Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Network terminal port scanning method and network terminal port scanning system

A network terminal and port scanning technology, applied in the field of information security, can solve problems such as long scanning time and unfavorable security vulnerability discovery, and achieve the effect of reducing scanning time, improving scanning efficiency, and fast and efficient discovery.

Active Publication Date: 2021-06-25
智网安云(武汉)信息技术有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the ports of an IP address are numbered by 16 bits, there can be up to 65536 ports, so there are too many ports to be scanned, and the scanning time is too long, which is not conducive to the discovery of security vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network terminal port scanning method and network terminal port scanning system
  • Network terminal port scanning method and network terminal port scanning system
  • Network terminal port scanning method and network terminal port scanning system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] In some embodiments, a network terminal port scanning method, such as figure 1 shown, including the following steps:

[0042] S01. Extract the source IP address, target IP address, source port, and target port of each network terminal from the acquired network traffic monitoring data of each network terminal, and filter used IP addresses and ports.

[0043] In this embodiment, the network terminal may be a server or a client, and may be a PC or a mobile terminal device. These network terminals are mainly managed by a network terminal management device, using hardware probes, traffic mirroring analyzers or SNMP (Simple Network Management Protocol)-based traffic analyzers to monitor network traffic data. Specifically, the hardware probe is serially connected to the link that needs to capture the flow, and the flow data is obtained by shunting the digital signal on the link. Traffic mirroring analysis is to mirror the traffic of a certain link of the network terminal to ...

Embodiment 2

[0068] In order to further optimize the network terminal port scanning method and improve scanning efficiency, in some embodiments, a network terminal port scanning method, such as Figure 4 shown, including the following steps:

[0069] S01a. Obtain the source IP address, target IP address, source port, and target port of each network terminal, and filter the used IP addresses and ports.

[0070] S02a. Determine the central node of the network terminal in the same network community according to preset rules.

[0071] For the specific content of steps S01a and S02a, reference may be made to Embodiment 1, which will not be repeated here.

[0072] S03a, looking for a first-degree node of the central node.

[0073] For a network community, in addition to the central node, it also includes edge nodes. The edge nodes can at least include first-degree nodes, second-degree nodes, and third-degree nodes. The first-degree nodes are network terminals that have a direct access relation...

Embodiment 3

[0106] The embodiment of the invention also discloses a network terminal port scanning system, which combines Figure 8 As shown, at least include screening module 11, priority determination module 12, scanning module 13, wherein:

[0107] The screening module 11 is used to extract the source IP address, target IP address, source port, and target port of each network terminal from the obtained network traffic monitoring data of each network terminal, and filter the used IP addresses and ports.

[0108] The screening module 11 can obtain network traffic data monitored by a hardware probe, a traffic mirroring analyzer, or a traffic analyzer based on SNMP (Simple Network Management Protocol). A traffic log information file is generated according to the detected network traffic data, and the traffic log information generally includes at least a source IP address, a destination IP address, a source port, a destination port, and the like.

[0109] The priority determination module ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a network terminal port scanning method and a network terminal port scanning system, and the method comprises the steps: extracting a source IP address, a target IP address, a source port and a target port of each network terminal from obtained network flow monitoring data of each network terminal, and screening used IP addresses and ports; determining a central node of the network terminals in the same network community according to a preset rule; and scanning the IP address and the port used by the central node. According to the invention, the network terminal is scanned according to the key point sequence, so that the time for scanning the network terminal is shortened, the efficiency for scanning the network terminal is improved, and the user experience is good.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a network terminal port scanning method and a network terminal port scanning system. Background technique [0002] Whether the network terminal port is opened or not represents whether the service is running or not. By scanning whether the service of the port is opened, it is prepared for the subsequent network security warning. The existing port scanning technology scans each port of the terminal to determine whether the service (such as http service, ftp service, ssh service, telnet service, rdp service, etc.) is enabled. [0003] But there are some problems with the existing port scanning technology. For example, you can only use polling to scan unknown IP address segments and ports; or use software to perform full scans to find IP addresses and ports that are already in use, and then perform detailed scans on these IP addresses and ports. Since the ports of an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1433H04L63/1425H04L41/0213
Inventor 徐远翔付林赵星罗霄
Owner 智网安云(武汉)信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products