CN104301183A - WEB container detection method and device based on IP section scanning - Google Patents
WEB container detection method and device based on IP section scanning Download PDFInfo
- Publication number
- CN104301183A CN104301183A CN201410568742.4A CN201410568742A CN104301183A CN 104301183 A CN104301183 A CN 104301183A CN 201410568742 A CN201410568742 A CN 201410568742A CN 104301183 A CN104301183 A CN 104301183A
- Authority
- CN
- China
- Prior art keywords
- scanning
- section
- web container
- port
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a WEB container detection method and device based on IP section scanning. The WEB container detection method based on IP section scanning comprises the steps of receiving an IP section, conducting IP address conversion on the received IP section, conducting scanning based on a converted IP address, detecting a WEB container based on a scanning result, and outputting a WEB container detection result.
Description
Technical field
Present invention relates in general to network security, relate to the WEB container detection method based on the scanning of IP section and equipment particularly.
Background technology
Internet technology has been passed by more than 40 days since invention, and the interconnected active online of today multimedia audio-video down load application, Mobile solution, ecommerce, and the multiple element such as assault.In this network environment, network security problem seems particularly important.
Network manager in the tissues such as such as enterprise has undertaken the key player of reply enterprise network security problem.But the daily responsibility of network manager is very many, is not limited only to attentional network safety problem.Therefore, for have tens the even enterprise of hundreds main frame or unit etc. tissue for, as early as possible as soon as possible find network security problem be difficult sometimes for network manager.Especially, when network technology fast development, the problem caused by the leak of WEB container self in Network Security Vulnerabilities increases gradually, and so uneasy to the safety detection of WEB container.
And, in traditional Scanning Techniques for Network Security, all scan for certain domain name specific or IP.This scan method is obviously difficult to the multiple main frames of scanning across IP section.For network manager, it is difficult to the situation grasping the main frame managed in this case, such as whether opens certain service, there is which WEB container etc.The safety of this network obviously threatened.
Therefore, in view of above problem, needing badly now can for the means of the multiple detecting host WEB vessel safety problems across IP section and technology.This technology can help network manager to understand the various situations of main frame in its IP segment limit of administering, thus carries out security hardening and effectively management to main frame targetedly.
Summary of the invention
Therefore, the object of the invention is to provide for tissues such as the enterprises having some main frames the WEB container detection method and equipment that scan based on IP section, thus alleviate the burden of network manager and the efficiency of significantly raising network security detection.
In a first aspect of the present invention, the invention provides a kind of WEB container detection method based on the scanning of IP section.Described method comprises: receive IP section; IP address transition is carried out to the IP section received; IP address based on conversion is scanned; Result based on scanning detects WEB container; Export WEB container testing result.
In a preferred embodiment of the invention, described method determines the validity of the IP section received after being included in further and receiving IP section.
In a preferred embodiment of the invention, in the process, described determine to comprise determine and automatically determine by hand.
In a preferred embodiment of the invention, the WEB container testing result that described method comprises further based on exporting carries out security hardening to network host.
In a preferred embodiment of the invention, in the process, described security hardening comprises following at least one item: amendment account management strategy, revise audit policy, close unnecessary service, delete unnecessary procotol, edit the registry, amendment file system and authority, renewal security patch and fail-safe software.
In a preferred embodiment of the invention, in the process, described IP section comprises one or more IP address.
In a preferred embodiment of the invention, in the process, described scanning comprises scanning to conventional port, to the scanning of dangerous port and the scanning to conventional port and dangerous port.
In a preferred embodiment of the invention, in the process, the result of described scanning comprises following at least one information: the use information of the opening imformation of network service port, the opening information of WEB container, IP address, the information of operating system version used.
In a second aspect of the present invention, provide a kind of WEB container checkout equipment based on the scanning of IP section.Described equipment comprises: receiving system, for receiving IP section; Conversion equipment, for carrying out IP address transition to the IP section received; Scanning means, for scanning based on the IP address of conversion; Checkout gear, detects WEB container for the result based on scanning; Output device, for exporting WEB container testing result.
In a preferred embodiment of the invention, described equipment comprises determining device further, for determining the validity of the IP section received after receiving IP section.
In a preferred embodiment of the invention, in the apparatus, described determine to comprise determine and automatically determine by hand.
In a preferred embodiment of the invention, described equipment comprises safety reinforced device further, for carrying out security hardening based on the WEB container testing result exported to network host.
In a preferred embodiment of the invention, in the apparatus, described security hardening comprises following at least one item: amendment account management strategy, revise audit policy, close unnecessary service, delete unnecessary procotol, edit the registry, amendment file system and authority, renewal security patch and fail-safe software.
In a preferred embodiment of the invention, in the apparatus, described IP section comprises one or more IP address.
In a preferred embodiment of the invention, in the apparatus, described scanning comprises scanning to conventional port, to the scanning of dangerous port and the scanning to conventional port and dangerous port.
In a preferred embodiment of the invention, in the apparatus, the result of described scanning comprises following at least one information: the use information of the opening imformation of network service port, the opening information of WEB container, IP address, the information of operating system version used.
As can be seen from above various aspects of the present invention, method and apparatus according to the invention has following advantage relative to prior art:
Achieving the safety detection to having in the IP section of some main frames according to the WEB container detection method based on the scanning of IP section of the present invention and equipment, especially have detected the WEB container with larger security risk.This provides reliable foundation and information for follow-up security hardening process, greatly improves promptness and the accuracy of scanning and defence.And, owing to adopting IP section scan method, significantly reduce the burden of network manager, and accurately and rapidly can orient the IP address of existing Cyberthreat, improve the efficiency eliminating network security thus relative to conventional art.
Accompanying drawing explanation
Below with reference to following description carried out by reference to the accompanying drawings, more thoroughly to understand present disclosure, in the accompanying drawings:
Fig. 1 is the flow chart of the WEB container detection method based on the scanning of IP section according to the embodiment of the present invention.
Fig. 2 is the block diagram of the WEB receptacle detection system based on the scanning of IP section.
Fig. 3 is the block diagram of the WEB container checkout equipment based on the scanning of IP section according to the embodiment of the present invention.
Embodiment
Specific embodiments of the invention will be described in detail below, embodiments of the invention shown in the drawings.But, the present invention can be embodied in many different forms, and should not be understood as the embodiment being confined to set forth herein.On the contrary, provide these embodiments to make the disclosure to be thorough and complete, and scope of the present invention will be passed on to those skilled in the art comprehensively.Identical Reference numeral indicates identical element from start to finish.
Although it should be understood that term " first ", " second " etc. can be used for describing various element in this article, these elements should not be subject to the restriction of these terms.These terms are only used for an element and another to differentiate.
Term as used herein is only the object for describing specific embodiment, and is not intended to limit the present invention.Unless context clearly indicates, singulative used herein " ", " one " and " being somebody's turn to do " intention also comprise plural form.It is also to be understood that as use alpha nerein, term " comprises " and/or specifies " comprising " existence of described feature, entirety, step, operation, element and/or assembly, but does not get rid of other features one or more, entirety, step, operation, element, the existence of assembly and/or its group or interpolation.
Unless otherwise defined, all terms used herein (comprising technology and scientific terminology) have the identical meaning generally understood with those skilled in the art.It is also to be understood that term as used herein should be interpreted as having the consistent meaning of meaning with it in the context of this specification and association area, and should not make an explanation, unless defined so clearly in this article with idealized or excessive formal meaning.
Below in conjunction with accompanying drawing, embodiments of the invention are described.
In fig. 1, the flow chart of the WEB container detection method 100 based on the scanning of IP section according to the embodiment of the present invention is shown.
In the step S101 of method 100, first receive IP section.
As the foregoing teachings of this specification, in traditional Port Scan Techniques, generally can only scan for certain domain name or specific IP.The main frame of its administration of the scanning that network manager has to one by one.And according to method of the present invention, keeper can input certain IP address field and scan, such as 192.168.0.5 – 192.168.0.100.Obviously like this, can provide the mode of more high efficiency scanning for network manager.
In step S101, in one embodiment, receive IP section and directly can receive the IP section inputted from network manager or any network management user.In another embodiment, the script also can write from network manager according to method of the present invention or text etc. record some to be needed to receive IP section the file of the IP section of scanning, and this obviously more automatically can perform scanning work.In another embodiment, can also receive IP section from some network components according to method of the present invention, network components is database, gateway, router etc. such as.Such as, router generally has routing table, often can determine some route destination-address existing in a network according to routing table, and it often also represent main frame existing in network.Therefore, it is also feasible for receiving IP section from the network components of such as router, and can improve the automaticity of scanning by this mode.In a word, in step S101, IP section to be scanned can be received from possible each provenance.
After receiving IP section, alternatively, the step of the validity determining the IP section received can also be comprised.In most cases, be such as all effective from the IP section of network manager, file, network components.But in the situation such as input error, the system failure, the IP section of reception may be invalid.Therefore, determining that whether the IP section received is effective can stop invalid scanning as early as possible, thus improve the efficiency of whole process.
Such as, if receive the such IP section input of IP section 192.168.0.5 – 192.168.0.300, then can determine that the such IP section end points of 192.168.0.300 is invalid.In this case, network manager can be pointed out to re-enter, or can automatically this end points is revised as effective maximum IP address and and then carry out subsequent action.
The execution of this additional step can rely on system to automatically perform, and also manually can be performed by network manager.That is, determine whether IP section effectively can comprise to determine by hand and automatically determine.Determine that mode respectively has advantage for these two kinds, determine the problem that can solve IP section ineffectivity more intelligently by hand, automatically determine, the efficiency of determining step can be improved.
In one embodiment, the IP section of reception can comprise one or more IP address.In other words, the IP section of reception not necessarily comprises multiple IP address, and it also can comprise an IP address.Such as, when the IP section following 192.168.0.5 – 192.168.0.5 received, it just only comprises IP address a: 192.168.0.5.At this moment, IP section is just equal to an IP address.This itself provides flexibility for input.
After execution of step S101, enter step S102: IP address transition is carried out to the IP section received.
Because the IP section received provide only the minimum IP address and maximum IP address that need scan, so, only have and this IP section is converted to concrete IP address just can carries out subsequent operation.
In one embodiment, the most simply IP sector address is listed by conversion exactly successively.Also for IP section 192.168.0.5 – 192.168.0.100, this IP section can be converted to 96 tactic addresses, that is: 192.168.0.5,192.168.0.6,192.168.0.7 by system ..., 192.168.0.100.
But, in another embodiment, can according to predefine rule this IP section IP address of conversion arbitrarily according to method of the present invention.Such as, network manager may not need or only need certain the several IP address scanned in this IP segment limit, and it can record these addresses in certain script or text.Like this, in transfer process, can record that automatic rejection do not need scan according to these according to method of the present invention or form the IP address result after conversion after only comprising the address that need scan.In addition, the main frame in network may IP address non-sequential arrangement for a certain reason, but with 1 for being spaced.Such as, 192.168.0.5,192.168.0.7,192.168.0.9 ... Deng.At this moment, also above-mentioned IP section can be converted to a series of like this IP address according to predefined rule according to method of the present invention.Obviously, the conversion according to predefine rule has greater flexibility, also for network manager provides greater flexibility when arranging main frame.
In one embodiment, if IP section is only an IP address as mentioned above, the IP address so obtained after conversion is an IP address.
According to foregoing, in one embodiment, if there occurs some Cyberthreat or discovered certain leak, so carry out scanning the concrete main frame obviously can determining that this threat or leak occur quickly for IP section.If do not have IP section scan method, network manager may need to scan one by one the main frame of whole network, and this is obviously inefficient.
After performing scanning step S102, just step S103 can be performed: the IP address based on conversion is scanned.
Just obtain in IP section the concrete IP address needing to scan after step s 102 according to method of the present invention, it just can scan based on the IP address of these conversions.
In one embodiment, described scanning can comprise scanning to conventional port, to the scanning of dangerous port and the scanning to conventional port and dangerous port.By such scanning, the various information about main frame can be obtained.It will be understood by a person skilled in the art that scanning can also comprise the scanning of any other type.
TCP needs transmission one group of TCP order usually, and the result then performed according to these scan commands obtains some about by the information of scans I P address.
Can be comprised conventional port and dangerous port by the port scanned, wherein conventional port refers to daily conventional port, and dangerous port refers to the port easily suffering Cyberthreat or Cyberthreat is easily occurred by it.Generally speaking, so-called conventional port and dangerous port are not unalterable, and in the increasing situation of attack of conventional port, conventional port also likely changes dangerous port into.Therefore, in order to scan as far as possible all sidedly, generally speaking to scan these two kinds of ports.But in some cases, raising the efficiency to save time, only can scan a generic port wherein.
Below list the port that some are common, wherein comprise well known port and dangerous port: http server, the port numbers of acquiescence is 80/tcp(wooden horse Executor this port open); HTTPS(securely transferring web pages) server, the port numbers of acquiescence is 443/tcp 443/udp; The unsafe text transmission of Telnet(), the port that default port number opens for 23/tcp(wooden horse Tiny Telnet Server); FTP, the port that the port numbers of acquiescence opens for 21/tcp(wooden horse Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash and Blade Runner); TFTP(Trivial File Transfer Protocol), the port numbers of acquiescence is 69/udp; SSH(secure log), SCP(file transfer), port redirection, the port numbers of acquiescence is 22/tcp; SMTP Simple Mail Transfer Protocol (E-mail), the port numbers of acquiescence is 25/tcp(wooden horse Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy open this port); POP3 Post Office Protocol (E-mail), the port numbers of acquiescence is 110/tcp; WebLogic, the port numbers of acquiescence is 7001; Webshpere application program, the port numbers of acquiescence is 9080; Webshpere management tool, the port numbers of acquiescence is 9090; JBOSS, the port numbers of acquiescence is 8080; TOMCAT, the port numbers of acquiescence is 8080; WIN2003 telnet, the port numbers of acquiescence is 3389; Symantec AV/Filter for MSE, default port number is 8081; Oracle database, the port numbers of acquiescence is 1521; ORACLE EMCTL, the port numbers of acquiescence is 1158; Oracle XDB(XML database), the port numbers of acquiescence is 8080; Oracle XDB FTP serves, and the port numbers of acquiescence is 2100; MS SQL*SERVER database server, the port numbers of acquiescence is 1433/tcp 1433/udp; MS SQL*SERVER database monitor, the port numbers of acquiescence is 1434/tcp 1434/udp; QQ, the port numbers of acquiescence is 1080/udp.
Generally speaking, network manager can select the port numbers that need scan according to security status that is current or prediction.
In one embodiment, the result of scanning can comprise following at least one information: the use information of the opening imformation of network service port, the opening information of WEB container, IP address, the information etc. of operating system version used.
According to the scanning result of each port, network manager or system can gain much information, certainly be not limited to listed above those, such as can also obtain whether IP main frame survives, domain name, the exploitation programming language of website, the version information etc. of WEB container that main frame runs website.And wherein, be obviously very important about WEB information of container for detecting the fail safe of WEB container.
WEB container is a kind of service routine, just has a program providing respective service at server port, and the request that this routine processes sends from client. as the Tomcat container JAVA, IIS or PWS of ASP is such container.A server can have multiple container.And whether these containers are opened and its ruuning situation, be generally be difficult to grasp for administering the keeper of some main frames or server.Therefore, network manager will obtain the information of WEB container by TCP, and whether understanding WEB container is opened and its ruuning situation thus.
Therefore, after performing scanning step S103, step S104 can be performed: the result based on scanning detects WEB container.
As mentioned above, after step S103 performs, the some information about WEB container in main frame can be obtained.Network manager, after these information of acquisition, can detect the main frame opening certain WEB container by hand or automatically, to determine whether to occur the network security threats for this WEB container.
Such as, if detect that Tomcat container is opened, then just can carry out detecting to guarantee its safety for some common threats.And the main frame not opening WEB container just can in order to avoid detect, this detects network and further provides high efficiency detection mode.
After performing detecting step S104, step S105 can be performed: export WEB container testing result.Network manager or system can follow up after obtaining this result.
Therefore, in one embodiment, the WEB container testing result that method according to the present invention may further include based on exporting carries out security hardening to network host.Security hardening can comprise following at least one item: amendment account management strategy, revise audit policy, close unnecessary service, delete unnecessary procotol, edit the registry, amendment file system and authority, renewal security patch and fail-safe software.
Such as, after finding the leak for certain WEB container, network manager can upgrade system mend to make up this leak.
It should be appreciated by those skilled in the art that and can be applied to IPv4 and IPv6 address according to method of the present invention.Further, those skilled in the art will also be appreciated that and also can be applied to any address on the networks such as such as MAC Address and mark according to method of the present invention.
In sum, the WEB container detection method based on the scanning of IP section according to the present invention can provide the means of high efficient and flexible more to carry out Sampling network safety for network manager.The method can improve the Network Security Environment of the tissues such as enterprise compared to conventional method, the efficiency that further raising network security detects also alleviates the burden of network manager simultaneously, and after threatening generation, can determine rapidly the place of threat.
Present composition graphs 2 describes can a kind of system to implement a methodology in accordance with the present invention.Fig. 2 is the block diagram of the WEB receptacle detection system 200 based on the scanning of IP section.
In fig. 2, one is made up of two-layer based on the WEB receptacle detection system 200 of IP section scanning: task scheduling layer 201 and detection layers 202.
As we can see from the figure, first the IP address field as task is issued to task scheduling layer.Task scheduling layer 201 is made up of task scheduling modules and IP section modular converter, and wherein task scheduling modules is responsible for ranking to entering of task and distributing, and IP section is then converted to IP address by IP section modular converter.In this task scheduling layer 201, the multiple tasks from outside input can be processed.In other words, this system can process multiple IP section simultaneously.
Illustrate the concrete operations of task scheduling layer 201 below.
In task dispatch layer 201, by IP section modular converter, the IP section of input is converted to concrete IP address.Then, task scheduling modules is ranked to task and is decided which task based on various queuing algorithm and can enter detection layers.It will be understood by a person skilled in the art that used queuing algorithm and decision process can be any algorithm as known in the art and decision process here.Also exist between task dispatch layer 201 and detection layers except other data interactions of task data.Such as, task scheduling layer 201 can also carry out data interaction with the module management of detection layers 202 and data preprocessing module, so that these two modules can obtain from or make these two modules can input data to task scheduling layer 201.
After task outputs to detection layers from task scheduling layer 201, task is triggered, afterwards with regard to entry port scanning process.In TCP process, conventional TCP and dangerous TCP module can be comprised.Then, in detection layers 202, the result based on scanning carries out the detection of WEB container and output detections result.It should be appreciated by those skilled in the art that detection layers can be carried out existing or future by any TCP of exploitation and WEB container detection technique.
Those skilled in the art will also be appreciated that system 200 is only realize an example system of the inventive method and the restriction not to this type systematic.In other words, any system that can realize the inventive method is all available.These systems can comprise the module more more or less than example system 200 or parts.And these systems can realize with any combination of software, hardware or software restraint.Above-mentioned software and hardware can be existing, also can be the various software and hardwares of following exploitation.
Below in conjunction with Fig. 3, a kind of WEB container checkout equipment based on the scanning of IP section according to the embodiment of the present invention is described.Fig. 3 shows the block diagram of the WEB container checkout equipment 300 based on the scanning of IP section according to the embodiment of the present invention.
In figure 3, described equipment 300 can comprise receiving system 301, for receiving IP section; Conversion equipment 302, for carrying out IP address transition to the IP section received; Scanning means 303, for scanning based on the IP address of conversion; Checkout gear 304, detects WEB container for the result based on scanning; Output device 305, for exporting WEB container testing result.
Preferably, described equipment 300 may further include determining device, for determining the validity of the IP section received after receiving IP section.
Preferably, wherein said determine to comprise determine and automatically determine by hand.
Preferably, described equipment may further include safety reinforced device, for carrying out security hardening based on the WEB container testing result exported to network host.
Preferably, wherein said security hardening comprises following at least one item: amendment account management strategy, revise audit policy, close unnecessary service, delete unnecessary procotol, edit the registry, amendment file system and authority, renewal security patch and fail-safe software.
Preferably, wherein said IP section comprises one or more IP address.
Preferably, wherein said scanning comprises scanning to conventional port, to the scanning of dangerous port and the scanning to conventional port and dangerous port.
Preferably, the result of wherein said scanning comprises following at least one information: the use information of the opening imformation of network service port, the opening information of WEB container, IP address, the information of operating system version used.
In sum, achieving the safety detection to having in the IP section of some main frames according to the WEB container detection method based on the scanning of IP section of the present invention and equipment, especially have detected the WEB container with larger security risk.This provides reliable foundation and information for follow-up security hardening process, greatly improves promptness and the accuracy of scanning and defence.And, owing to adopting IP section scan method, significantly reduce the burden of network manager, and accurately and rapidly can orient the IP address of existing Cyberthreat, improve the efficiency eliminating network security thus relative to conventional art.
Although describe specific embodiments of the invention by reference to the accompanying drawings above-mentioned, those skilled in the art without departing from the spirit and scope of the present invention, can carry out various change, amendment and equivalent substitution to the present invention.These change, amendment and equivalent substitution all mean and fall within spirit and scope that the claim of enclosing limits.
Claims (16)
1., based on a WEB container detection method for IP section scanning, described method comprises:
Receive IP section;
IP address transition is carried out to the IP section received;
IP address based on conversion is scanned;
Result based on scanning detects WEB container;
Export WEB container testing result.
2. method according to claim 1, is included in the validity determining the IP section received after receiving IP section further.
3. method according to claim 2, wherein said determine to comprise determine and automatically determine by hand.
4. method according to claim 1, the WEB container testing result comprised further based on exporting carries out security hardening to network host.
5. method according to claim 4, wherein said security hardening comprises following at least one item: amendment account management strategy, revise audit policy, close unnecessary service, delete unnecessary procotol, edit the registry, amendment file system and authority, renewal security patch and fail-safe software.
6. method according to claim 1, wherein said IP section comprises one or more IP address.
7. method according to claim 1, wherein said scanning comprises scanning to conventional port, to the scanning of dangerous port and the scanning to conventional port and dangerous port.
8. method according to claim 1, the result of wherein said scanning comprises following at least one information: the use information of the opening imformation of network service port, the opening information of WEB container, IP address, the information of operating system version used.
9., based on a WEB container checkout equipment for IP section scanning, described equipment comprises:
Receiving system, for receiving IP section;
Conversion equipment, for carrying out IP address transition to the IP section received;
Scanning means, for scanning based on the IP address of conversion;
Checkout gear, detects WEB container for the result based on scanning;
Output device, for exporting WEB container testing result.
10. equipment according to claim 9, comprises determining device further, for determining the validity of the IP section received after receiving IP section.
11. equipment according to claim 10, wherein said determine to comprise determine and automatically determine by hand.
12. equipment according to claim 9, comprise safety reinforced device further, for carrying out security hardening based on the WEB container testing result exported to network host.
13. equipment according to claim 12, wherein said security hardening comprises following at least one item: amendment account management strategy, revise audit policy, close unnecessary service, delete unnecessary procotol, edit the registry, amendment file system and authority, renewal security patch and fail-safe software.
14. equipment according to claim 9, wherein said IP section comprises one or more IP address.
15. equipment according to claim 9, wherein said scanning comprises scanning to conventional port, to the scanning of dangerous port and the scanning to conventional port and dangerous port.
16. equipment according to claim 9, the result of wherein said scanning comprises following at least one information: the use information of the opening imformation of network service port, the opening information of WEB container, IP address, the information of operating system version used.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410568742.4A CN104301183A (en) | 2014-10-23 | 2014-10-23 | WEB container detection method and device based on IP section scanning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410568742.4A CN104301183A (en) | 2014-10-23 | 2014-10-23 | WEB container detection method and device based on IP section scanning |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104301183A true CN104301183A (en) | 2015-01-21 |
Family
ID=52320761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410568742.4A Pending CN104301183A (en) | 2014-10-23 | 2014-10-23 | WEB container detection method and device based on IP section scanning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301183A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN107087001A (en) * | 2017-05-15 | 2017-08-22 | 华中科技大学 | A kind of important address spatial retrieval system in distributed internet |
| CN108965286A (en) * | 2018-07-09 | 2018-12-07 | 国网重庆市电力公司电力科学研究院 | A kind of lightweight network equipment port detection method based on python |
| CN114221775A (en) * | 2020-09-18 | 2022-03-22 | 北京金山云网络技术有限公司 | Early warning method and device for dangerous port, cloud server and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050050155A1 (en) * | 2003-08-28 | 2005-03-03 | International Business Machines Corporation | System and method for providing shared web modules |
| CN101557324A (en) * | 2008-12-17 | 2009-10-14 | 天津大学 | Real-time visual detection method for DDoS attack |
| CN101924754A (en) * | 2010-07-15 | 2010-12-22 | 国家计算机网络与信息安全管理中心 | Method and device for actively finding malicious code control end |
| CN102843367A (en) * | 2012-08-13 | 2012-12-26 | 北京神州绿盟信息安全科技股份有限公司 | Denial-of-service protective strategy configuration method and device and relevant equipment |
| CN104065645A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Web vulnerability protection method and apparatus |
-
2014
- 2014-10-23 CN CN201410568742.4A patent/CN104301183A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050050155A1 (en) * | 2003-08-28 | 2005-03-03 | International Business Machines Corporation | System and method for providing shared web modules |
| CN101557324A (en) * | 2008-12-17 | 2009-10-14 | 天津大学 | Real-time visual detection method for DDoS attack |
| CN101924754A (en) * | 2010-07-15 | 2010-12-22 | 国家计算机网络与信息安全管理中心 | Method and device for actively finding malicious code control end |
| CN102843367A (en) * | 2012-08-13 | 2012-12-26 | 北京神州绿盟信息安全科技股份有限公司 | Denial-of-service protective strategy configuration method and device and relevant equipment |
| CN104065645A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Web vulnerability protection method and apparatus |
Non-Patent Citations (1)
| Title |
|---|
| 王硕: "针对web容器的软件安全漏洞技术研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN107087001A (en) * | 2017-05-15 | 2017-08-22 | 华中科技大学 | A kind of important address spatial retrieval system in distributed internet |
| CN107087001B (en) * | 2017-05-15 | 2019-12-17 | 华中科技大学 | distributed internet important address space retrieval system |
| CN108965286A (en) * | 2018-07-09 | 2018-12-07 | 国网重庆市电力公司电力科学研究院 | A kind of lightweight network equipment port detection method based on python |
| CN114221775A (en) * | 2020-09-18 | 2022-03-22 | 北京金山云网络技术有限公司 | Early warning method and device for dangerous port, cloud server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11595424B2 (en) | Network appliance for vulnerability assessment auditing over multiple networks | |
| US9473528B2 (en) | Identification of malware sites using unknown URL sites and newly registered DNS addresses | |
| US10015187B2 (en) | System and method for performing remote security assessment of firewalled computer | |
| US11245667B2 (en) | Network security system with enhanced traffic analysis based on feedback loop and low-risk domain identification | |
| US20180204010A1 (en) | Systems and Methods for Assessing the Compliance of a Computer Across a Network | |
| US9117069B2 (en) | Real-time vulnerability monitoring | |
| US9602527B2 (en) | Security threat detection | |
| US8484694B2 (en) | Systems and methods for performing remote configuration compliance assessment of a networked computer device | |
| US20070192867A1 (en) | Security appliances | |
| CN103843002A (en) | Dynamic cleaning for malware using cloud technology | |
| CN104301183A (en) | WEB container detection method and device based on IP section scanning | |
| US9037668B2 (en) | Electronic message manager system, method, and computer program product for scanning an electronic message for unwanted content and associated unwanted sites | |
| US20150040233A1 (en) | Sdk-equipped anti-vulnerability system, method, and computer program product | |
| Küçüksille et al. | Developing a penetration test methodology in ensuring router security and testing it in a virtual laboratory | |
| US20110185166A1 (en) | Slider Control for Security Grouping and Enforcement | |
| Neisse et al. | Improving internet of things device certification with policy-based management | |
| Hirono et al. | Development of a secure traffic analysis system to trace malicious activities on internal networks | |
| Mokhov et al. | Automating MAC spoofer evidence gathering and encoding for investigations | |
| Sheridan et al. | Deployment-time multi-cloud application security | |
| Tyagi et al. | SEEMA: An Automation Framework for Vulnerability Assessement and Penetration Testing | |
| Aissa et al. | Quantifying the impact of unavailability in cyber-physical environments | |
| Pandey et al. | Implementation of a new framework for automated network security checking and alert system | |
| CN112580835B (en) | Management method and device of server | |
| US20230319066A1 (en) | Exploit predictive intrusion protection system (ep-ips) for data packet traffic on data communication networks | |
| Hajdarevic et al. | An approach to digital evidence collection for successful forensic application: An investigation of blackmail case |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150121 |
|
| RJ01 | Rejection of invention patent application after publication |