CN114244755A - Asset detection method, device, equipment and storage medium - Google Patents
Asset detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114244755A CN114244755A CN202111536391.5A CN202111536391A CN114244755A CN 114244755 A CN114244755 A CN 114244755A CN 202111536391 A CN202111536391 A CN 202111536391A CN 114244755 A CN114244755 A CN 114244755A
- Authority
- CN
- China
- Prior art keywords
- address
- port
- detection
- target
- civil
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 151
- 230000004083 survival effect Effects 0.000 claims abstract description 46
- 238000000034 method Methods 0.000 claims abstract description 38
- 230000007123 defense Effects 0.000 claims abstract description 9
- 239000000523 sample Substances 0.000 claims description 34
- 238000004590 computer program Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides an asset detection method, an asset detection device, asset detection equipment and a storage medium, wherein the method comprises the following steps: the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address; the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, a survival port in the port range is determined; the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node; the central node receives the device type, and if the device type is inquired in the civil device library, the target IP address is judged to be the civil IP address, so that the property judgment of the target IP address can be realized, comprehensive detection information can be obtained, the follow-up defense deployment is facilitated, and the safety is ensured.
Description
Technical Field
The embodiment of the invention relates to the technical field of asset detection, in particular to an asset detection method, an asset detection device, asset detection equipment and a storage medium.
Background
With the continuous development of networks and the rapid increase of network use demands of users, the network scale is continuously expanding and tends to be complicated, and more devices are added into the network space. Through the network space asset detection, potential security risks can be found in time, and the situation that the potential security risks are attacked by lawless persons is avoided. In the asset detection, different processing methods can be adopted according to different IP address properties of the equipment, so that the network security is ensured. Therefore, the method has important significance for distinguishing the IP address properties of the devices.
In the related art, in the asset detection process, basic information such as manufacturers, models and the like of assets can be generally identified only through a protocol, the IP address properties of equipment cannot be distinguished, and detection information is not comprehensive.
Disclosure of Invention
Embodiments of the present invention provide an asset detection method, apparatus, device, and storage medium, which can implement property judgment on a target IP address, obtain comprehensive detection information, facilitate subsequent defense deployment, and ensure security.
In a first aspect, an embodiment of the present invention provides a method for detecting a civil internet protocol address IP address, where the method is applied to a central node, and the method includes:
sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
receiving the device type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the device type is inquired in the civil device library, judging that the target IP address is the civil IP address.
In a second aspect, an embodiment of the present invention further provides an asset detection method, where the method is applied to a detection node, and the method includes:
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be a survival IP address based on the detection task, determining a survival port in the port range;
and determining the device type corresponding to the survival port, and reporting the device type to the central node, so that if the central node inquires the device type in a civil device library, the target IP address is judged to be a civil IP address.
In a third aspect, an embodiment of the present invention further provides an asset detection method, including:
the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, a survival port in the port range is determined;
the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node;
and the central node receives the equipment type, and if the equipment type is inquired in a civil equipment library, the target IP address is judged to be a civil IP address.
In a fourth aspect, an embodiment of the present invention provides an asset detection apparatus, including:
the system comprises a sending module and a detection module, wherein the sending module is used for sending a detection task to a detection node, and the detection task comprises a target IP address and a port range corresponding to the target IP address;
a receiving module, configured to receive a device type corresponding to a surviving port in the port range sent by the probe node based on the probe task;
and the judging module is used for judging that the target IP address is the civil IP address if the equipment type is inquired in the civil equipment library.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods provided by the embodiments of the present invention.
In a sixth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method provided by the present invention.
According to the technical scheme provided by the embodiment of the invention, the central node issues the detection task, the detection node determines the survival port in the port range corresponding to the target IP address if the target IP address is judged to be alive through the detection task, determines the equipment type corresponding to the survival port and reports the equipment type to the central node, and if the central node inquires the equipment type in the civil equipment, the central node judges that the target IP address is the civil IP address, so that the property judgment of the target IP address can be realized, comprehensive detection information can be obtained, the subsequent defense deployment is facilitated, and the safety is ensured.
Drawings
FIG. 1 is a flow chart of an asset detection method provided by an embodiment of the invention;
FIG. 2 is a flow chart of an asset detection method provided by an embodiment of the invention;
FIG. 3 is a flow chart of an asset detection method provided by an embodiment of the invention;
FIG. 4 is a block diagram of an asset detection device according to an embodiment of the present invention;
FIG. 5 is a block diagram of an asset detection device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Fig. 1 is a flowchart of an asset detection method according to an embodiment of the present invention, where the asset detection method may be executed by an asset detection apparatus, where the apparatus may be implemented by software and/or hardware, the apparatus may be configured in a central node, and the central node may be an electronic device such as a server, and the method may be applied in a scenario of asset detection.
As shown in fig. 1, the technical solution provided by the embodiment of the present invention includes:
s110: and sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address.
In an implementation manner of the embodiment of the present invention, before sending the probe task to the probe node, the method may further include: and configuring a civil equipment library. In particular, a library of consumer devices may be collected and organized, including but not limited to home wireless routers, set-top boxes, and terminals.
In the embodiment of the present invention, the central node may distribute a probe task to each probe node, and send the probe task to the probe node, where the probe task includes a specified target IP address and a port range corresponding to the target IP address, and may further include information such as a task name. The target IP address is an IP address to be detected, each IP address corresponds to a plurality of ports, and the plurality of ports form a port range.
S120: and receiving the device type corresponding to the surviving port in the port range sent by the detection node based on the detection task.
In the embodiment of the invention, the detection node receives the detection task, determines whether the target IP address is a survival IP address according to the detection task, and determines a survival port in the port range if the target IP address is the survival IP address. The method for the probe node to determine that the target IP address is a live IP address may be: and judging whether a port range corresponding to the target IP address has a live port or not, if so, judging that the target IP address is the live IP address, and if not, judging that the target IP address is not the live IP address. If the target IP address is judged to be the survival IP address, determining a survival port in a port range corresponding to the target IP address, and determining the equipment type corresponding to the survival port.
In the embodiment of the present invention, one device may correspond to one IP address, and one IP address corresponds to a port range, that is, one device may correspond to one port range, that is, one device may correspond to multiple ports, and a live port may exist in multiple ports, so that the live port may correspond to a device type. Optionally, the method for determining that there is a surviving port in the port range may be: the detection node judges whether connection can be established with a port in the port range, if so, the port which can be connected with the detection node is a survival port, and if not, the port which can not be connected with the detection node is not a survival port. Optionally, the method for determining the device type corresponding to the alive port may be: the detection node sends a detection data packet to the survival port, the survival port sends a feedback data packet to the detection node, and the corresponding equipment type is determined based on data in the feedback data packet. The data in the feedback data packet may include information of the device type, so that the device type corresponding to the live port may be determined based on the feedback data packet. The device types may include a civilian device type, a non-civilian device type, and the like.
S130: and if the device type is inquired in the civil device library, judging that the target IP address is the civil IP address.
In the embodiment of the present invention, the central node may compare the device type in the civil device library with the device type corresponding to the alive port (the alive port in the port range corresponding to the target IP address), and if the device type corresponding to the alive port is queried in the civil device library, the target IP address is the civil IP address. The civil IP address may mean that a user of the IP address does not belong to a company or an enterprise and public institution, but is a common resident or an individual user.
In an implementation manner of the embodiment of the present invention, optionally, the method provided in the embodiment of the present invention may further include: if the device type is not inquired in the civil device library, judging that the target IP address is not a civil IP address, and determining a corresponding defense strategy for the target IP address. If the target IP address is not a civil IP address, the user of the target IP address may be a company or a unit, and if the target IP address is attacked, a large loss may be generated.
According to the technical scheme provided by the embodiment of the invention, the central node issues the detection task so that the detection node determines the survival port in the port range corresponding to the target IP address and determines the equipment type corresponding to the survival port if the detection task judges that the target IP address is alive, the central node receives the equipment type reported by the detection node, and if the equipment type is inquired in the civil equipment, the target IP address is judged to be the civil IP address, so that the property judgment of the target IP address can be realized, comprehensive detection information can be obtained, the subsequent defense deployment is facilitated, and the safety is ensured.
Fig. 2 is a flowchart of an asset detection method according to an embodiment of the present invention, where the method may be performed by an asset detection apparatus, the apparatus may be implemented by software and/or hardware, the apparatus may be configured in a detection node, the detection node may be an electronic device such as a computer, and the method may be applied in a scenario of asset detection.
As shown in fig. 2, the technical solution provided by the embodiment of the present invention includes:
s210: and receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address.
In the embodiment of the present invention, the central node may distribute the probe task to each probe node, and send the probe task to the probe node, and the probe node receives the probe task. The detection task comprises a specified target IP address and a port range corresponding to the target IP address. The target IP address is an IP address to be detected, each IP address corresponds to a plurality of ports, and the plurality of ports form a port range.
