及执行任务的编号等;标识验证码为管理平台通过预设规则随机生成的校验码,例如,可以为64bit的随机校验码。The message data sent by the client terminal includes source IP address, client terminal information and identification verification code, wherein, the source IP address refers to the IP address of the client terminal when sending the message; the client information refers to the client ID or client ID. The name of the terminal and the number of the task to be executed, etc.; the identification verification code is a verification code randomly generated by the management platform through preset rules, for example, it can be a 64bit random verification code.
其中,报文数据就是客户终端在上网时发起的请求数据。该请求数据可以根据管理平台下发的任务包括不同种类的真实业务,例如模拟客户终端访问网站的业务,模拟客户终端观看视频资源的业务,模拟客户终端下载资源的业务等。Wherein, the message data is the request data initiated by the client terminal when surfing the Internet. The request data can include different types of real services according to the tasks issued by the management platform, such as simulating the services of client terminals visiting websites, simulating services of client terminals watching video resources, simulating services of client terminals downloading resources, and so on.
测试服务器可以通过复制上行流量,并从上行流量中获取报文数据的方式来接收数据,还可以是直接接收客户终端发送的报文数据。The test server can receive data by copying the uplink traffic and obtaining packet data from the uplink traffic, or directly receive the packet data sent by the client terminal.
S202、根据所述标识验证码确定所述报文数据的发送方是否为连接到异网的客户终端。S202. Determine whether the sender of the message data is a client terminal connected to a different network according to the identification verification code.
其中,异网是指其他运营商的网络,本网是指测试人员所属方的运营商网络,例如:本网为联通运营商的网络,异网为非联通运营商的任一网络。当测试服务器在接收到报文数据时,该报文数据的来源可能为连接在异网环境中的客户终端,还有可能是通过连接在本网环境中的客户终端。因此,当要确定非法转接点时,需要先确定报文数据的发送方为连接在异网环境中的客户终端,再根据异网环境中客户终端的报文数据判断是否经过非法转接点。Among them, the different network refers to the network of other operators, and the local network refers to the network of the operator to which the tester belongs. For example, the local network is the network of the China Unicom operator, and the foreign network is any network of the non-China Unicom operator. When the test server receives the message data, the source of the message data may be a client terminal connected in a different network environment, or may be a client terminal connected in a local network environment. Therefore, when determining an illegal transfer point, it is necessary to first determine that the sender of the message data is a client terminal connected to a different network environment, and then judge whether the message data of the client terminal in a different network environment passes through an illegal transfer point .
具体的,可以通过标识验证码进行确定,测试服务器可以获取报文数据中的标识验证码,并对标识验证码进行处理,若处理后的结果若满足预设条件则表示该报文数据的发送方为连接到异网的客户终端。Specifically, it can be determined through the identification verification code. The test server can obtain the identification verification code in the message data and process the identification verification code. If the processed result meets the preset conditions, it means that the message data is sent The party is a client terminal connected to a different network.
S203、若所述报文数据的发送方是连接到异网的客户终端,则根据所述源IP地址和客户终端信息生成检测指令,并将所述检测指令发送给所述管理平台,所述检测指令用于供所述管理平台确定所述源IP地址是否为非法转接点。S203. If the sender of the message data is a client terminal connected to a different network, generate a detection instruction according to the source IP address and client terminal information, and send the detection instruction to the management platform, the The detection instruction is used for the management platform to determine whether the source IP address is an illegal transfer point.
在本实施例中,当确定客户终端为连接到异网的客户终端后,需要继续根据客户终端的报文数据进行判断,确定报文数据中的源IP地址是否为非法转接点。其中,该判断过程可以在管理平台执行。具体的,测试服务器在确定客户终端为连接到异网环境中的客户终端后,可以对报文数据进行解封,得到客户终端信息和源IP地址,并将解封到的客户终端信息和源IP地址结合,以生成检测指令,并将检测指令发送给管理平台。In this embodiment, after determining that the client terminal is connected to a different network, it is necessary to continue to judge according to the message data of the client terminal to determine whether the source IP address in the message data is an illegal transfer point. Wherein, the judging process can be executed on the management platform. Specifically, after the test server determines that the client terminal is connected to a different network environment, it can decapsulate the packet data, obtain the client terminal information and source IP address, and unpack the obtained client terminal information and source IP address. Combine the IP addresses to generate a detection instruction, and send the detection instruction to the management platform.
管理平台可以根据该检测指令确定源IP地址是否为非法转接点,其中,管理平台判断的依据是,当客户终端发送的报文数据在经过非法转接点时,报文数据中的源IP地址会发生改变;而当客户终端发送的报文数据在经过合法通道进行传输时,报文中的源IP地址不会发生改变。管理通过对报文数据中的源IP地址进行判断,可以确定源IP地址是否为非法转接点。The management platform can determine whether the source IP address is an illegal transfer point according to the detection instruction. The basis for the judgment of the management platform is that when the message data sent by the client terminal passes through the illegal transfer point, the source IP address in the message data The address will change; and when the message data sent by the client terminal is transmitted through a legal channel, the source IP address in the message will not change. The management can determine whether the source IP address is an illegal transfer point by judging the source IP address in the message data.
上述确定源IP地址是否为非法转接点的方法通过在报文数据中插入标识验证码,能够精准确定报文数据的发送方是否为异网环境中的客户终端,进而对该客户终端的源IP地址进行判断,使得能够准确确定非法转接点,该方法无需获取路由数据,当对方将控制报文协议关闭时,也可以确定非法转接点,此外,还可以解决通过流量分析的方法确定的非法转接点不准确的缺陷。The above method for determining whether the source IP address is an illegal transfer point can accurately determine whether the sender of the message data is a client terminal in a different network environment by inserting an identification verification code into the message data, and then the source of the client terminal Judging the IP address makes it possible to accurately determine the illegal transfer point. This method does not need to obtain routing data. When the other party closes the control message protocol, the illegal transfer point can also be determined. In addition, it can also be resolved through traffic analysis. The defect of inaccurate illegal transfer point.
图3为本发明实施例提供的一种对本省的非法转接点进行检测的方法流程示意图,图4为本发明实施例提供的对本省的非法转接点进行检测时的客户终端模拟应用示意图;图5为本发明实施例提供的对本省的非法转接点检测时的数据处理示意图;在上述实施例的基础上,本发明实施例能够对本省的非法转接点进行检测,以有效确定本省的非法转接点的效果。参见图3、图4及图5对该实施例进行详细说明。如图3所示,本实施例的方法,包括:Figure 3 is a schematic flowchart of a method for detecting illegal transfer points in the province provided by an embodiment of the present invention, and Figure 4 is a schematic diagram of a client terminal simulation application for detecting illegal transfer points in the province provided by an embodiment of the present invention ; Figure 5 is a schematic diagram of data processing provided by the embodiment of the present invention when detecting illegal transfer points in this province; The effect of illegal transit points in the province. Referring to FIG. 3 , FIG. 4 and FIG. 5 , this embodiment will be described in detail. As shown in Figure 3, the method of this embodiment includes:
步骤S301、采集城域网出口的报文数据。Step S301, collecting packet data at the egress of the MAN.
其中,所述测试服务器为设置在本省城域网出口的局端采集分析设备,所述报文数据包括目的IP地址或目的端口。Wherein, the test server is a central office acquisition and analysis device installed at the exit of the provincial MAN, and the message data includes a destination IP address or a destination port.
在本实施例中,本省是指测试人员所在省份,本网是指测试人员所属运营商网络,此种情况可以理解为,当本省异网运营商通过在本省设置非法转接点,并通过该非法转接点将异网流量偷渡到本网时,能够将该非法转接点检测出来。In this embodiment, the province refers to the province where the tester is located, and the network refers to the network of the operator to which the tester belongs. In this case, it can be understood that when the operator of a different network in this province sets up an illegal transfer point in this province and passes the When an illegal transfer point smuggles traffic from another network to the local network, the illegal transfer point can be detected.
其中,对本省的非法转接点进行检测时,测试服务器为局端采集分析设备,该设备为具备数据采集与分析的服务器。如图4所示,客户终端设置在本省异网环境中,局端采集分析设备设置在本省城域网出口位置,也就是设置在本省本网的城域网出口的位置,采集的数据也就是流经本省本网的报文数据。其中,非法转接点可以提供NAT或Proxy服务,NAT指的是IP转换上网功能设备,Proxy指的是协议上网代理服务器,通过NAT或Proxy可以使异网流量偷渡至本网。Among them, when detecting illegal transfer points in this province, the test server is the central office collection and analysis equipment, which is a server with data collection and analysis. As shown in Figure 4, the client terminal is set in the different network environment of the province, and the central office acquisition and analysis equipment is set at the exit of the MAN of the province, that is, the exit of the MAN of the local network of the province, and the collected data is Packet data flowing through the province and the network. Among them, the illegal transfer point can provide NAT or Proxy service. NAT refers to the IP conversion Internet access function device, and Proxy refers to the protocol Internet access proxy server. Through NAT or Proxy, the traffic from different networks can be smuggled to the local network.
其中,采集数据的方法可以为端口镜像或无源分光的方式,实现将宽带用户出网的访问请求数据复制到局端采集分析设备中。其中,端口镜像是指通过在网络的核心层或汇聚层的交换机上设置端口镜像,将交换机的上联端口的出境数据复制到局端采集分析设备上。无源分光是指在光线路终端设置分光器,通过在物理层上进行光复制来获取用户的访问请求数据。其中,访问请求数据也就是报文数据。Wherein, the data collection method may be port mirroring or passive optical splitting, so as to copy the access request data of the broadband users out of the network to the central office collection and analysis equipment. Among them, port mirroring refers to copying the outbound data of the uplink port of the switch to the collection and analysis equipment at the local end by setting port mirroring on the switch at the core layer or the aggregation layer of the network. Passive optical splitting refers to setting an optical splitter at an optical line terminal, and obtaining user access request data through optical replication on the physical layer. Wherein, the access request data is message data.
如图5所示,客户终端发送的报文数据的状态为报文数据的原始状态,当报文数据经过非法转接点进入本网时,也就是局端采集分析设备获取的报文数据的状态为报文进入本网时的状态。其中,客户终端发送的报文数据中的源IP地址为Local_ip,接收到的报文数据中的源IP地址为Global_ip,Local_ip表示在异网环境中使用的网络IP地址,Global_ip表示在本网环境中使用的网络IP地址。当经过非法转接点时,源IP地址发生改变,即Local_ip不等于Global_ip;当未经过非法转接点时,源IP地址不发生改变,即Local_ip等于Global_ip。As shown in Figure 5, the state of the message data sent by the client terminal is the original state of the message data. The state is the state when the packet enters the local network. Among them, the source IP address in the message data sent by the client terminal is Local_ip, the source IP address in the received message data is Global_ip, Local_ip represents the network IP address used in the different network environment, and Global_ip represents the network IP address used in the local network environment The network IP address used in . When passing through an illegal transfer point, the source IP address changes, that is, Local_ip is not equal to Global_ip; when not passing through an illegal transfer point, the source IP address does not change, that is, Local_ip is equal to Global_ip.
步骤S302、从采集到的报文数据中筛选出包含预设的目的IP地址或目的端口的报文数据。Step S302, filter out the packet data including the preset destination IP address or destination port from the collected packet data.
其中,局端采集分析设备在获取到报文数据后,可以对获取到的报文数据进行筛选,具体的,客户终端发送的报文数据中包含目的IP或目的端口,局端采集分析设备可以通过目的IP或目的端口来筛选报文数据。具体的,可以通过接收管理平台发送的指令,来确定要筛选的目的IP或目的端口对应的报文数据。Wherein, after obtaining the message data, the central office acquisition and analysis device can filter the acquired message data. Specifically, the message data sent by the client terminal includes the destination IP or destination port, and the central office acquisition and analysis device can Filter packet data by destination IP or destination port. Specifically, the message data corresponding to the destination IP or destination port to be screened can be determined by receiving an instruction sent by the management platform.
客户终端根据管理平台下发的互联网资源A所在的目的IP地址或目的端口,将报文数据发送出去以访问到互联网资源A,如图4所示的数据流1;客户终端根据管理平台下发的互联网资源B所在的目的IP地址或目的端口,将报文数据发送出去以访问到互联网资源B,如图4所示的数据流2。局端采集分析设备通过互联网资源A和互联网资源B所对应的目的IP或目的端口,可以得到与数据流1和数据流2对应的报文数据。其中,测试数据流的目标地址与协议不同,可能会形成不同的本省本网的IP地址,如Global_ip1和Global_ip2。According to the destination IP address or destination port of the Internet resource A issued by the management platform, the client terminal sends the message data to access the Internet resource A, as shown in Figure 4
通过筛选包含目的IP或目的端口的数据,可以减少局端采集分析设备的处理报文数据的数量。By filtering the data containing the destination IP or destination port, the number of processing packet data collected and analyzed by the central office can be reduced.
步骤S303、对所述报文数据进行解析处理,得到所述报文数据中的标识验证码。Step S303 , analyzing and processing the message data to obtain an identification verification code in the message data.
当根据标识验证码判断报文数据的发送方是否为连接到异网的客户终端时,可以先对获取的报文数据进行解析,以得到报文数据中的标识验证码,其中,可以采用深度报文检测(Deep Packet Inspection,DPI)技术解开开放式系统互联通信参考模型的三层与四层报文头部,并分析制定位置的数值以得到标识验证码。When judging whether the sender of the message data is a client terminal connected to a different network according to the identification verification code, the obtained message data can be parsed first to obtain the identification verification code in the message data, where depth can be used The Deep Packet Inspection (DPI) technology unlocks the Layer 3 and Layer 4 packet headers of the Open System Interconnection Communication Reference Model, and analyzes the value at the specified position to obtain the identification verification code.
步骤S304、对所述标识验证码和第一校验信息按照预设校验规则进行运算,得到校验结果。Step S304, performing calculations on the identification verification code and the first verification information according to a preset verification rule to obtain a verification result.
其中,在本实施例中,在获取标识验证码之后,可以对标识验证码进行校验。局端采集分析设备中存储中管理平台下发的第一校验信息和第二检验信息,其中,第二校验信息是根据标识验证码和第一校验信息通过预设校验规则的运算得到的。第一校验信息和第二校验信息以及标识验证码为二进制数据。Wherein, in this embodiment, after the identification verification code is acquired, the identification verification code may be verified. The central office collects and analyzes the first verification information and the second verification information issued by the management platform in the storage, wherein the second verification information is calculated according to the identification verification code and the first verification information through the preset verification rules owned. The first verification information, the second verification information and the identification verification code are binary data.
因此,在获取到标识验证码后,可以将标识验证码和第一校验信息按照预设校验规则进行运算,得到校验结果。例如:管理平台下发的数据为通过与运算的校验规则得到的,那么将标识验证码和第一校验信息执行与运算,得到与运算的校验结果。Therefore, after the identification verification code is obtained, the identification verification code and the first verification information may be operated according to a preset verification rule to obtain a verification result. For example, if the data delivered by the management platform is obtained through the verification rule of the AND operation, then the AND operation is performed on the identification verification code and the first verification information to obtain the verification result of the AND operation.
步骤S305、判断所述校验结果与第二校验信息是否一致,若一致,则确定所述报文数据的发送方是连接到异网的客户终端。Step S305 , judging whether the verification result is consistent with the second verification information, and if so, determining that the sender of the message data is a client terminal connected to a different network.
其中,所述第一校验信息和第二校验信息为所述管理平台根据预设校验规则生成并发送给所述测试服务器的数据。Wherein, the first verification information and the second verification information are data generated by the management platform according to preset verification rules and sent to the test server.
在得到校验结果后,可以将校验结果和第二校验信息进行比较,判断是否一致,若一致,则表示该标识验证码为管理平台下发的数据,与该标识验证码对应的报文数据的发送方则为连接到异网的客户终端。若不一致,则表示该标识验证码不是管理平台下发的数据,与该标识验证码对应的报文数据的发送方不是连接到异网的客户终端。After the verification result is obtained, the verification result can be compared with the second verification information to determine whether they are consistent. If they are consistent, it means that the identification verification code is the data issued by the management platform, and the report corresponding to the identification verification code The sender of text data is a client terminal connected to a different network. If not, it means that the identification verification code is not the data issued by the management platform, and the sender of the message data corresponding to the identification verification code is not a client terminal connected to a different network.
步骤S306、若所述报文数据的发送方是连接到异网的客户终端,则根据所述源IP地址和客户终端信息生成检测指令,并将所述检测指令发送给所述管理平台,所述检测指令用于供所述管理平台确定所述源IP地址是否为非法转接点。Step S306, if the sender of the message data is a client terminal connected to a different network, generate a detection instruction according to the source IP address and client terminal information, and send the detection instruction to the management platform, The detection instruction is used for the management platform to determine whether the source IP address is an illegal transfer point.
其中,步骤S306与上述实施例中的步骤S203类似,本实施例此处不做赘述。Wherein, step S306 is similar to step S203 in the foregoing embodiment, and details are not described here in this embodiment.
在上述实施例中,通过设置一个局端采集分析设备可以获取所有目的IP地址或目的端口的报文数据,无需设置多个测试服务器,管理平台通过统一生成标识验证码、第一校验信息和第二校验信息,并使测试服务器根据两个校验信息对标识验证码进行校验,该过程需要进行二次校验,先获取校验结果,再对校验结果进行校验,具有较高的安全性。此外,标识验证码为随机生成的,且校验规则可随时更改,异网集团无法跟踪。In the above-mentioned embodiment, the message data of all destination IP addresses or destination ports can be obtained by setting a central office acquisition and analysis device, without setting up multiple test servers, and the management platform can uniformly generate the identification verification code, the first verification information and The second verification information, and make the test server verify the identification verification code according to the two verification information. This process requires a second verification, first obtain the verification result, and then verify the verification result, which has a relatively High security. In addition, the identification verification code is randomly generated, and the verification rules can be changed at any time, which cannot be tracked by Yiwang Group.
图6为本发明实施例提供的一种对他省的非法转接点进行检测的方法流程示意图,图7为本发明实施例提供的对他省的非法转接点进行检测时的客户终端模拟应用示意图;图8为本发明实施例提供的对他省的非法转接点检测时的数据处理示意图。在上述实施例的基础上,本发明实施例能够对他省的非法转接点进行检测,可以达到对他省非法转接点进行检测的效果。如图6所示,本实施例的方法,包括:Fig. 6 is a schematic flowchart of a method for detecting illegal transfer points in other provinces provided by an embodiment of the present invention, and Fig. 7 is a simulation of a client terminal when detecting illegal transfer points in other provinces provided by an embodiment of the present invention Application schematic diagram; FIG. 8 is a schematic diagram of data processing when detecting illegal transfer points in other provinces provided by the embodiment of the present invention. On the basis of the above embodiments, the embodiment of the present invention can detect illegal transfer points in other provinces, and can achieve the effect of detecting illegal transfer points in other provinces. As shown in Figure 6, the method of this embodiment includes:
步骤S601、接收包含所述目的IP地址或目的端口的报文数据。Step S601. Receive packet data including the destination IP address or destination port.
其中,所述测试服务器为对应于目的IP地址或目的端口的测试服务器,所述报文数据包括目的IP地址或目的端口。Wherein, the test server is a test server corresponding to the destination IP address or destination port, and the packet data includes the destination IP address or destination port.
在本实施例中,他省是指非测试人员所在省份,测试服务器为信息港节点,信息港节点为一个运行在服务器上的程序,服务器可以设置在任意网络,信息港节点的个数可以多个,从而获取较多的报文数据,一个信息港节点仅可以测试一个目的IP或目的端口的报文数据。信息港节点的程序支持X86架构的通用服务器、CenOS7.0及以上的操作系统。In this embodiment, other provinces refer to provinces where non-testers are located. The test server is an information port node, and the information port node is a program running on the server. The server can be set on any network, and the number of information port nodes can be as large as possible. In order to obtain more message data, one information port node can only test the message data of one destination IP or destination port. The program of the information port node supports the general server of X86 architecture, and the operating system of CenOS7.0 and above.
信息港节点监测的报文数据的列表是由管理平台确定的,可以支持按照目标协议TCP/UDP,目的IP地址和目标端口进行定义,同时还可以覆盖多种真实的上网业务。The list of message data monitored by the information port node is determined by the management platform, which can support definition according to the target protocol TCP/UDP, target IP address and target port, and can also cover a variety of real Internet services.
信息港节点获取的报文数据为流经他省的报文数据,例如,信息港节点为设置在A省(非本省)的测试服务器,则接收的报文数据为流经A省的报文数据。The message data obtained by the information port node is the message data flowing through other provinces. For example, the information port node is a test server set up in province A (not the province), and the received message data is the message flowing through province A data.
信息港节点获取的报文数据直接就是包含目的IP地址或目的端口的数据,无需经过数据筛选的过程。此外,信息港节点具有灵活部署及应用可扩展性等特点,能够与客户终端相互配合,获取有用信息。The message data obtained by the information port node directly includes the data of the destination IP address or destination port, without the process of data screening. In addition, the information port node has the characteristics of flexible deployment and application scalability, and can cooperate with client terminals to obtain useful information.
当要检测他省的非法转接点时,若在外省的城域网出口设置局端采集分析设备,会获取该外省的所有上行访问数据,则会对外省的数据安全造成隐患,因此采用上述方法不能实现对他省的非法转接点进行定位。When it is necessary to detect illegal transfer points in other provinces, if the central office collection and analysis equipment is installed at the exit of the MAN in other provinces, all the uplink access data of the other provinces will be obtained, which will cause hidden dangers to the data security of the other provinces. Therefore, the above-mentioned The method cannot realize the positioning of illegal transfer points in other provinces.
通过在被测试地设置信息港节点,可以直接获取目的IP地址或目的端口的报文数据,无需采集城域网出口的所有数据,进而能够实现对报文数据的分析,并根据报文数据确定是否存在非法转接点。By setting up the information port node in the tested place, the message data of the destination IP address or destination port can be obtained directly, without collecting all the data of the MAN egress, and then the analysis of the message data can be realized, and the data can be determined according to the message data. Whether there is an illegal transfer point.
如图7所示,可以在异网、CDN网络、云资源、他省本网及本省本网等位置设置信息港节点,在本省本网设置管理平台,用于接收信息港节点发送的检测指令。As shown in Figure 7, information port nodes can be set up in different networks, CDN networks, cloud resources, local networks of other provinces, and local networks of this province, etc., and management platforms can be set up on local networks of this province to receive detection instructions sent by information port nodes .
对于他省的非法转接点的检测方法和本省相同,如图8所示,若报文数据经过他省的非法转接点,则源IP地址会发生改变。The detection method for illegal transfer points in other provinces is the same as that in this province. As shown in Figure 8, if the packet data passes through illegal transfer points in other provinces, the source IP address will change.
需要说明的是,该方法也可以对本省的非法转接点进行检测,即将信息港节点设置在本省本网的位置。It should be noted that this method can also detect illegal transfer points in the province, that is, set the information port node at the location of the province's main network.
步骤S602、对所述报文数据进行解析处理,得到所述报文数据中的标识验证码。Step S602, analyzing and processing the message data to obtain an identification verification code in the message data.
步骤S603、对所述标识验证码和第一校验信息按照预设校验规则进行运算,得到校验结果。Step S603, performing calculations on the identification verification code and the first verification information according to a preset verification rule to obtain a verification result.
步骤S604、判断所述校验结果与第二校验信息是否一致,若一致,则确定所述报文数据的发送方是连接到异网的客户终端。Step S604, judging whether the verification result is consistent with the second verification information, and if so, determining that the sender of the message data is a client terminal connected to a different network.
其中,所述第一校验信息和第二校验信息为所述管理平台根据预设校验规则生成并发送给所述测试服务器的数据。Wherein, the first verification information and the second verification information are data generated by the management platform according to preset verification rules and sent to the test server.
步骤S605、若所述报文数据的发送方是连接到异网的客户终端,则根据所述源IP地址和客户终端信息生成检测指令,并将所述检测指令发送给所述管理平台,所述检测指令用于供所述管理平台确定所述源IP地址是否为非法转接点。Step S605, if the sender of the message data is a client terminal connected to a different network, generate a detection instruction according to the source IP address and client terminal information, and send the detection instruction to the management platform, the The detection instruction is used for the management platform to determine whether the source IP address is an illegal transfer point.
其中,步骤S602至步骤S605与上述实施例中的步骤S303至步骤S306类似,本实施例此处不做赘述。Wherein, Step S602 to Step S605 are similar to Step S303 to Step S306 in the above-mentioned embodiment, and details are not described here in this embodiment.
上述实施例通过设置信息港节点,可以对他省的非法转接点进行检测,能够使客户终端测试目标更加灵活,可以获取更多的有效报文数据,可以提高筛查非法转接点的效率。信息港节点还可以灵活部署,避免被异网集团监控。The above embodiments can detect illegal transfer points in other provinces by setting information port nodes, which can make the client terminal test target more flexible, obtain more valid message data, and improve the efficiency of screening illegal transfer points . The information port node can also be flexibly deployed to avoid being monitored by the different network group.
图9为本发明实施例提供的另一种非法转接点检测方法的流程示意图,本实施例的方法可以由管理平台执行。如图9所示,本实施例的方法,可以包括:FIG. 9 is a schematic flowchart of another illegal transfer point detection method provided by an embodiment of the present invention, and the method of this embodiment can be executed by a management platform. As shown in Figure 9, the method of this embodiment may include:
步骤S901、向客户终端发送标识验证码,以使所述客户终端根据源IP地址、客户终端信息和标识验证码得到报文数据,并将得到的报文数据发送给测试服务器。Step S901 , sending the identification verification code to the client terminal, so that the client terminal obtains message data according to the source IP address, client terminal information and the identification verification code, and sends the obtained message data to the test server.
在本实施例中,在非法转接点的检测过程中,管理平台需要先向客户终端发送标识验证码,该标识验证码为管理平台通过预设校验规则随机生成的。客户终端在接收到标识验证码后,可以根据标识验证码,源IP地址、客户终端信息得到报文数据。具体的,客户终端可以按照预设规则对上述数据进行封装,以得到报文数据。In this embodiment, during the detection process of an illegal transfer point, the management platform needs to first send an identification verification code to the client terminal, and the identification verification code is randomly generated by the management platform through preset verification rules. After receiving the identification verification code, the client terminal can obtain message data according to the identification verification code, source IP address, and client terminal information. Specifically, the client terminal may encapsulate the above data according to preset rules to obtain message data.
步骤S902、接收所述测试服务器发送的检测指令,所述检测指令包括源IP地址和客户终端信息。Step S902. Receive a detection instruction sent by the test server, where the detection instruction includes a source IP address and client terminal information.
其中,所述检测指令是测试服务器在接收客户终端发送的报文数据,并确定所述报文数据的发送方为连接到异网的客户终端后生成并发送给管理平台的。Wherein, the detection instruction is generated and sent to the management platform after the test server receives the message data sent by the client terminal and determines that the sender of the message data is a client terminal connected to a different network.
在本实施例中,测试服务器在确定报文数据的发送方为连接到异网的客户终端后,可以生成检测指令,管理平台可以接收到该检测指令。In this embodiment, after the test server determines that the sender of the message data is a client terminal connected to a different network, it can generate a detection instruction, and the management platform can receive the detection instruction.
步骤S903、根据所述检测指令确定所述源IP地址是否为非法转接点。Step S903. Determine whether the source IP address is an illegal transfer point according to the detection instruction.
其中,管理平台在根据检测指令判断是否存在非法转接点时,具体的,可以根据检测指令中的客户终端信息判断源IP地址是否为非法转接点。Wherein, when the management platform judges whether there is an illegal transfer point according to the detection instruction, specifically, it may judge whether the source IP address is an illegal transfer point according to the client terminal information in the detection instruction.
当报文数据经过非法转接点时,源IP地址会发生改变,因此,基于上述事实,管理平台可以确定源IP地址是否为非法转接点。When the message data passes through an illegal transfer point, the source IP address will change. Therefore, based on the above facts, the management platform can determine whether the source IP address is an illegal transfer point.
上述方法,在确定报文数据为异网的客户终端发送的报文数据后,可以对报文数据中的源IP地址进行判断,当同时满足为异网客户终端发送的报文数据,且报文数据的源IP地址发生改变,则该源IP地址为非法转接点,能够有效及准确的确定非法转接点,无需进行二次判断。In the above method, after determining that the message data is sent by a client terminal on a different network, the source IP address in the message data can be judged. If the source IP address of the text data changes, the source IP address is an illegal transfer point, and the illegal transfer point can be effectively and accurately determined without secondary judgment.
图10为本发明实施例提供的另一种对本省的非法转接点进行检测的方法流程示意图,在上述实施例的基础上,本发明实施例能够对本省的非法转接点进行检测,可以达到对本省的非法转接点进行检测的效果。如图10所示,本实施例的方法,包括:Fig. 10 is a schematic flowchart of another method for detecting illegal transfer points in the province provided by the embodiment of the present invention. On the basis of the above-mentioned embodiments, the embodiment of the present invention can detect illegal transfer points in the province. The effect of detecting illegal transfer points in this province is achieved. As shown in Figure 10, the method of this embodiment includes:
S1001、向客户终端发送标识验证码,以使所述客户终端根据源IP地址、客户终端信息和标识验证码得到报文数据,并将得到的报文数据发送给测试服务器。S1001. Send the identification verification code to the client terminal, so that the client terminal obtains message data according to the source IP address, client terminal information and the identification verification code, and sends the obtained message data to the test server.
可选的,向客户终端发送标识验证码的过程可以为:接收所述客户终端发送的客户终端ID;对所述客户终端ID进行验证,若验证通过,则向所述客户终端发送测试任务和标识验证码,以使所述客户终端根据测试任务和标识验证码得到封装后的报文数据;其中,所述测试任务包括目的IP或目的端口。Optionally, the process of sending the identification verification code to the client terminal may be: receiving the client terminal ID sent by the client terminal; verifying the client terminal ID, and if the verification is passed, sending the test task and An identification verification code, so that the client terminal obtains the encapsulated message data according to the test task and the identification verification code; wherein, the test task includes a destination IP or a destination port.
在向客户终端发送标识验证码之前,需要先对客户终端进行验证,验证通过后,表示客户终端合法,具体的,客户终端可以先向管理平台发送客户终端ID,管理平台判断该客户终端ID是否为存储的客户终端ID,若是,则验证通过。客户终端在验证通过后,管理平台可以生成标识验证码和测试任务,测试任务可以覆盖多种真实业务,如访问网站的业务,观看视频资源的业务,下载资源的业务等。Before sending the identification verification code to the client terminal, the client terminal needs to be verified first. After the verification is passed, it means that the client terminal is legal. Specifically, the client terminal can first send the client terminal ID to the management platform, and the management platform judges whether the client terminal ID is valid. is the stored client terminal ID, if yes, the verification is passed. After the client terminal passes the verification, the management platform can generate identification verification codes and test tasks. The test tasks can cover a variety of real services, such as services for visiting websites, services for watching video resources, and services for downloading resources.
客户终端在得到标识验证码和测试任务后,可以将得到的数据进行封装,以得到报文数据。封装后的报文数据可以参见图5及图8所示的报文数据。After obtaining the identification verification code and the test task, the client terminal can encapsulate the obtained data to obtain message data. For the encapsulated message data, refer to the message data shown in FIG. 5 and FIG. 8 .
通过对客户终端进行验证,可以确保数据验证过程的信息安全,避免被异网集团监控。By verifying the client terminal, it can ensure the information security of the data verification process and avoid being monitored by the different network group.
S1002、接收所述局端采集分析设备发送的检测指令;所述检测指令为局端采集分析设备在确定所述报文数据的发送方为连接到异网的客户终端后生成的。S1002. Receive a detection instruction sent by the central office collection and analysis device; the detection instruction is generated by the central office collection and analysis device after determining that the sender of the packet data is a client terminal connected to a different network.
所述测试服务器为设置在本省城域网出口的局端采集分析设备,所述报文数据包括目的IP地址或目的端口。The test server is a local acquisition and analysis device installed at the exit of the provincial MAN, and the message data includes a destination IP address or a destination port.
管理平台接收局端采集分析设备发送的检测指令的过程与局端采集分析设备向管理平台发送检测指令的过程相对应,其实现原理和技术效果类似,此处不再赘述。The process of the management platform receiving the detection instruction sent by the central office acquisition and analysis equipment corresponds to the process of the central office acquisition and analysis equipment sending the detection instruction to the management platform. The implementation principle and technical effect are similar and will not be repeated here.
S1003、根据所述客户终端信息确定与所述客户终端对应的源IP地址。S1003. Determine the source IP address corresponding to the client terminal according to the client terminal information.
S1004、判断与所述客户终端对应的源IP地址和所述报文数据中的源IP地址是否一致。S1004. Determine whether the source IP address corresponding to the client terminal is consistent with the source IP address in the packet data.
S1005、若不一致,则确定所述报文数据中的源IP地址为非法转接点。S1005. If inconsistent, determine that the source IP address in the packet data is an illegal transfer point.
在确定源IP地址是否为非法转接点时,可以根据客户终端信息来判断。其中,客户终端信息可以为客户终端ID,还可以为客户终端名称。When determining whether the source IP address is an illegal transfer point, it can be judged according to the information of the client terminal. Wherein, the client terminal information may be a client terminal ID, and may also be a client terminal name.
管理平台中存储有每个客户终端的源IP地址,该源IP地址为客户终端发送报文数据时的源IP地址,也就是报文数据的初始状态的源IP地址。The source IP address of each client terminal is stored in the management platform, and the source IP address is the source IP address when the client terminal sends the message data, that is, the source IP address of the initial state of the message data.
在得到与所述客户终端对应的源IP地址后,可以将与所述客户终端对应的源IP地址和报文数据中的源IP地址进行比较,若不一致,则表示报文数据经过非法转接点,源IP地址发生了改变;若一致,则表示报文数据经过的是合法路径。After obtaining the source IP address corresponding to the client terminal, the source IP address corresponding to the client terminal can be compared with the source IP address in the message data, if they are inconsistent, it means that the message data has been illegally transferred point, the source IP address has changed; if they are consistent, it means that the packet data is passing through a legal path.
上述方法能对本省的非法转接点进行检测,在向客户终端发送标识验证码之前需要先对客户终端验证,能够保证客户终端的安全性,通过判断源IP地址是否发生改变,能够准确确定本省是否存在非法转接点。The above method can detect illegal transfer points in the province. Before sending the identification verification code to the client terminal, the client terminal needs to be verified first, which can ensure the security of the client terminal. By judging whether the source IP address has changed, the province can be accurately determined. Whether there is an illegal transfer point.
图11本发明实施例提供的另一种对他省的非法转接点进行检测的方法流程示意图,在上述实施例的基础上,本发明实施例能够对他省的非法转接点进行检测,可以达到对他省的非法转接点进行检测的效果。如图10所示,本实施例的方法,包括:Figure 11 is a schematic flowchart of another method for detecting illegal transfer points in other provinces provided by the embodiment of the present invention. On the basis of the above embodiments, the embodiment of the present invention can detect illegal transfer points in other provinces, The effect of detecting illegal transfer points in other provinces can be achieved. As shown in Figure 10, the method of this embodiment includes:
S1101、向客户终端发送标识验证码,以使所述客户终端根据源IP地址、客户终端信息和标识验证码得到报文数据,并将得到的报文数据发送给测试服务器。S1101. Send the identification verification code to the client terminal, so that the client terminal obtains message data according to the source IP address, client terminal information and the identification verification code, and sends the obtained message data to the test server.
其中,步骤S1101与上述实施例中的步骤S1001类似,本实施例此处不做赘述。Wherein, step S1101 is similar to step S1001 in the above embodiment, and will not be described in detail here in this embodiment.
S1102、接收所述测试服务器发送的检测指令;所述检测指令为所述测试服务器在确定所述报文数据的发送方为连接到异网的客户终端后生成的。S1102. Receive a detection instruction sent by the test server; the detection instruction is generated by the test server after determining that the sender of the message data is a client terminal connected to a different network.
其中,所述测试服务器为对应于目的IP地址或目的端口的测试服务器,所述报文数据包括目的IP地址或目的端口。Wherein, the test server is a test server corresponding to the destination IP address or destination port, and the packet data includes the destination IP address or destination port.
管理平台接收测试服务器发送的检测指令的过程与测试服务器向管理平台发送检测指令的过程相对应,其实现原理和技术效果类似,此处不再赘述。The process of the management platform receiving the detection instruction sent by the test server corresponds to the process of the test server sending the detection instruction to the management platform. The implementation principle and technical effect are similar, and will not be repeated here.
S1103、根据所述客户终端信息确定与所述客户终端对应的源IP地址。S1103. Determine the source IP address corresponding to the client terminal according to the client terminal information.
S1104、判断与所述客户终端对应的源IP地址和所述报文数据中的源IP地址是否一致。S1104. Determine whether the source IP address corresponding to the client terminal is consistent with the source IP address in the packet data.
S1105、若不一致,则确定所述报文数据中的源IP地址为非法转接点。S1105. If inconsistent, determine that the source IP address in the packet data is an illegal transfer point.
其中,步骤S1103至步骤S1105与上述实施例中的步骤S1003至步骤S1005类似,本实施例此处不做赘述。Wherein, steps S1103 to S1105 are similar to steps S1003 to S1005 in the above-mentioned embodiment, and details are not described here in this embodiment.
上述方法能对其他省份的非法转接点进行检测,在向客户终端发送标识验证码之前需要先对客户终端验证,能够保证客户终端的安全性,通过判断源IP地址是否发生改变,能够准确确定他省是否存在非法转接点。此外,该方法也可以确定本省的非法转接点。The above method can detect illegal transfer points in other provinces. Before sending the identification verification code to the client terminal, the client terminal needs to be verified first, which can ensure the security of the client terminal. By judging whether the source IP address has changed, it can be accurately determined. Whether there are illegal transfer points in other provinces. In addition, the method can also determine illegal transfer points in the province.
图12为本发明实施例提供的一种非法转接点的检测装置的结构示意图,如图12所示,本实施例提供的非法转接点的检测装置120,可以包括:第一接收模块1201,第一确定模块1202和第一发送模块1203。FIG. 12 is a schematic structural diagram of an illegal transfer point detection device provided by an embodiment of the present invention. As shown in FIG. 12 , the illegal transfer point detection device 120 provided in this embodiment may include: a
第一接收模块1201,用于接收客户终端发送的报文数据;所述报文数据包括源IP地址、客户终端信息和标识验证码;其中,所述标识验证码为管理平台根据客户终端信息下发的数据。The
第一确定模块1202,用于根据所述标识验证码确定所述报文数据的发送方是否为连接到异网的客户终端。The
第一发送模块1203,用于若所述报文数据的发送方是连接到异网的客户终端,则根据所述源IP地址和客户终端信息生成检测指令,并将所述检测指令发送给所述管理平台,所述检测指令用于供所述管理平台确定所述源IP地址是否为非法转接点。The
可选的,所述第一确定模块1202,具体用于:Optionally, the first determining
对所述报文数据进行解析处理,得到所述报文数据中的标识验证码;Analyzing the message data to obtain the identification verification code in the message data;
对所述标识验证码和第一校验信息按照预设校验规则进行运算,得到校验结果;Performing operations on the identification verification code and the first verification information according to a preset verification rule to obtain a verification result;
判断所述校验结果与第二校验信息是否一致,若一致,则确定所述报文数据的发送方是连接到异网的客户终端;Judging whether the verification result is consistent with the second verification information, if consistent, then determining that the sender of the message data is a client terminal connected to a different network;
其中,所述第一校验信息和第二校验信息为所述管理平台根据预设校验规则生成并发送给所述测试服务器的数据。Wherein, the first verification information and the second verification information are data generated by the management platform according to preset verification rules and sent to the test server.
可选的,所述第一接收模块1201,具体用于:Optionally, the
采集本省城域网出口的报文数据;Collect the message data of the provincial MAN export;
从采集到的报文数据中筛选出包含预设的目的IP地址或目的端口的报文数据;Filter out the packet data containing the preset destination IP address or destination port from the collected packet data;
其中,所述测试服务器为设置在本省城域网出口的局端采集分析设备,所述报文数据包括目的IP地址或目的端口。Wherein, the test server is a central office acquisition and analysis device installed at the exit of the provincial MAN, and the message data includes a destination IP address or a destination port.
可选的,所述第一接收模块1201,具体用于:Optionally, the
接收包含所述目的IP地址或目的端口的报文数据,其中,所述测试服务器为对应于目的IP地址或目的端口的测试服务器,所述报文数据包括目的IP地址或目的端口。receiving packet data containing the destination IP address or destination port, wherein the test server is a test server corresponding to the destination IP address or destination port, and the packet data includes the destination IP address or destination port.
本发明实施例提供的非法转接点的检测装置,可以实现上述如图2、图3和图6所示的实施例的非法转接点检测方法,其实现原理和技术效果类似,此处不再赘述。The device for detecting an illegal transfer point provided by the embodiment of the present invention can realize the above-mentioned method for detecting an illegal transfer point as shown in FIG. 2, FIG. 3 and FIG. Let me repeat.
图13为本发明实施例提供的另一种非法转接点的检测装置的结构示意图,如图13所示,本实施例提供的非法转接点的检测装置130,可以包括:第二发送模块1301,第二接收模块1302和第二确定模块1303。Fig. 13 is a schematic structural diagram of another detection device for an illegal transfer point provided by an embodiment of the present invention. As shown in Fig. 13, the detection device 130 for an illegal transfer point provided in this embodiment may include: a
第二发送模块1301,用于向客户终端发送标识验证码,以使所述客户终端根据源IP地址、客户终端信息和标识验证码得到报文数据并发送给测试服务器。The
第二接收模块1302,用于接收所述测试服务器发送的检测指令,所述检测指令包括源IP地址和客户终端信息;其中,所述检测指令是测试服务器在接收客户终端发送的报文数据,并确定所述报文数据的发送方为连接到异网的客户终端后生成并发送给管理平台的。The
第二确定模块1303,用于根据所述检测指令中的客户端信息和所述源IP地址确定所述源IP地址是否为非法转接点。The
可选的,第二确定模块1303,具体用于:Optionally, the second determining
根据所述客户终端信息确定与所述客户终端对应的源IP地址;determining a source IP address corresponding to the client terminal according to the client terminal information;
判断与所述客户终端对应的源IP地址和所述报文数据中的源IP地址是否一致;Judging whether the source IP address corresponding to the client terminal is consistent with the source IP address in the message data;
若不一致,则确定所述报文数据中的源IP地址为非法转接点。If not, it is determined that the source IP address in the packet data is an illegal transfer point.
可选的,第二接收模块1302,具体用于:Optionally, the
接收所述局端采集分析设备发送的检测指令;所述检测指令为局端采集分析设备在确定所述报文数据的发送方为连接到异网的客户终端后生成的;Receiving a detection instruction sent by the central office acquisition and analysis device; the detection instruction is generated by the central office acquisition and analysis equipment after determining that the sender of the message data is a client terminal connected to a different network;
所述测试服务器为设置在本省城域网出口的局端采集分析设备,所述报文数据包括目的IP地址或目的端口。The test server is a local acquisition and analysis device installed at the exit of the provincial MAN, and the message data includes a destination IP address or a destination port.
可选的,第二接收模块1302,具体用于:Optionally, the
接收所述测试服务器发送的检测指令;所述检测指令为所述测试服务器在确定所述报文数据的发送方为连接到异网的客户终端后生成的;Receiving a detection instruction sent by the test server; the detection instruction is generated by the test server after determining that the sender of the message data is a client terminal connected to a different network;
所述测试服务器为对应于目的IP地址或目的端口的测试服务器,所述报文数据包括目的IP地址或目的端口。The test server is a test server corresponding to the destination IP address or destination port, and the packet data includes the destination IP address or destination port.
可选的,第二发送模块1301,具体用于:Optionally, the
接收所述客户终端发送的客户终端ID;receiving the client terminal ID sent by the client terminal;
对所述客户终端ID进行验证,若验证通过,则向所述客户终端发送测试任务和标识验证码,以使所述客户终端根据测试任务和标识验证码得到封装后的报文数据;其中,所述测试任务包括目的IP或目的端口。Verify the ID of the client terminal, and if the verification is passed, send the test task and the identification verification code to the client terminal, so that the client terminal obtains the encapsulated message data according to the test task and the identification verification code; wherein, The test task includes destination IP or destination port.
本发明实施例提供的非法转接点的检测装置,可以实现上述如图9、图10及图11所示的实施例的非法转接点检测方法,其实现原理和技术效果类似,此处不再赘述。The detection device for an illegal transfer point provided by the embodiment of the present invention can realize the detection method for an illegal transfer point in the embodiment shown in Fig. 9, Fig. 10 and Fig. 11. Its implementation principle and technical effect are similar, and are not described here Let me repeat.
图14为本发明实施例提供的测试服务器的硬件结构示意图。如图14所示,本实施例提供的测试服务器140包括:至少一个处理器1401和存储器1402。其中,处理器1401、存储器1402通过总线1403连接。FIG. 14 is a schematic diagram of a hardware structure of a test server provided by an embodiment of the present invention. As shown in FIG. 14 , the test server 140 provided in this embodiment includes: at least one
在具体实现过程中,至少一个处理器1401执行所述存储器1402存储的计算机执行指令,使得至少一个处理器1401执行上述方法实施例中的非法转接点检测方法。In a specific implementation process, at least one
处理器1401的具体实现过程可参见上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。For the specific implementation process of the
图15为本发明实施例提供的管理平台的硬件结构示意图。如图15所示,本实施例提供的管理平台150包括:至少一个处理器1501和存储器1502。其中,处理器1501、存储器1502通过总线1503连接。FIG. 15 is a schematic diagram of the hardware structure of the management platform provided by the embodiment of the present invention. As shown in FIG. 15 , the management platform 150 provided in this embodiment includes: at least one
在具体实现过程中,至少一个处理器1501执行所述存储器1502存储的计算机执行指令,使得至少一个处理器1501执行上述方法实施例中的非法转接点检测方法。In a specific implementation process, at least one
处理器1501的具体实现过程可参见上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。For the specific implementation process of the
在上述的图14及图15所示的实施例中,应理解,处理器可以是中央处理单元(英文:Central Processing Unit,简称:CPU),还可以是其他通用处理器、数字信号处理器(英文:Digital Signal Processor,简称:DSP)、专用集成电路(英文:Application SpecificIntegrated Circuit,简称:ASIC)等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合发明所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。In the above-mentioned embodiments shown in FIG. 14 and FIG. 15, it should be understood that the processor may be a central processing unit (English: Central Processing Unit, referred to as: CPU), and may also be other general-purpose processors, digital signal processors ( English: Digital Signal Processor, referred to as: DSP), application specific integrated circuit (English: Application Specific Integrated Circuit, referred to as: ASIC), etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like. The steps of the method disclosed in conjunction with the invention can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
存储器可能包含高速RAM存储器,也可能还包括非易失性存储NVM,例如至少一个磁盘存储器。The memory may include high-speed RAM memory, and may also include non-volatile storage NVM, such as at least one disk memory.
总线可以是工业标准体系结构(Industry Standard Architecture,ISA)总线、外部设备互连(Peripheral Component,PCI)总线或扩展工业标准体系结构(ExtendedIndustry Standard Architecture,EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,本申请附图中的总线并不限定仅有一根总线或一种类型的总线。The bus may be an Industry Standard Architecture (Industry Standard Architecture, ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA) bus, etc. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, the buses in the drawings of the present application are not limited to only one bus or one type of bus.
本发明实施例还提供一种非法转接点检测系统,包括上述实施例所述的测试服务器以及上述实施例所述的管理平台。An embodiment of the present invention also provides an illegal transfer point detection system, including the test server described in the above embodiment and the management platform described in the above embodiment.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现上述方法实施例的非法转接点检测方法。An embodiment of the present invention also provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the processor executes the computer-executable instructions, the illegal transfer point detection of the above-mentioned method embodiment is realized method.
上述的计算机可读存储介质,上述可读存储介质可以是由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。可读存储介质可以是通用或专用计算机能够存取的任何可用介质。The above-mentioned computer-readable storage medium, the above-mentioned readable storage medium can be realized by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable Programmable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.
一种示例性的可读存储介质耦合至处理器,从而使处理器能够从该可读存储介质读取信息,且可向该可读存储介质写入信息。当然,可读存储介质也可以是处理器的组成部分。处理器和可读存储介质可以位于专用集成电路(Application Specific IntegratedCircuits,简称:ASIC)中。当然,处理器和可读存储介质也可以作为分立组件存在于设备中。An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium can also be a component of the processor. The processor and the readable storage medium may be located in application specific integrated circuits (Application Specific Integrated Circuits, ASIC for short). Of course, the processor and the readable storage medium can also exist in the device as discrete components.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above method embodiments can be completed by program instructions and related hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it executes the steps including the above-mentioned method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.
Claims (13)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011406849.0A CN114666072B (en) | 2020-12-04 | 2020-12-04 | Illegal transfer point detection method, server, platform, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011406849.0A CN114666072B (en) | 2020-12-04 | 2020-12-04 | Illegal transfer point detection method, server, platform, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666072A CN114666072A (en) | 2022-06-24 |
| CN114666072B true CN114666072B (en) | 2023-06-02 |
Family
ID=82025180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011406849.0A Active CN114666072B (en) | 2020-12-04 | 2020-12-04 | Illegal transfer point detection method, server, platform, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666072B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116193421A (en) * | 2023-02-27 | 2023-05-30 | 阿里云计算有限公司 | Method, device, system and electronic device for verifying network connection information |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007033363A2 (en) * | 2005-09-13 | 2007-03-22 | Ist International, Inc. | System and method for providing packet connectivity between heterogeneous networks |
| CN101764833A (en) * | 2008-12-24 | 2010-06-30 | 中国移动通信集团公司 | Resource node information notification method and network entity device |
| CN103532789A (en) * | 2013-10-25 | 2014-01-22 | 北京直真科技股份有限公司 | Inter-network transparent transmission detecting system |
| CN106878135A (en) * | 2016-12-21 | 2017-06-20 | 新华三技术有限公司 | A kind of connection method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7984160B2 (en) * | 2009-03-05 | 2011-07-19 | Riverbed Technology, Inc. | Establishing a split-terminated communication connection through a stateful firewall, with network transparency |
| US10158998B2 (en) * | 2016-06-21 | 2018-12-18 | Qualcomm Incorporated | Network path probing using available network connections |
-
2020
- 2020-12-04 CN CN202011406849.0A patent/CN114666072B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007033363A2 (en) * | 2005-09-13 | 2007-03-22 | Ist International, Inc. | System and method for providing packet connectivity between heterogeneous networks |
| CN101764833A (en) * | 2008-12-24 | 2010-06-30 | 中国移动通信集团公司 | Resource node information notification method and network entity device |
| CN103532789A (en) * | 2013-10-25 | 2014-01-22 | 北京直真科技股份有限公司 | Inter-network transparent transmission detecting system |
| CN106878135A (en) * | 2016-12-21 | 2017-06-20 | 新华三技术有限公司 | A kind of connection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 彭英 .《电信运营管理 第2版》.人民邮电出版社,2017,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666072A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7454523B2 (en) | Geographic location determination including inspection of network address | |
| Sherwood et al. | Touring the Internet in a TCP sidecar | |
| WO2021164261A1 (en) | Method for testing cloud network device, and storage medium and computer device | |
| CN107579874B (en) | Method and device for detecting data collection missing report of flow collection equipment | |
| Raman et al. | Network measurement methods for locating and examining censorship devices | |
| CN108809769B (en) | Method for detecting IPv6 liveness and electronic equipment | |
| CN108429653A (en) | Test method, device and system | |
| Mazhar Rathore et al. | Exploiting encrypted and tunneled multimedia calls in high-speed big data environment | |
| CN113206850B (en) | Malicious sample message information acquisition method, device, equipment and storage medium | |
| CN113098727A (en) | Data packet detection processing method and device | |
| Hilal et al. | Yarrpbox: Detecting middleboxes at internet-scale | |
| CN114666072B (en) | Illegal transfer point detection method, server, platform, system and storage medium | |
| CN103856373B (en) | Web system robustness testing method based on HTTP mutation | |
| CN113904787B (en) | Flow auditing method, device, equipment and computer readable storage medium | |
| CN114221808B (en) | Security policy deployment method and device, computer equipment and readable storage medium | |
| CN110138682A (en) | A kind of method for recognizing flux and device | |
| CN101515924A (en) | Method and device for P2P stream recognition | |
| CN115733768A (en) | Network node performance test method, device, equipment and medium | |
| CN115827395A (en) | Office software exception handling method and device | |
| CN113438125A (en) | Test method and system | |
| CN116170361B (en) | Method, device, equipment and medium for analyzing running state of intranet bypass mirror image system | |
| CN115914046B (en) | VoIP gateway identification method, device, equipment and storage medium | |
| CN112565106A (en) | Flow business identification method, device, equipment and computer storage medium | |
| CN115426245B (en) | Cloud platform network fault automatic detection method, equipment and computer readable medium | |
| CN114143088B (en) | Network fault diagnosis method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |