Detailed description of the invention
Understandable for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from, real with concrete below in conjunction with the accompanying drawingsThe present invention is further detailed explanation to execute mode.
At present, the network management software (abbreviation webmastering software) can pass through such as Simple Network Management Protocol (SimpleNetwork Management Protocol, SNMP)/network configuration protocol (Network ConfigurationProtocol, Netconf) etc. network management/network configuration protocol manage network, it is possible to know network topology, and pass throughFigure is shown to user, but for the network terminal, such as individual PC, server just cannot be vivid show (concrete, it is impossible toThe function that display terminal is opened).Therefore, the network topology that existing webmastering software is drawn cannot embody a certain service of unlatchingThe terminal unit of port, the most existing webmastering software can not draw user's server network topologies interested, it is impossible to meets userDemand.
One of core idea of the embodiment of the present invention is, by all main frames that enliven in detection network (also known as activeTerminal), and carry out serve port detection to enlivening main frame, such that it is able to detect all positions enlivening main frame and providedVarious services, i.e. achieve the detection of server network topologies, it is possible to draw the network service topology that user is interested, thusSolve existing network topological diagram and be difficult to determine the problem of the equipment opening specified services port, meet the demand of user.
With reference to Fig. 1, it is shown that the flow chart of steps of a kind of port detection method embodiment of the present invention, specifically can includeFollowing steps:
Step 102, determines, according to the network node specified, the network segment address that target port is corresponding.
In the present embodiment, webmastering software, can be according to the finger selected by user when user selects to service detecting functionLocking equipment, determines that this designated equipment is network node, that is, user can select network node.Such as, user is selecting clothesDuring business detecting function, optional to designated equipment enforcement, selection mode is to choose certain equipment in network topology.When user instituteWhen the designated equipment selected is network node A, the net that this network node A can be specified by webmastering software as designated equipment correspondenceNetwork node.If network node A is three-layer network appliance, it is provided that VLAN (Virtual Local Area Network,VLAN) function and VLAN virtual interface, then using VLAN virtual interface as target port, and can be returned by network node AThe network segment address at corresponding VLAN virtual interface place, such that it is able to the network segment address returned by network node A is as target port pairThe network segment address answered.If network node A is two-layer network device, only provide functionality of vlan, do not enable corresponding VLAN emptyInterface, then can be that this network node A needs the VLAN of detection to create corresponding VLAN virtual interface, the VLAN virtual connection that will be createdMouth is as target port, for the network segment address that the configuration of this target port is corresponding.
Step 104, is scanned the main frame in the range of described network segment address, determines and enliven main frame.
In embodiments of the present invention, webmastering software can be by calling the main frame scan procedure network segment address scope to determiningInterior main frame is scanned, and detects the main frame that enlivens being connected in the range of this network segment address with the network node specified, that isCan detect and the network service topology corresponding to this target port enlivens main frame.
It should be noted that the main frame scan procedure of the embodiment of the present invention can be to specified network protocol (InternetProtocol, IP) address or address realm carry out main frame scanning, to determine whether to carry out communication, specifically may be used for visitingWhich main frame is there is in surveying LAN.Concrete, main frame scan procedure can use the Internet packets survey meter (PacketInternet Groper, PING) mode, utilize network Internet Control Message Protocol (Internet Control MessageProtocol, ICMP) ask response to be scanned;The report that ICMP agreement is most basic can also be utilized based on ICMP scanning techniqueMisusing way to be scanned, as sent an IP packet only having IP head to destination host, target will return destinationThe ICMP error message of unreachable;Such as other scanning techniques can also be used to be scanned, as utilized network the most defeatedEnter/output system (Network Basic Input Output System, NetBIOS) is scanned, by sending destinationUDP (User Datagram Protocol, the UDP) broadcast of mouth 137, is defined as the terminal normally respondedEnlivening main frame, main frame scan mode is not specifically limited by the embodiment of the present invention.
Wherein, port 137 belongs to udp port, may be used for netbios name service (NetBIOS NameService), name or the IP address lookup service of computer specifically can be provided in a local network.137 is port numbers, permissibleFor identifying this serve port.
As a concrete example of the present invention, at webmastering software by network node in target port VLAN100When main frame detects, if the VLAN100 virtual interface IP address of network node A is 100.1.1.100, the network segment of its corresponding detectionFor 100.1.1.0/24, then webmastering software is when enabling network node A and starting host detection for VLAN100, can will detectNetwork segment address scope informing network node A in the lump so that network node A can detection network segment address in the range of,State with the character network port in network node A is detected, as when port status is for opening (Up) state, permissibleDetermine that terminal unit that this feature network port connected is for enlivening main frame;When the port status of character network port is for closing(Down) during state, it may be determined that there is no active main frame below this feature network port.
Wherein, character network port can be used to indicate that the port that network node is connected with terminal unit, such as network node AThe port being connected with main frame.This terminal unit can include the equipment being in network outermost in computer network, is mainly used inThe input of user profile and the output etc. of result.
Step 106, by each main frame that enlivens is carried out TCP, is defined as mesh by the main frame that enlivens opening designated portMarking device.
The webmastering software of the embodiment of the present invention, after detecting and enlivening main frame, can be carried out respectively by calling TCPEnliven main frame and carry out TCP, determine and each enliven which serve port main frame is opened, and then can will open appointmentThe main frame that enlivens of port is defined as target device.Wherein, it is intended that port can represent the serve port of required detection, as webmaster is softPart can determine the designated port of correspondence according to the parameter storage that user is inputted.This parameter information is determined for correspondenceServe port, specifically can include port numbers, serve port title, port address etc., and this is not made specifically by the embodiment of the present inventionLimit.
It should be noted that a generally corresponding potential communication port of serve port.The end of the embodiment of the present inventionMouth scan procedure can carry out TCP to object-computer, it is possible to determines which object-computer opens and such as transmit controlAgreement processed (Transmission Control Protocol, the TCP) serve port such as port, udp port.Concrete, general oneIndividual well-known port correspondence one services.TCP process generally can go to detect operating system class to utilize the modes such as TCP, UDPType and open service.Wherein, conventional tcp port scanning technique can include TCP synchronous mark (Synchronous, SYN)Scanning, TCP connect the modes such as (Connect) scanning and TCP end mark (Finish, FIN) scanning;Conventional udp port is sweptThe technology of retouching can include utilizing the unreachable message of ICMP port to be scanned, UDP recvfrom () and write () scanning etc., shouldRecvfrom () can be used to indicate that and receives data from connection socket, and captures the side of the address of data transmission sourceMethod function;Write () can be used to indicate that the method function write data in the file opened.
Well-known port number also refers to by ICANN (The InternetCorporation for Assigned Names and Numbers, ICANN) keep for the port numbers that TCP and UDP use,Specifically can include the integer between 0 to 1023.For example, referring to table 1, it is shown that the port numbers that some preferred servers use.
Table 1
Wherein, port 21 may be used for file transfer protocol (FTP) (File Transfer Protocol, FTP) service;Port22 is that safety shell protocol (Secure Shell, SSH) server is opened;23 ports may be used for Telnet(Telnet) service;25 ports are Simple Mail Transfer protocol (Simple Mail Transfer Protocol, SMTP) serviceDevice is opened, and may be used for sending mail;53 may be used for identifying name server (Domain Name Server, DNS)The port opened;80 ports are HTML (Hypertext Markup Language) (Hyper Text Transport Protocol, HTTP) serverOpened;110 ports are open for mail protocol 3 (Post Office Protocol Version 3, POP3) service,May be used for receiving mail;161 ports are open for SNMP service;443 ports can also claim web page browsing port, Ke YiyongIn security socket layer HTML (Hypertext Markup Language) (Hyper Text Transfer Protocol over Secure SocketLayer, HTTPS) service.
As a concrete example of the present invention, webmastering software can eject on service 55 detection interface or show inputParameter box so that user can input parameter information in this input parameter box, thus realizes being specified certain port by userDetect.Wherein, user can specify one or more port, it is also possible to designated port scope, the embodiment of the present invention is to thisIt is not restricted.Such as, if user wants detection to have which host-initiated NTP (Network TimeProtocol, NTP) function of server, then can input tcp port 123 in input parameter box;If wanting which detection hasHost-initiated DHCP (Dynamic Host Configuration Protocol, DHCP) serverFunction, then can input udp port 68 in input parameter box.When webmastering software detects that user is in input parameter box inputPort numbers when being 123 and 68, can be using tcp port 123 and udp port 68 as designated port, such that it is able to by callingTCP process carries out TCP to enlivening main frame, determines which enlivens main frame and opens tcp port 123 and/or UDP endMouthfuls 68, and then main frame can be enlivened as target device using open tcp port 123 and/or udp port 68.
Step 108, obtains the host information of described target device, generates corresponding network service topology and shows.
In the embodiment of the present invention, webmastering software, after TCP, can be obtained by NetConf agreement and detectThe host information of target device, and then acquired host information can be used to determine, and all targets opening designated port setThe standby network structure connected.Wherein, host information specifically may include that media interviews control (Medium AccessControl, MAC) any one or a few parameter information such as address, IP address, network port information, serve port information, thisThis is not made concrete restriction by inventive embodiments.
The webmastering software of the embodiment of the present invention can show, by network topology form, the net that all target devices are connectedNetwork structure, i.e. generates the network service topology that network structure that all target devices are connected is corresponding, and opens up this network serviceFlutter and be shown, so that the users such as such as network manager can determine the institute opening designated port by this network service topologyThere is terminal unit, thus in this network service topology, which terminal unit illegally opens the terminal of designated port to facilitate user to determineEquipment, i.e. solves the problem that existing network topological diagram is difficult to determine the equipment opening specified services port.
Such as, webmastering software can obtain to open and detect the host information opening NTP service, and can lead toCross network topology form to be shown, may thereby determine which terminal unit is network service topology have open shouldIt it is the port just opened of ntp server.Additionally, webmastering software can also obtain has detected the main frame letter opening DHCP serviceBreath, and can also be shown by network topology form, may thereby determine that and network service topology has which terminal setStandby opening should be the port just opened of Dynamic Host Configuration Protocol server.
Certainly, the webmastering software of the embodiment of the present invention can also be for the terminal unit life opening DHCP service, NTP serviceBecome a secondary complete network service topology, and certain concrete service can also be selected to show corresponding sub-network according to userServices topology, this is not made concrete restriction by the embodiment of the present invention.
By the embodiment of the present invention, webmastering software can generate the network service topology that designated port is corresponding so that userCan be opened up by this network and exclude which terminal unit in this network service topology rapidly is illegally to open designated port, i.e.Facilitate user to safeguard to network system, the efficiency of maintenance can be improved.
With reference to Fig. 2, it is shown that the flow chart of steps of a kind of port detection method preferred embodiment of the present invention, the most permissibleComprise the steps:
Step 202, determines, according to the network node specified, the network segment address that target port is corresponding.
In a preferred embodiment of the invention, determine, according to the network node specified, the network segment ground that target port is correspondingLocation, specifically can include following sub-step:
Sub-step 2020, detects whether described network node provides the virtual interface of VLAN.
In the embodiment of the present invention, flexible pipe software can by detection user selected by designated equipment belonging to Internet,Determine whether the network node that correspondence is specified provides the virtual interface of VLAN.Such as, it is that three-layer network sets when designated equipmentStandby, it may be determined that this designated equipment provides functionality of vlan and VLAN virtual interface, then can perform sub-step 2022;Work as appointmentEquipment is two-layer network device, it may be determined that this designated equipment provides functionality of vlan, but does not enable corresponding VLAN virtual connectionMouthful, VLAN virtual interface is not i.e. provided, sub-step 2024 can be jumped to and perform.
Sub-step 2022, when described network node provides described virtual interface, using described virtual interface as target port, withAnd using the network segment address at described virtual interface place as described network segment address.
Such as, when the network node A specified is three-layer network appliance, this network node A can be provided by webmastering softwareVLAN virtual interface as target port;And, can directly use the IP address of the VLAN virtual interface of network node A, pass throughNetwork node A returns the network segment address at corresponding VLAN virtual interface place, such that it is able to the network segment address that network node A is returnedAs the network segment address needing detection.
Sub-step 2024, when described network node does not provides described virtual interface, creates virtual interface for described network node,And using the virtual interface of establishment as target port, and it is the network segment address of described target port configuration correspondence.
Such as, when the network node A specified is two-layer network device, webmastering software can be the need of this network node AVLAN to be detected creates corresponding VLAN virtual interface, and can open DHCP function dynamically to obtain IP address, thus canWith according to the network segment address that acquired IP address is this VLAN virtual interface configuration correspondence.Concrete, webmastering software can pass throughNetConf agreement creates VLAN virtual interface corresponding to VLAN to network node A, and to configure its IP address be that DHCP mode obtains,Thus allow network node A undertake the work of scanning when carrying out main frame scanning, need it to have the IP address of correspondence.
Certainly, the embodiment of the present invention can also be adopted and be realized in other ways, and the network node as specified in establishment is correspondingAfter VLAN virtual interface, webmaster operator can find out one in the corresponding network segment does not has used IP address to distribute toIt, find out untapped IP as first passed through the Internet packets survey meter (Packet Internet Grope, PING) when distributionAddress, may thereby determine that untapped network segment address, and untapped network segment address is distributed to created VLAN virtual interface;The method of salary distribution by increasing parameter input item at service detection interface, thus can also be passed through NetConf agreement by webmastering softwareThe network segment address of input is handed down to network node, and this is not specifically limited by the embodiment of the present invention.
Optionally, the embodiment of the present invention, after detection terminates, can be cancelled the VLAN virtual interface of establishment, i.e. return back to originalState, as webmastering software can pass through NetConf protocol configuration network node A, such that it is able to delete the configuration of VLAN virtual interface.
It should be noted that NetConf can be a kind of NMP based on XML, it is provided that a kind of able to programme, the method network equipment being configured and managing, as user can be arranged parameter, the value that gets parms by this agreement, be obtainedTake statistical information etc..NetConf message uses XML format, has powerful filter capacity;Each data item has one admittedlyFixed element term and position so that the distinct device of same manufacturer has identical access mode and result presentation mode, noIdentical effect can also be obtained through mapping XML, so that it is in the exploitation of third party software with the equipment between manufacturerOn the most convenient, be i.e. easy to develop the webmastering software of specific customization in the environment of mixing different vendor, distinct device.Under the assistance of such webmastering software, use NetConf function that the configuration management of the network equipment can be made to work, become simplerMore efficient.
Step 204, based on network configuration protocol, determines the network port information of described network node.
In embodiments of the present invention, webmastering software can judge in network service topology which network port is to connectOther network nodes, and generate corresponding network port information, such that it is able to these network port information are passed through NetConfAgreement is issued to network node.
Step 206, uses described network port information to filter the network port in the range of described network segment address, reallyThe fixed described network node characteristic of correspondence network port.
Wherein, the character network port in the embodiment of the present invention can be the port connecting main frame.
As a concrete example of the present invention, webmastering software can be by under network port information by NetConf agreementIssuing network node A, the attribute action that simultaneously can give network node A is filtration, so that network node A performs main frameDuring detection, the network port connecting other network nodes can be excluded in the port range belonging to VLAN100, determine thisThe network node A characteristic of correspondence network port.
Step 208, by each character network port is carried out state-detection, determines the active master connecting described network nodeMachine.
Concrete, the network port under target port can essentially have a lot of serve port.If the port of the network portState is Down, then may determine that the most not active main frame;If the port status of the network port is Up, then may determine thatIt connects a terminal unit.Therefore, webmastering software can determine this net by each character network port is carried out state-detectionWhat network node was corresponding enlivens main frame, also i.e., it is possible in the range of the network segment address determined, scanning connects the character network of main frame and connectsMouthful state, with determine this network node corresponding enliven main frame.Such as, there is the port of UP below target port VLAN10010, be P1~P10 respectively.Wherein, P9, P10 are to connect other network equipments, are not the ports connecting terminal.Network savesPoint A by main frame scan procedure, can scan existence 8 active main when performing host detection on the port of P1~P8Machine, IP is respectively IP1~IP8, MAC and is respectively MAC1~MAC8.
Step 210, by each main frame that enlivens is carried out TCP, is defined as mesh by the main frame that enlivens opening designated portMarking device.
In a preferred embodiment of the invention, by each main frame that enlivens is carried out TCP, designated ends will be openedThe main frame that enlivens of mouth is defined as target device, specifically may include that and each main frame that enlivens is carried out TCP, determine each active masterThe TCP result that machine is corresponding;Use described TCP result to determine and each enliven whether main frame opens designated port;To openThat opens described designated port enlivens main frame as described target device.Wherein, TCP result can have recorded and enliven main frameThe each serve port opened, is therefore determined for enlivening whether main frame opens designated port.
Optionally, webmastering software, after detecting and enlivening main frame, can be entered by main frame scan procedure notice TCPJourney, as included IP and the MAC information enlivening main frame being connected on which port report to TCP process in the lump, so thatTCP process for the scanning enlivening main frame and carrying out designated port.Such as, it is tcp port 123 and UDP when designated portDuring port 68, TCP process can be scanned enlivening main frame for this tcp port 123 and udp port 68, with reallyThe main frame that enlivens scanned before settled opens tcp port 123 or udp port 68, and generates the TCP result of correspondence.ShouldTCP result is determined for enlivening whether main frame opens tcp port 123 or udp port 68, as when P3 portWhen main frame opens tcp port 123, can record in the TCP result that the main frame of this P3 port is corresponding and " open port, and then the main frame of P3 port can be defined as target device 123 ".
Step 212, obtains the host information of described target device, generates corresponding network service topology and shows.
In conjunction with above-mentioned example, if the scanning result of P1~P8 port is: the main frame of P3 port opens tcp port 123, P6The main frame of port opens tcp port 123, P6 port open udp port 68, and the main frame of P7 port opens udp port 68, thenTCP service and the host information of DHCP service can be obtained, specifically may include that the master of P3 port at the end of TCPMachine information, the host information of P6 port and the host information of P7 port.Webmastering software, after obtaining host information, can use thisHost information generates corresponding network service topological diagram, to be shown by network topology form.
In a preferred embodiment of the invention, obtain the host information of described target device, generate corresponding networkServices topology is also shown, specifically may include that the host information being obtained described target device by network configuration protocol;Use instituteState host information and generate the network service topology that described designated port is corresponding;Described network service topology is shown.
In the embodiment of the present invention, webmastering software, performing service scan when, can periodically go inquiry scan to tieReally, can perform to get ready operation in scanning process on service detection interface, prompting scans.Such as, webmastering software is permissiblePre-set the state flag bit that TCP is corresponding, thus can remove to inquire about the port of network node A when periodic queriesThe state flag bit of scan procedure B, if original state is 00, when webmaster opens service scan, webmaster arranges network node ATCP state flag bit 01, represent scanning initialize;Main frame is enlivened when main frame scanning notice TCP starts transmissionDuring parameter, arranging flag bit is 10, represents that TCP works;At the end of TCP work all, mark is setPosition is 11, represents the end of scan.Find that when webmastering software is at periodic test flag bit is 11, it may be determined that service scan workTerminating, the TCP flag bit that simultaneously can recover network node A is 00, it is possible to be no longer periodically interrogated workMake.Webmastering software, when periodic queries TCP result, can be obtained by NetConf agreement and detect unlatchingNTP service and the host information of DHCP service, such that it is able to combine original net by the host information opening NTP and DHCP serviceNetwork services topology draws the server web services topology that a width is new.
Certainly, webmastering software can also select, according to user, the network service topology that concrete service creation is corresponding.When withAfter family is carried out single pass on all of edge network node, webmastering software may finally generate the network clothes that a width is completeBusiness topology, as user can select all-network equipment to detect, is performed scanning by webmaster backstage in batches, and the present invention is to this notIt is restricted.
Step 214, verifies the legitimacy of each target device in described network topology, determines illegality equipment.
Webmastering software generally is managed safeguarding by network manager, and can be with all formal clothes in definite networkWhich equipment business device has.Therefore, the webmastering software of the embodiment of the present invention can be according to the clearest and the most definite server verification networkingThe legitimacy of each target device in topology, determines illegality equipment.
As a concrete example of the present invention, webmastering software can by detect each target device whether with formal serviceDevice mates, and determines that the terminal of which offer special services is illegal, i.e. obtains which has eventually in network service topology on earthIt should be the port just opened of server that end opens.If target device and formal server matches, then may determine thatThis target device is legal;If target device does not mates with formal server, then may determine that this target device is illegal,And the illegality equipment illegal target device can being defined as in generated server web services topology.
Step 216, for described illegality equipment, generates prevention policies information.
In the embodiment of the present invention, webmastering software can generate corresponding prevention policies information, to prevent for illegality equipmentThis illegality equipment illegally provides service.
As the present invention one specifically applies, and the network service topology that network manager is shown by webmastering software is got rid ofGo out which terminal be illegally open serve port after, corresponding terminal unit can be clicked in network service topology, triggerWebmastering software realizes the execution action of linkage.Concrete, webmastering software can generate correspondence according to the operation that user is submitted toPrevention policies information, as when the service that the operation that user submits to is provided by the terminal unit clicked on of disabling, generates correspondencePrevention policies information for disabling strategy;When the terminal unit that the operation that user submits to is clicked on by speed limit, generate correspondencePrevention policies information is speed limit strategy;When the serve port of the terminal unit that the operation that user submits to is clicked on by closedown, rawThe prevention policies information becoming corresponding is close port etc..Visible, non-recorded can be existed by network manager by webmastering softwareThe serve port that the terminal unit of case is opened carries out differentiation security strategy protection.
Certainly, webmastering software can also generate, according to the type of miniport service, the prevention policies information that illegality equipment is corresponding,Can also modify this prevention policies information according to the operation of network manager, this is not made concrete by the embodiment of the present inventionLimit.
Step 218, carries out editor's action according to described prevention policies information to the network port of described network node, with resistanceThe only behavior of described illegality equipment.
As a concrete example of the present invention, even if this illegal terminal is temporarily formed without Cyberthreat, netPipe software can also formulate prevention policies information in advance.Such as, if the terminal opening udp port 68 can be as Dynamic Host Configuration Protocol server, then this terminal has possessed the ability of DHCP deception.The result detected when webmastering software is that the P1 port of network equipment A connectsTerminal IP1 open udp port 68, webmastering software can for this terminal A1 generate access control list (AccessControl List, ACL) filtering policy.Webmastering software, can be by Netconf to net when realizing the execution action of linkageThe P1 port of network device A carries out editing (edit) action, and this action issues ACL filtering policy for entering direction at P1 port.Wherein,The matching way filtered can be " terminal IP1+UDP port 68 ", and even terminal IP1 uses port 68 to send message, then webmasterSoftware may determine that terminal IP1 is providing DHCP service, at the P1 end of the message arrival network equipment A that terminal IP1 is sentWill be filtered out by filtering policy after Kou, such that it is able to prevent terminal IP1 from illegally providing DHCP service.
Certainly, webmastering software can also issue speed limit strategy to the P1 port of network equipment A.Concrete, make in terminal IP1When sending message with port 68, webmastering software can be limited by the speed that speed limit strategy sends message to terminal IP, asMated by speed limit strategy message sent to terminal IP1, if matching the sent message of terminal IP1 is by port 68Send, then can exceed the packet loss of limiting speed, attack such that it is able to avoid terminal IP1 to use port 68 to carry out networkThe problem hit and cause periods of network disruption, it is ensured that the stability of network system and reliability.
If prevention policies information is close port, then webmastering software can be by SNMP/Netconf by network equipment A'sP1 port shutdown rather than control terminal IP1 close corresponding port.Concrete, webmastering software can arrange the behavior after closedownMode, automatically opens up as closed after a period of time, it is also possible to be set to close always, until after detecting again, i.e. whenWhen performing to detect next time, can first open and this P1 port is detected again.If webmastering software is not detected by illegally openingPort 68, character network port can be kept always on.
It should be noted that webmastering software can provide the Action Button of directly closedown so that network manager can be led toCross this Action Button and directly close the port that the corresponding network equipment is corresponding.Webmastering software may be provided for the action directly openedButton so that network manager can directly open, by this Action Button, the port that the corresponding network equipment is corresponding, it is ensured thatThe vigorousness of webmastering software.The type of the Action Button that webmastering software is provided by the embodiment of the present invention is not specifically limited.
The webmastering software of the embodiment of the present invention can open service detecting function, for the network equipment to specifying the network equipmentVLAN in non-networked device connectivity port open main frame scanning, thus find out active main frame, it is possible to for enlivening main frameOpen designated port or the TCP of port range, find out its service opened, open up drawing out the network service of correspondenceFlutterring, as by periodic queries service scan result, the TCP state flag bit according to setting judges the end of scan, extractsScanning result, and draw out the network service topology that special services is corresponding, such that it is able to facilitate network management former to network systemSafeguard.
To sum up, the present invention implements the next active terminals that can find out in network by webmastering software and carries out serve port spySurvey, draw out network service topology, such that it is able to detect possible potential safety hazard or ongoing potential safety hazard, and carryFor different preventing mechanism, it is to avoid potential safety hazard or stop ongoing hazardous act.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as a series of action groupClosing, but those skilled in the art should know, the embodiment of the present invention is not limited by described sequence of movement, because depending onAccording to the embodiment of the present invention, some step can use other orders or carry out simultaneously.Secondly, those skilled in the art also shouldKnowing, embodiment described in this description belongs to preferred embodiment, and the involved action not necessarily present invention implementsNecessary to example.
With reference to Fig. 3 A, it is shown that the structured flowchart of a kind of port detection device embodiment of the present invention, specifically can includeSuch as lower module:
Network segment address determines module 302, for determining, according to the network node specified, the network segment address that target port is corresponding.
Enliven main frame and determine module 304, for the main frame in the range of described network segment address is scanned, determine active mainMachine.
Target device determines module 306, for by each main frame that enlivens is carried out TCP, will open designated portEnliven main frame and be defined as target device.
Network service Topology g eneration module 308, for obtaining the host information of described target device, generates corresponding networkServices topology is also shown.
With reference to Fig. 3 B, it is shown that the structured flowchart of a kind of port detection device preferred embodiment of the present invention.
In a preferred embodiment of the invention, described network segment address determines module 302, can include following submoduleBlock:
Virtual interface detection sub-module 3022, for detecting whether described network node provides the virtual interface of VLAN.
Network segment address determines submodule 3024, for when described network node provides described virtual interface, by described virtual connectionMouthful as target port, and using the network segment address at described virtual interface place as described network segment address.
Network segment address configuration submodule 3026, for when described network node does not provides described virtual interface, for described netNetwork node creates virtual interface, and using the virtual interface of establishment as target port, and be the net of described target port configuration correspondenceSector address.
In a preferred embodiment of the invention, the described main frame that enlivens determines module 304, can include following submoduleBlock:
Port information determines submodule 3042, for based on network configuration protocol, determines the network-side of described network nodeMessage ceases.
Character network port determines submodule 3044, is used for using described network port information to described network segment address scopeThe interior network port filters, and determines the described network node characteristic of correspondence network port, wherein, described character network portFor connecting the port of main frame.
Enliven main frame and determine submodule 3046, for by each character network port is carried out state-detection, determine connectionDescribed network node enliven main frame.
In a preferred embodiment of the invention, described target device determines module 306, can include following submoduleBlock:
TCP submodule 3062, for each main frame that enlivens is carried out TCP, determines that each to enliven main frame correspondingTCP result.
Port open determines submodule 3064, is used for using described TCP result to determine and each enlivens whether main frame is openedDesignated port.
Target device determines submodule 3066, enlivens main frame as described target device using open described designated port.
In a preferred embodiment of the invention, described network service Topology g eneration module 308, following son can be includedModule:
Host information obtains submodule 3082, believes for being obtained the main frame of described target device by network configuration protocolBreath.
Network service Topology g eneration submodule 3084 is corresponding for using described host information to generate described designated portNetwork service topology.
Network service topology exhibits submodule 3086, for being shown described network service topology.
In a preferred embodiment of the invention, this port detection device can also include such as lower module:
Illegality equipment determines module 310, for verifying the legitimacy of each target device in described network topology, determines non-Method equipment.
Prevention policies generation module 312, for for described illegality equipment, generates prevention policies information.
Behavior stops module 316, for carrying out the network port of described network node according to described prevention policies informationEditor's action, to stop the behavior of described illegality equipment.
For device embodiment, due to itself and embodiment of the method basic simlarity, so describe is fairly simple, relevantPart sees the part of embodiment of the method and illustrates.
Each embodiment in this specification all uses the mode gone forward one by one to describe, what each embodiment stressed is withThe difference of other embodiments, between each embodiment, identical similar part sees mutually.
Those skilled in the art are it should be appreciated that the embodiment of the embodiment of the present invention can be provided as method, device or calculateMachine program product.Therefore, the embodiment of the present invention can use complete hardware embodiment, complete software implementation or combine software andThe form of the embodiment of hardware aspect.And, the embodiment of the present invention can use one or more wherein include computer canWith in the computer-usable storage medium (including but not limited to disk memory, CD-ROM, optical memory etc.) of program codeThe form of the computer program implemented.
The embodiment of the present invention is with reference to method, terminal unit (system) and computer program according to embodiments of the present inventionThe flow chart of product and/or block diagram describe.It should be understood that can be by computer program instructions flowchart and/or block diagramIn each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.These can be providedComputer program instructions sets to general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing terminalsStandby processor is to produce a machine so that held by the processor of computer or other programmable data processing terminal equipmentThe instruction of row produces for realizing in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frameThe device of the function specified.
These computer program instructions may be alternatively stored in and can guide computer or other programmable data processing terminal equipmentIn the computer-readable memory worked in a specific way so that the instruction being stored in this computer-readable memory produces bagIncluding the manufacture of command device, this command device realizes in one flow process of flow chart or multiple flow process and/or one side of block diagramThe function specified in frame or multiple square frame.
These computer program instructions also can be loaded on computer or other programmable data processing terminal equipment so thatOn computer or other programmable terminal equipment, execution sequence of operations step is to produce computer implemented process, thusThe instruction performed on computer or other programmable terminal equipment provides for realizing in one flow process of flow chart or multiple flow processAnd/or the step of the function specified in one square frame of block diagram or multiple square frame.
Although having been described for the preferred embodiment of the embodiment of the present invention, but those skilled in the art once knowing baseThis creativeness concept, then can make other change and amendment to these embodiments.So, claims are intended to be construed toThe all changes including preferred embodiment and falling into range of embodiment of the invention and amendment.
Finally, in addition it is also necessary to explanation, in this article, the relational terms of such as first and second or the like be used merely to byOne entity or operation separate with another entity or operating space, and not necessarily require or imply these entities or operationBetween exist any this reality relation or order.And, term " includes ", " comprising " or its any other variant meaningContaining comprising of nonexcludability, so that include that the process of a series of key element, method, article or terminal unit not only wrapInclude those key elements, but also include other key elements being not expressly set out, or also include for this process, method, articleOr the key element that terminal unit is intrinsic.In the case of there is no more restriction, by wanting that statement " including ... " limitsElement, it is not excluded that there is also other identical element in including the process of described key element, method, article or terminal unit.
Above to a kind of port detection method provided by the present invention and a kind of port detection device, carry out detailed JieContinuing, principle and the embodiment of the present invention are set forth by specific case used herein, and the explanation of above example is onlyIt is the method and core concept thereof being adapted to assist in and understanding the present invention;Simultaneously for one of ordinary skill in the art, according to thisBright thought, the most all will change, and in sum, this specification content should not be managedSolve as limitation of the present invention.