S220: and if the target IP address is judged to be a live IP address based on the detection task, determining a live port in the port range.
In the embodiment of the invention, the detection node determines whether the target IP address is a survival IP address according to the detection task, and if the target IP address is determined to be the survival IP address, the survival port in the port range is determined.
In an implementation manner of the embodiment of the present invention, optionally, the determining a surviving port in the port range includes: judging whether to establish connection with the port in the port range; if yes, determining the port for establishing the connection as a live port. The detection node judges whether connection can be established with a port in a port range, if so, the port which can be connected with the detection node is a survival port, and if not, the port which can not be connected with the detection node is not a survival port.
S230: and determining the device type corresponding to the survival port, and reporting the device type to the central node, so that if the central node inquires the device type in a civil device library, the target IP address is judged to be a civil IP address.
In an implementation manner of the embodiment of the present invention, optionally, the determining the device type corresponding to the alive port includes: sending a probe data packet to the alive port to enable the alive port to send a feedback data packet based on the probe data packet; and determining the device type corresponding to the alive port based on the feedback data packet sent by the alive port. The data in the feedback data packet may include information of the device type, so that the device type corresponding to the live port may be determined based on the feedback data packet. The device types may include a civilian device type, a non-civilian device type, and the like.
In the embodiment of the present invention, the probing node may report the device type corresponding to the alive port to the central node, and the central node may compare the device type in the civil device library with the device type corresponding to the alive port (the alive port in the port range corresponding to the target IP address), and if the device type corresponding to the alive port is queried in the civil device library, the target IP address is the civil IP address.
According to the technical scheme provided by the embodiment of the invention, by receiving the detection task issued by the central node, determining the survival port in the port range corresponding to the target IP address and determining the equipment type corresponding to the survival port based on the detection task of the detection node if the target IP address is judged to be alive by the detection task, and reporting the equipment type to the central node, so that if the equipment type is inquired in the civil equipment by the central node, the target IP address is judged to be the civil IP address, the property judgment of the target IP address can be realized, the comprehensive detection information can be acquired, the subsequent defense deployment is facilitated, and the safety is ensured.
Fig. 3 is a flowchart of an asset detection method according to an embodiment of the present invention, where in this embodiment, the method may be executed by a central node and a detection node, as shown in fig. 3, a technical solution provided by the embodiment of the present invention includes:
s310: the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address.
S320: and the detection node receives a detection task issued by the central node, and determines a survival port in the port range if the target IP address is determined to be a survival IP address based on the detection task.
S330: and the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node.
S340: and the central node receives the equipment type, and if the equipment type is inquired in a civil equipment library, the target IP address is judged to be a civil IP address.
Optionally, the method may further include: if the device type is not inquired in the civil device library, the central node judges that the target IP address is not the civil IP address, and determines a corresponding defense strategy for the target IP address.
Optionally, the method may further include: and the central node configures a civil equipment library, wherein the civil equipment library comprises a household wireless router, a set top box and a terminal.
Optionally, determining a surviving port in the port range includes:
judging whether to establish connection with the port in the port range;
if yes, determining the port for establishing the connection as a live port.
Optionally, the determining the device type corresponding to the alive port includes:
sending a probe data packet to the alive port to enable the alive port to send a feedback data packet based on the probe data packet;
and determining the device type corresponding to the alive port based on the feedback data packet sent by the alive port.
The above steps can be referred to the description of the above embodiments, and will not be described again.
Fig. 4 is a block diagram of an asset detection device according to an embodiment of the present invention, and as shown in fig. 4, the device includes: a sending module 410, a receiving module 420 and a judging module 430.
A sending module 410, configured to send a probe task to a probe node, where the probe task includes a target IP address and a port range corresponding to the target IP address;
a receiving module 420, configured to receive a device type corresponding to a surviving port in the port range sent by the probe node based on the probe task;
the determining module 430 is configured to determine that the target IP address is a civil IP address if the device type is queried in the civil device library.
Optionally, the determining module 430 is further configured to determine that the target IP address is not a civil IP address if the device type is not queried in the civil device library, and determine a corresponding defense policy for the target IP address.
Optionally, the apparatus further includes a configuration module, configured to configure a domestic device library, where the domestic device library includes a domestic wireless router, a set-top box, and a terminal.
The device can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Fig. 5 is a block diagram of an asset detection device according to an embodiment of the present invention, and as shown in fig. 5, the device includes a task receiving module 510, a first determining module 520, and a second determining module 530.
A task receiving module 510, configured to receive a probe task issued by a central node, where the probe task includes a target IP address and a port range corresponding to the target IP address;
a first determining module 520, configured to determine a live port in the port range if the target IP address is determined to be a live IP address based on the probe task;
a second determining module 530, configured to determine the device type corresponding to the alive port, and report the device type to the central node, so that if the central node queries the device type in the civil device library, it determines that the target IP address is a civil IP address.
Optionally, determining a surviving port in the port range includes:
judging whether to establish connection with the port in the port range;
if yes, determining the port for establishing the connection as a live port.
Optionally, the determining the device type corresponding to the alive port includes:
sending a probe data packet to the alive port to enable the alive port to send a feedback data packet based on the probe data packet;
and determining the device type corresponding to the alive port based on the feedback data packet sent by the alive port.
The device can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Fig. 6 is a schematic structural diagram of an apparatus provided in an embodiment of the present invention, and as shown in fig. 6, the apparatus includes:
one or more processors 610, one processor 610 being exemplified in fig. 6;
a memory 620;
the apparatus may further include: an input device 630 and an output device 640.
The processor 610, the memory 620, the input device 630 and the output device 640 of the apparatus may be connected by a bus or other means, and fig. 6 illustrates the example of connection by a bus.
The memory 620, which is a non-transitory computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to an asset detection method in an embodiment of the present invention (e.g., the sending module 410, the receiving module 420, and the determining module 430 shown in fig. 4, or the task receiving module 510, the first determining module 520, and the second determining module 530 shown in fig. 5). The processor 610 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the memory 620, namely, an asset detection method implementing the above method embodiments, namely:
sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
receiving the device type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the device type is inquired in the civil device library, judging that the target IP address is the civil IP address.
Or;
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be a survival IP address based on the detection task, determining a survival port in the port range;
and determining the device type corresponding to the survival port, and reporting the device type to the central node, so that if the central node inquires the device type in a civil device library, the target IP address is judged to be a civil IP address.
The memory 620 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 620 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 620 optionally includes memory located remotely from processor 610, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input means 630 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. The output device 640 may include a display device such as a display screen.
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements an asset detection method according to an embodiment of the present invention:
sending a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
receiving the device type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the device type is inquired in the civil device library, judging that the target IP address is the civil IP address.
Or;
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be a survival IP address based on the detection task, determining a survival port in the port range;
and determining the device type corresponding to the survival port, and reporting the device type to the central node, so that if the central node inquires the device type in a civil device library, the target IP address is judged to be a civil IP address.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. An asset detection method, applied to a central node, the method comprising:
sending a detection task to a detection node, wherein the detection task comprises a target network protocol (IP) address and a port range corresponding to the target IP address;
receiving the device type corresponding to the surviving port in the port range sent by the detection node based on the detection task;
and if the device type is inquired in the civil device library, judging that the target IP address is the civil IP address.
2. The method of claim 1, further comprising:
if the device type is not inquired in the civil device library, judging that the target IP address is not a civil IP address, and determining a corresponding defense strategy for the target IP address.
3. The method of claim 1, further comprising: configuring a civil equipment library, wherein the civil equipment library comprises a household wireless router, a set-top box and a terminal.
4. An asset detection method, applied to a detection node, the method comprising:
receiving a detection task issued by a central node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
if the target IP address is judged to be a survival IP address based on the detection task, determining a survival port in the port range;
and determining the device type corresponding to the survival port, and reporting the device type to the central node, so that if the central node inquires the device type in a civil device library, the target IP address is judged to be a civil IP address.
5. The method of claim 4, wherein determining surviving ports in the port range comprises:
judging whether to establish connection with the port in the port range;
if yes, determining the port for establishing the connection as a live port.
6. The method of claim 4, wherein the determining the device type corresponding to the alive port comprises:
sending a probe data packet to the alive port to enable the alive port to send a feedback data packet based on the probe data packet;
and determining the device type corresponding to the alive port based on the feedback data packet sent by the alive port.
7. An asset detection method, comprising:
the method comprises the steps that a central node sends a detection task to a detection node, wherein the detection task comprises a target IP address and a port range corresponding to the target IP address;
the detection node receives a detection task issued by the central node, and if the target IP address is determined to be a survival IP address based on the detection task, a survival port in the port range is determined;
the detection node determines the equipment type corresponding to the survival port and reports the equipment type to the central node;
and the central node receives the equipment type, and if the equipment type is inquired in a civil equipment library, the target IP address is judged to be a civil IP address.
8. An asset detection device, comprising:
the system comprises a sending module and a detection module, wherein the sending module is used for sending a detection task to a detection node, and the detection task comprises a target IP address and a port range corresponding to the target IP address;
a receiving module, configured to receive a device type corresponding to a surviving port in the port range sent by the probe node based on the probe task;
and the judging module is used for judging that the target IP address is the civil IP address if the equipment type is inquired in the civil equipment library.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111536391.5A CN114244755B (en) | 2021-12-15 | 2021-12-15 | Asset detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111536391.5A CN114244755B (en) | 2021-12-15 | 2021-12-15 | Asset detection method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114244755A true CN114244755A (en) | 2022-03-25 |
| CN114244755B CN114244755B (en) | 2023-11-14 |
Family
ID=80756621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111536391.5A Active CN114244755B (en) | 2021-12-15 | 2021-12-15 | Asset detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244755B (en) |
Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090187664A1 (en) * | 2006-06-30 | 2009-07-23 | France Telecom | Method for addressing call transmission and service elements between heterogenous nodes |
| CN101600097A (en) * | 2009-03-06 | 2009-12-09 | 深圳市灵琅科技有限公司 | The method and system of security protection monitoring for mobile multimedia |
| CN102439905A (en) * | 2011-09-30 | 2012-05-02 | 华为技术有限公司 | Method, device and system for automatically discovering network topology |
| CN102684897A (en) * | 2011-03-14 | 2012-09-19 | 上海宝信软件股份有限公司 | Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment |
| US20140068030A1 (en) * | 2012-08-31 | 2014-03-06 | Benjamin A. Chambers | Method for automatically applying access control policies based on device types of networked computing devices |
| WO2016093724A1 (en) * | 2014-12-11 | 2016-06-16 | Bitdefender Ipr Management Ltd | Systems and methods for automatic device detection, device management, and remote assistance |
| CN107846460A (en) * | 2017-10-30 | 2018-03-27 | 中国人民解放军战略支援部队航天工程大学 | A kind of recurrence system and method for Military Information System information flow |
| CN108900351A (en) * | 2018-07-13 | 2018-11-27 | 中国科学院信息工程研究所 | The recognition methods of Intranet device type and device |
| CN109345786A (en) * | 2018-09-13 | 2019-02-15 | 国网上海市电力公司 | A kind of non-resident user power utilization abnormal conditions automatic alarm system of low pressure |
| CN109426574A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | Distributed computing system, data transmission method and device in distributed computing system |
| CN110233848A (en) * | 2019-06-18 | 2019-09-13 | 浙江齐治科技股份有限公司 | A kind of assets Situation analysis method and device |
| CN110311809A (en) * | 2019-06-12 | 2019-10-08 | 杭州迪普科技股份有限公司 | The access terminal monitoring and managing method and device of video monitoring system |
| CN110943884A (en) * | 2019-11-22 | 2020-03-31 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN111709009A (en) * | 2020-06-17 | 2020-09-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for networked industrial control system, computer equipment and medium |
| CN112118152A (en) * | 2020-09-02 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Distributed architecture for realizing rapid scanning of network assets |
| CN112699378A (en) * | 2020-12-31 | 2021-04-23 | 北京航天控制仪器研究所 | Industrial control equipment vulnerability detection system and method |
| CN113055379A (en) * | 2021-03-11 | 2021-06-29 | 北京顶象技术有限公司 | Risk situation perception method and system for key infrastructure of whole network |
| CN113259197A (en) * | 2021-05-13 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Asset detection method and device and electronic equipment |
| CN113315743A (en) * | 2020-02-27 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Defense processing method, device, equipment and storage medium |
-
2021
- 2021-12-15 CN CN202111536391.5A patent/CN114244755B/en active Active
Patent Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090187664A1 (en) * | 2006-06-30 | 2009-07-23 | France Telecom | Method for addressing call transmission and service elements between heterogenous nodes |
| CN101600097A (en) * | 2009-03-06 | 2009-12-09 | 深圳市灵琅科技有限公司 | The method and system of security protection monitoring for mobile multimedia |
| CN102684897A (en) * | 2011-03-14 | 2012-09-19 | 上海宝信软件股份有限公司 | Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment |
| CN102439905A (en) * | 2011-09-30 | 2012-05-02 | 华为技术有限公司 | Method, device and system for automatically discovering network topology |
| US20140068030A1 (en) * | 2012-08-31 | 2014-03-06 | Benjamin A. Chambers | Method for automatically applying access control policies based on device types of networked computing devices |
| WO2016093724A1 (en) * | 2014-12-11 | 2016-06-16 | Bitdefender Ipr Management Ltd | Systems and methods for automatic device detection, device management, and remote assistance |
| CN109426574A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | Distributed computing system, data transmission method and device in distributed computing system |
| CN107846460A (en) * | 2017-10-30 | 2018-03-27 | 中国人民解放军战略支援部队航天工程大学 | A kind of recurrence system and method for Military Information System information flow |
| CN108900351A (en) * | 2018-07-13 | 2018-11-27 | 中国科学院信息工程研究所 | The recognition methods of Intranet device type and device |
| CN109345786A (en) * | 2018-09-13 | 2019-02-15 | 国网上海市电力公司 | A kind of non-resident user power utilization abnormal conditions automatic alarm system of low pressure |
| CN110311809A (en) * | 2019-06-12 | 2019-10-08 | 杭州迪普科技股份有限公司 | The access terminal monitoring and managing method and device of video monitoring system |
| CN110233848A (en) * | 2019-06-18 | 2019-09-13 | 浙江齐治科技股份有限公司 | A kind of assets Situation analysis method and device |
| CN110943884A (en) * | 2019-11-22 | 2020-03-31 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN113315743A (en) * | 2020-02-27 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Defense processing method, device, equipment and storage medium |
| CN111709009A (en) * | 2020-06-17 | 2020-09-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for networked industrial control system, computer equipment and medium |
| CN112118152A (en) * | 2020-09-02 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Distributed architecture for realizing rapid scanning of network assets |
| CN112699378A (en) * | 2020-12-31 | 2021-04-23 | 北京航天控制仪器研究所 | Industrial control equipment vulnerability detection system and method |
| CN113055379A (en) * | 2021-03-11 | 2021-06-29 | 北京顶象技术有限公司 | Risk situation perception method and system for key infrastructure of whole network |
| CN113259197A (en) * | 2021-05-13 | 2021-08-13 | 北京天融信网络安全技术有限公司 | Asset detection method and device and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| 戴支祥;赵生慧;: "利用端口探测主机存活性的方法", 滁州学院学报, no. 03 * |
| 贺英杰;王慧强;周仁杰;: "面向网络态势感知的实时网络拓扑发现", 计算机工程, no. 24 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114244755B (en) | 2023-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111132120B (en) | Method, system and equipment for identifying camera device in room local area network | |
| US20190281072A1 (en) | Asset discovery using established network connections of known assets | |
| CN103746956A (en) | Virtual honeypot | |
| US9241007B1 (en) | System, method, and computer program for providing a vulnerability assessment of a network of industrial automation devices | |
| CN112583797B (en) | Multi-protocol data processing method, device, equipment and computer readable storage medium | |
| CN114448830B (en) | Equipment detection system and method | |
| CN113825129A (en) | Industrial internet asset mapping method under 5G network environment | |
| CN112579997B (en) | User permission configuration method and device, computer equipment and storage medium | |
| CN106992893A (en) | The management method and device of router | |
| CN113923008B (en) | Malicious website interception method, device, equipment and storage medium | |
| KR20200007912A (en) | Methods, devices, and systems for monitoring data traffic | |
| CN105323128B (en) | method, device and system for accessing front-end equipment to server | |
| CN111427710B (en) | Communication method, device, equipment and storage medium of components in application program | |
| CN117176802B (en) | Full-link monitoring method and device for service request, electronic equipment and medium | |
| CN104270431A (en) | Method and device for concurrency control | |
| CN114244755A (en) | Asset detection method, device, equipment and storage medium | |
| CN111737084A (en) | Information monitoring method and device, intelligent equipment, computer equipment and medium | |
| CN103326892B (en) | The operating method and device of web interface | |
| US20130179537A1 (en) | Transmitting of configuration items within a network | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN114390088B (en) | Interaction method and device of EDPS (electronic data transfer protocol) through OPC UA client and OPC UA server | |
| CN114301707B (en) | Data packet sequence feature extraction method, device, equipment and medium | |
| CN113242205B (en) | Network traffic classification control method, device, server and storage medium | |
| CN115277506B (en) | Load balancing equipment testing method and system | |
| CN110391950A (en) | A kind of application service test method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |