CN115378912A - Scanning method and system for active IPv6 address - Google Patents
Scanning method and system for active IPv6 address Download PDFInfo
- Publication number
- CN115378912A CN115378912A CN202210862867.2A CN202210862867A CN115378912A CN 115378912 A CN115378912 A CN 115378912A CN 202210862867 A CN202210862867 A CN 202210862867A CN 115378912 A CN115378912 A CN 115378912A
- Authority
- CN
- China
- Prior art keywords
- address
- active
- ipv6
- addresses
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application discloses a method and a system for scanning an active IPv6 address, which relate to the technical field of IP asset scanning, and the method comprises the following steps: counting target IP addresses with IP aliases in the active IPv6 address seed set, and calculating a first address proportion of the target IP addresses in the corresponding active IPv6 address seed set; if the first address proportion exceeds a first proportion threshold value, generating a pre-scanning address set based on the expansion parameters; detecting a pre-scanning address set and classifying the addresses according to the detection result; calculating an active IP address in a target active IPv6 address seed set by combining an IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm; and if the first occupation ratio threshold value is not exceeded, the active IP address in the target active IPv6 address seed set is calculated through an IPv6 active address direct push algorithm. The method and the device have the effect of higher scanning accuracy when analyzing any seed address set.
Description
Technical Field
The application relates to the technical field of IP asset scanning, in particular to a method and a system for scanning an active IPv6 address.
Background
The identification and mining of active IP addresses are of great significance in network application, and with the continuous development of networks, IPv4 addresses do not meet the use requirements of the networks, so that the current IP addresses are more IPv6 addresses. Compared with the IPv4 address, the length of the IPv6 address is increased by 4 times, so that the size of the IPv6 address space is exponentially increased, 264 addresses are provided for the address space of an IPv6 subnet with a prefix length of 64, which is about 40 hundred million times of the IPv4, and theoretically 1.844 × 1019 hosts can be allocated, thereby leading to a lower active density of IPv6 hosts compared with the IPv4 network.
However, the low active density and the huge address space lead to low scanning efficiency of the active host address, and hundreds of millions of years are needed for scanning the whole IPv6 address space, so that it can be seen that the traversal scanning of the IPv6 network address is not feasible at present in the technical level. In the related technology, an IPv6 address discovery algorithm is usually adopted for active address scanning, a seed address set is input into the discovery algorithm, address characteristics in the seed address set are analyzed and calculated through the discovery algorithm, and finally a scanning target address set is generated and output as an active address.
With respect to the related art among the above, the inventors consider that the following drawbacks exist: when the discovery algorithm is adopted, the seed address set with obvious address characteristics is required to be input to have higher scanning accuracy, and the scanning accuracy is lower when the seed address set with less obvious address characteristics is analyzed.
Disclosure of Invention
In order to overcome the defect of low scanning accuracy when a seed address set with relatively unobvious address characteristics is analyzed, the application provides a scanning method and a scanning system for an active IPv6 address.
In a first aspect, the present application provides a method for scanning an active IPv6 address, including the following steps:
acquiring an active IPv6 address seed set;
respectively counting target IP addresses with IP aliases in all the active IPv6 address seed sets, and calculating a first address ratio of the target IP addresses in the corresponding active IPv6 address seed sets;
judging whether the first address ratio exceeds a preset first ratio threshold value;
if the first address ratio exceeds the first ratio threshold, generating a pre-scanning address set based on a preset expansion parameter;
detecting the pre-scanning address set and classifying the addresses according to the detection result;
calculating the active IP address in the target active IPv6 address seed set by combining a preset IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm;
and if the first address occupation ratio does not exceed the first occupation ratio threshold, calculating the active IP address in the target active IPv6 address seed set by the IPv6 active address direct push algorithm.
By adopting the technical scheme, the address seed sets are preliminarily classified according to a preset first occupation ratio threshold value and a first address occupation ratio of a target IP address with an IP alias in the address seed sets, the active IP address can be calculated by directly adopting an IPv6 active address direct push algorithm for the address seed sets with few IP aliases, the pre-scanning address set can be generated for preliminary scanning for the address seed sets with many IP aliases, and then the active IP address is calculated by combining an IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm. Compared with the discovery algorithm in the related art, the method can improve the scanning accuracy on the basis of ensuring the scanning efficiency without considering the address characteristics of most addresses in the address seed set.
Optionally, the step of calculating the active IP address in the target active IPv6 address seed set by using the IPv6 active address direct push algorithm includes the following steps:
dividing all the target addresses into a plurality of target address categories according to address prefix attributions of all the target addresses in the target active IPv6 address seed set;
acquiring a historical active address of the target address category;
obtaining an address budget value of each target address category and weight values of a plurality of address bits in a suffix address based on the historical active address analysis;
assigning a value to the corresponding address bit by combining the address budget value and the weight value;
and traversing and assigning the address bits which are not assigned in the preset value range to obtain the active IP address.
By adopting the technical scheme, the target address is divided into a plurality of target address categories according to the address prefix attribution, then the assignment is carried out on a plurality of suffix address bits of the virtual address in the corresponding category according to the historical active address in each category, then traversal scanning is carried out in a preset value range, finally the assignment is carried out on a plurality of address bits which are not assigned in the suffix address of the virtual address, and the obtained plurality of IP addresses are the active IP addresses obtained through calculation.
Optionally, the extension parameter determines a prefix length upper limit of a corresponding address block in the pre-scan address set.
By adopting the technical scheme, the number of address blocks to be pre-scanned is limited through the preset expansion parameters, and the address blocks with fewer active addresses are eliminated, so that the time for pre-scanning the addresses is shortened, and the pre-scanning efficiency is improved.
Optionally, the detecting the pre-scan address set and classifying the addresses according to the detection result includes the following steps:
detecting a plurality of address blocks in the pre-scanning address set to obtain a detection result;
analyzing and obtaining a second address ratio of a prescan active address in each address block in the address blocks corresponding to the address blocks based on the detection result;
judging whether the second address ratio exceeds a preset second ratio threshold value;
if the second address ratio exceeds the second ratio threshold, dividing the corresponding address block into a high-activity address set;
and if the second address proportion does not exceed the second proportion threshold value, dividing the corresponding address block into a low-activity address set.
By adopting the technical scheme, the address blocks in the generated pre-scanning address set are detected and pre-scanned, and the address blocks are divided into a high-activity address set and a low-activity address set according to the activity of the address blocks.
Optionally, the step of calculating the active IP address in the target active IPv6 address seed set by combining a preset IPv6 active address extension algorithm and an IPv6 active address direct push algorithm includes the following steps:
judging whether the address block in the target active IPv6 address seed set belongs to the high active address set or the low active address set;
if the address belongs to the high active address set, an active IP address in the corresponding address block is calculated through a preset IPv6 active address expansion algorithm;
and if the address belongs to the low active address set, calculating the active IP address in the corresponding address block by the IPv6 active address direct push algorithm.
By adopting the technical scheme, according to the address blocks with different liveness, different algorithms are adopted for calculation, so that the efficiency and the accuracy of active address calculation can be improved.
Optionally, the step of calculating the active IP address in the corresponding address block by using a preset IPv6 active address extension algorithm includes the following steps:
acquiring address prefixes of all the address blocks in the high-activity address set;
respectively traversing suffix binary addresses corresponding to the address prefixes to obtain a plurality of initial scanning address sets;
carrying out duplicate removal processing and format unified processing on the plurality of initial scanning address sets to obtain a plurality of basic scanning address sets;
merging a plurality of the base scanning address sets into an active address set, wherein the addresses in the active address set are active IP addresses.
By adopting the technical scheme, the expansion algorithm is used for calculating the high-activity address set, the expansion algorithm is used for traversing and scanning the suffix binary address based on the address prefix of the address block in the input high-activity address set to obtain a plurality of initial scanning address sets, but as repeated addresses may appear in the initial scanning address sets generated by traversal, the initial scanning address sets need to be subjected to deduplication processing, the format is uniformly processed into the IPv6 standard format to obtain a plurality of basic scanning address sets, and all the basic scanning address sets are combined into the active address set, namely the expansion calculation of the active IP address is completed.
Optionally, the acquiring the active IPv6 address seed set includes the following steps:
acquiring a plurality of first active addresses from a preset open source IPv6 active address library;
obtaining a plurality of active domain names based on an Alexa ranking;
de-resolving the plurality of active domain names into a plurality of second active addresses;
aggregating a plurality of the first active addresses and a plurality of the second active addresses into an active IPv6 address seed set.
By adopting the technical scheme, the active IPv6 address seed set can be obtained by combining the open source IPv6 active address library and the Alexa ranking, and the address seed set with specific address characteristics does not need to be obtained.
In a second aspect, the present application further provides a scanning system for active IPv6 addresses, including a memory, a processor, and a program stored in the memory and executable on the processor, where the program is capable of being loaded and executed by the processor to implement a scanning method for active IPv6 addresses as described in the first aspect.
By adopting the technical scheme, through program calling, the address seed sets are preliminarily classified according to a preset first ratio threshold value and a first address ratio of a target IP address with an IP alias in the address seed sets, the address seed sets with few IP aliases can directly adopt an IPv6 active address direct push algorithm to calculate an active IP address, the address seed sets with many IP aliases can generate a pre-scanning address set to carry out preliminary scanning, and then an IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm are combined to calculate an active IP address. Compared with the discovery algorithm in the related art, the method can improve the scanning accuracy on the basis of ensuring the scanning efficiency without considering the address characteristics of most addresses in the address seed set.
To sum up, the application comprises the following beneficial technical effects:
the method comprises the steps of firstly, preliminarily classifying address seed sets according to a preset first occupation ratio threshold value and a first address occupation ratio of a target IP address with an IP alias in the address seed sets, directly adopting an IPv6 active address direct push algorithm to calculate an active IP address for the address seed sets with few IP aliases, generating a pre-scanning address set to preliminarily scan the address seed sets with many IP aliases, and then combining an IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm to calculate the active IP address. Compared with the discovery algorithm in the related art, the method can avoid considering the address characteristics of most addresses in the address seed set, and can improve the scanning accuracy on the basis of ensuring the scanning efficiency.
Drawings
Fig. 1 is a flowchart illustrating a scanning method for an active IPv6 address according to an embodiment of the present application.
Fig. 2 is a schematic flowchart illustrating a process of calculating an active IP address through a direct push algorithm according to an embodiment of the present application.
Fig. 3 is a flowchart illustrating a process of detecting a pre-scan address set and classifying addresses according to a detection result according to an embodiment of the present application.
Fig. 4 is a schematic flowchart of a process of calculating an active IP address by combining an extension algorithm and a direct push algorithm according to an embodiment of the present application.
Fig. 5 is a schematic flowchart of the active IP address estimation by the extended algorithm according to an embodiment of the present application.
Fig. 6 is a flowchart illustrating acquiring an active IPv6 address seed set according to an embodiment of the present application.
Detailed Description
The present application is described in further detail below with reference to figures 1 to 6.
The embodiment of the application discloses a method and a system for scanning an active IPv6 address.
Referring to fig. 1, the method and system for scanning an active IPv6 address includes the following steps:
s101, acquiring an active IPv6 address seed set.
Wherein, an active IPv6 address seed set of an open source can be obtained through the Internet.
S102, respectively counting the target IP addresses with the IP aliases in all the active IPv6 address seed sets, and calculating the first address proportion of the target IP addresses in the corresponding active IPv6 address seed sets.
In the network setting process, a plurality of IP addresses can be added to the same physical network card, but the MAC addresses of all the IP addresses are the same, and a standby network node can be configured through the setting of IP aliases. The occupation ratio of the target IP address in the active IPv6 address seed set can be calculated by scanning the MAC addresses of all the addresses in the active IPv6 address seed set, scanning the target IP address with the IP alias, and counting the number of the target IP addresses.
S103, judging whether the first address ratio exceeds a preset first ratio threshold value, and if the first address ratio exceeds the first ratio threshold value, executing the step S104; if the first address ratio does not exceed the first ratio threshold, step S107 is executed.
The first proportion threshold value can be preset manually, and can also be modified according to a modification instruction input manually.
And S104, generating a pre-scanning address set based on the preset expansion parameters.
The expansion parameters can be preset manually and modified according to an manually input operation instruction, the expansion parameters determine the prefix length upper limit of the corresponding address blocks in the pre-scanning address set, the number of the pre-scanning address blocks is limited through the preset expansion parameters, and the address blocks with fewer active addresses are eliminated, so that the time for pre-scanning the addresses is shortened, and the pre-scanning efficiency is improved.
And S105, detecting the pre-scanning address set and classifying the addresses according to the detection result.
The IP scanning tool is used for carrying out preliminary detection scanning on the pre-scanning address set, and the IP scanning tool can be Nmap, ARP Scan and the like.
And S106, combining a preset IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm to calculate the active IP address in the target active IPv6 address seed set.
And S107, the active IP address in the target active IPv6 address seed set is calculated through an IPv6 active address direct push algorithm.
The implementation principle of the embodiment is as follows:
the method comprises the steps of firstly, preliminarily classifying address seed sets according to a preset first occupation ratio threshold value and a first address occupation ratio of a target IP address with an IP alias in the address seed sets, directly adopting an IPv6 active address direct push algorithm to calculate an active IP address for the address seed sets with few IP aliases, generating a pre-scanning address set to preliminarily scan the address seed sets with many IP aliases, and then combining an IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm to calculate the active IP address. Compared with the discovery algorithm in the related art, the method can improve the scanning accuracy on the basis of ensuring the scanning efficiency without considering the address characteristics of most addresses in the address seed set.
In step S107 of the embodiment shown in fig. 1, the addresses in the target active IPv6 address seed set may be classified and assigned through a direct push algorithm, and finally the active IP addresses are obtained. This is explained in detail with reference to the embodiment shown in fig. 2.
Referring to fig. 2, the step of calculating the active IP address by the direct push algorithm includes the following steps:
s201, dividing all target addresses into a plurality of target address categories according to address prefix attributions of all target addresses in the target active IPv6 address seed set.
Since the address prefix of the IP address includes information of an address attribution, and the address characteristics of active addresses in different regions are different, the target address can be divided into a plurality of target address categories according to the attribution.
S202, acquiring the historical active address of the target address category.
The historical active addresses of the same attribution under the target address category can be obtained through the open source IPv6 active address base.
S203, obtaining an address precalculated value of each target address category and weight values of a plurality of address bits in a suffix address based on historical active address analysis.
The method comprises the steps of obtaining a target address category corresponding to a target address category, wherein through big data statistical analysis of suffix addresses in a plurality of historical active addresses, a value with the highest frequency of occurrence of each address bit in the suffix addresses is used as a precalculated value of the corresponding address bit, and accordingly the address precalculated value of the corresponding target address category is obtained. And calculating a weight value for each numerical value of a certain address bit in the suffix address according to the occurrence frequency of each numerical value of the address bit, wherein the higher the occurrence frequency is, the higher the weight value is. If the number of numerical values of a certain address bit is lower than a preset number threshold, the weight value of the address bit is not calculated.
And S204, assigning values for corresponding address bits by combining the address precalculated values and the weight values.
If the address bit has the weighted value, judging whether the value with the highest weighted value of the address bit is the same as the address precalculated value of the address bit, and if so, assigning the value to the address bit. If the address bit does not calculate the weight value, the address bit is not assigned.
S205, traversing assignment is carried out on the address bits which are not assigned in the preset value range, and the active IP address is obtained.
The maximum value range is 0 to 9, the preset value range can be manually preset, and the value range can be modified by acquiring a modification instruction manually input. Traversing assignment is carried out on the address bits which are not assigned based on the numerical values in the value range, if the address bits which are not assigned have 3 bits and the value range is 0 to 9, 1000 IP addresses are obtained after traversing assignment, whether the 1000 IP addresses are active IP is judged one by one, and if the addresses are active IP, the active IP addresses are obtained.
The implementation principle of the embodiment is as follows:
dividing the target address into a plurality of target address categories according to the address prefix attribution, assigning a plurality of suffix address bits of the virtual address in the corresponding category according to the historical active address in each category, traversing and scanning in a preset value range, and finally assigning a plurality of address bits which are not assigned in the suffix address of the virtual address, wherein the obtained plurality of IP addresses are the active IP addresses obtained by calculation.
In step S105 of the embodiment shown in fig. 1, according to the preliminary scout scan on the pre-scan address set, the activity of a plurality of address blocks in the pre-scan address set can be scanned, and then the address blocks are classified based on the activity. This is explained in detail with reference to the embodiment shown in fig. 3.
Referring to fig. 3, detecting a pre-scan address set and classifying addresses according to the detection result includes the steps of:
s301, detecting a plurality of address blocks in the pre-scanning address set to obtain detection results.
The method can perform detection scanning through IP scanning detection tools such as Nmap and ARP Scan, and can generate an active analysis report of addresses in a pre-scanning address set through IPIP.
S302, analyzing and obtaining a second address proportion of the prescan active address in each address block in the corresponding address block based on the detection result.
Wherein, the proportion of the active addresses in each address block is calculated according to the active analysis report and the detection result.
S303, judging whether the second address ratio exceeds a preset second ratio threshold, and if the second address ratio exceeds the second ratio threshold, executing the step S304; if the second address ratio does not exceed the second ratio threshold, step S305 is executed.
The second proportion threshold value can be preset manually or modified according to a modification instruction input manually
S304, dividing the corresponding address block into a high active address set.
S305, dividing the corresponding address block into a low active address set.
The implementation principle of the embodiment is as follows:
and performing detection pre-scanning on the address blocks in the generated pre-scanning address set, dividing the address blocks into a high-activity address set and a low-activity address set according to the activity of the address blocks and a preset second ratio threshold value, wherein the address blocks with the second address ratio exceeding the second ratio threshold value are divided into the high-activity address set, and the address blocks with the second address ratio not exceeding the second ratio threshold value are divided into the low-activity address set.
In step S106 of the embodiment shown in fig. 1, according to the classification result in the embodiment shown in fig. 3, different calculation algorithms are used for calculating the active addresses for the address blocks of different classes. This is explained in detail with reference to the embodiment shown in fig. 4.
Referring to fig. 4, the step of calculating the active IP address by combining the extension algorithm and the direct push algorithm includes the following steps:
s401, judging whether an address block in a target active IPv6 address seed set belongs to a high active address set or a low active address set, and if the address block in the target active IPv6 address seed set belongs to the high active address set or the low active address set, executing a step S402; if the address set is a low active address set, step S403 is executed.
S402, calculating the active IP address in the corresponding address block through a preset IPv6 active address expansion algorithm.
And S403, calculating the active IP address in the corresponding address block by an IPv6 active address direct push algorithm.
The IPv6 active address direct-pushing algorithm used is the same as the direct-pushing algorithm in the embodiment shown in fig. 2.
The implementation principle of the embodiment is as follows:
according to the address blocks with different liveness degrees, different algorithms are adopted for calculation, and the efficiency and the accuracy of calculation of the active addresses can be improved.
In step S402 of the embodiment shown in fig. 4, traversal scanning may be performed by an extension algorithm based on the address prefix of the address block in the high active address set, so as to obtain a plurality of initial scanning address sets, and then deduplication, format conversion, and merging processing are performed, so as to obtain an active address set including an active IP address. This is explained in detail with reference to the embodiment shown in fig. 5.
Referring to fig. 5, the estimation of the active IP address by the extension algorithm includes the following steps:
s501, address prefixes of all address blocks in the high-activity address set are obtained.
The IP address network prefix refers to an address part corresponding to a network part in an IP address.
S502, respectively traversing suffix binary addresses corresponding to the address prefixes to obtain a plurality of initial scanning address sets.
The suffix address is firstly adjusted from an IPv6 format to a binary format, and then traversal output is carried out on suffix address bits of each binary format to obtain a plurality of initial scanning address sets.
S503, carrying out duplicate removal processing and format unification processing on the plurality of initial scanning address sets to obtain a plurality of basic scanning address sets.
In the traversal process in the address block, repeated addresses may be generated, so that deduplication processing needs to be performed, and then all the deduplicated addresses are adjusted to be addresses in the IPv6 format.
And S504, merging the multiple basic scanning address sets into an active address set, wherein the addresses in the active address set are active IP addresses.
The implementation principle of the embodiment is as follows:
the expansion algorithm is used for calculating the high-activity address set, a plurality of initial scanning address sets are obtained by traversing and scanning a suffix binary address based on an address prefix of an address block in the input high-activity address set through the expansion algorithm, but repeated addresses may appear in the initial scanning address sets generated by traversing, so that the initial scanning address sets need to be subjected to deduplication processing, the format is uniformly processed into an IPv6 standard format to obtain a plurality of basic scanning address sets, all the basic scanning address sets are combined into the active address set, and the expansion calculation of the active IP address is completed.
In step S101 of the embodiment shown in fig. 1, since the calculation manner combining the extension algorithm and the direct push algorithm does not need to use the address seed set of the specific address feature, the active IPv6 address seed set can be directly obtained and summarized through the network. This is illustrated in detail by the embodiment shown in fig. 6.
Referring to fig. 6, acquiring an active IPv6 address seed set includes the following steps:
s601, acquiring a plurality of first active addresses from a preset open source IPv6 active address base.
The latest IPv6 active address base is acquired through the Internet in advance.
S602, acquiring a plurality of active domain names based on Alexa ranking.
The Alexa ranking refers to the world ranking of the website, and a plurality of active domain names higher than a preset ranking threshold are screened according to the preset ranking threshold.
S603, the plurality of active domain names are reversely resolved into a plurality of second active addresses.
And S604, summarizing the plurality of first active addresses and the plurality of second active addresses into an active IPv6 address seed set.
The implementation principle of the embodiment is as follows:
the active IPv6 address seed set may be obtained in conjunction with the open source IPv6 active address base and Alexa ranking without the need to obtain an address seed set with specific address characteristics.
The embodiment of the application further discloses a scanning system for active IPv6 addresses, which includes a memory, a processor, and a program stored in the memory and executable on the processor, where the program is capable of being loaded and executed by the processor to implement a scanning method for active IPv6 addresses as shown in fig. 1 to fig. 6.
The implementation principle of the embodiment is as follows:
through program calling, the address seed sets are preliminarily classified according to a preset first ratio threshold value and a first address ratio of a target IP address with an IP alias in the address seed sets, the active IP address can be calculated by directly adopting an IPv6 active address direct push algorithm for the address seed sets with few IP aliases, and the pre-scanning address sets can be generated for preliminary scanning for the address seed sets with many IP aliases, and then the active IP address is calculated by combining an IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm. Compared with the discovery algorithm in the related art, the method can improve the scanning accuracy on the basis of ensuring the scanning efficiency without considering the address characteristics of most addresses in the address seed set.
The above are preferred embodiments of the present application, and the scope of protection of the present application is not limited thereto, so: all equivalent changes made according to the structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (8)
1. A scanning method for active IPv6 address is characterized by comprising the following steps:
acquiring an active IPv6 address seed set;
respectively counting target IP addresses with IP aliases in all the active IPv6 address seed sets, and calculating a first address ratio of the target IP addresses in the corresponding active IPv6 address seed sets;
judging whether the first address ratio exceeds a preset first ratio threshold value;
if the first address ratio exceeds the first ratio threshold, generating a pre-scanning address set based on a preset expansion parameter;
detecting the pre-scanning address set and classifying the addresses according to the detection result;
calculating the active IP address in the target active IPv6 address seed set by combining a preset IPv6 active address expansion algorithm and an IPv6 active address direct push algorithm;
and if the first address occupation ratio does not exceed the first occupation ratio threshold, calculating the active IP address in the target active IPv6 address seed set by the IPv6 active address direct push algorithm.
2. The method for scanning an active IPv6 address according to claim 1, wherein the step of calculating, by using the IPv6 active address direct-pushing algorithm, the active IP address in the target active IPv6 address seed set includes the following steps:
dividing all the target addresses into a plurality of target address categories according to address prefix attributions of all the target addresses in the target active IPv6 address seed set;
acquiring a historical active address of the target address category;
obtaining an address budget value of each target address category and weight values of a plurality of address bits in a suffix address based on the historical active address analysis;
assigning a value to the corresponding address bit by combining the address budget value and the weight value;
and traversing and assigning the address bits which are not assigned in the preset value range to obtain the active IP address.
3. The method of claim 1, wherein the extension parameter determines a prefix length upper limit of a corresponding address block in the pre-scan address set.
4. The method for scanning active IPv6 addresses according to claim 3, wherein the detecting the pre-scan address set and classifying addresses according to the detection result includes the following steps:
detecting a plurality of address blocks in the pre-scanning address set to obtain a detection result;
analyzing and obtaining a second address proportion of a prescan active address in each address block in the address blocks corresponding to the address blocks based on the detection result;
judging whether the second address ratio exceeds a preset second ratio threshold value;
if the second address ratio exceeds the second ratio threshold, dividing the corresponding address block into a high-activity address set;
and if the second address proportion does not exceed the second proportion threshold value, dividing the corresponding address block into a low-activity address set.
5. The method for scanning an active IPv6 address according to claim 4, wherein the step of calculating the active IP address in the target active IPv6 address seed set by combining a preset IPv6 active address extension algorithm and an IPv6 active address direct push algorithm includes the following steps:
judging whether an address block in the target active IPv6 address seed set belongs to the high active address set or the low active address set;
if the address belongs to the high active address set, an active IP address in the corresponding address block is calculated through a preset IPv6 active address expansion algorithm;
and if the address belongs to the low active address set, calculating the active IP address in the corresponding address block by the IPv6 active address direct push algorithm.
6. The method of claim 5, wherein the step of calculating the active IP address in the corresponding address block by using a preset IPv6 active address extension algorithm comprises the following steps:
acquiring address prefixes of all the address blocks in the high-activity address set;
respectively traversing suffix binary addresses corresponding to the address prefixes to obtain a plurality of initial scanning address sets;
carrying out duplicate removal processing and format unified processing on the plurality of initial scanning address sets to obtain a plurality of basic scanning address sets;
merging a plurality of the base scanning address sets into an active address set, wherein the addresses in the active address set are active IP addresses.
7. The method for scanning active IPv6 addresses according to claim 1, wherein the step of obtaining a seed set of active IPv6 addresses includes the following steps:
acquiring a plurality of first active addresses from a preset open source IPv6 active address library;
obtaining a plurality of active domain names based on an Alexa ranking;
de-resolving the plurality of active domain names into a plurality of second active addresses;
aggregating a plurality of the first active addresses and a plurality of the second active addresses into an active IPv6 address seed set.
8. A scanning system for active IPv6 addresses, comprising a memory, a processor and a program stored on the memory and executable on the processor, the program being capable of being loaded and executed by the processor to implement a method of scanning for active IPv6 addresses as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210862867.2A CN115378912B (en) | 2022-07-21 | 2022-07-21 | Scanning method and system for active IPv6 address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210862867.2A CN115378912B (en) | 2022-07-21 | 2022-07-21 | Scanning method and system for active IPv6 address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115378912A true CN115378912A (en) | 2022-11-22 |
| CN115378912B CN115378912B (en) | 2023-06-09 |
Family
ID=84061870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210862867.2A Active CN115378912B (en) | 2022-07-21 | 2022-07-21 | Scanning method and system for active IPv6 address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115378912B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008028742A (en) * | 2006-07-21 | 2008-02-07 | Yaskawa Information Systems Co Ltd | Node device for ipv6 and program therefor |
| CN101945043A (en) * | 2010-09-06 | 2011-01-12 | 华南理工大学 | Topology discovery system of next generation Internet based on IPv6 (Internet Protocol Version 6) and realizing method thereof |
| US20110075590A1 (en) * | 2009-09-30 | 2011-03-31 | David Kormann | Methods and apparatus for discovering hosts on an ipv6 network |
| US20140086249A1 (en) * | 2012-09-27 | 2014-03-27 | Avaya, Inc. | Method for IPv6 Longest Prefix Match |
| US20170359227A1 (en) * | 2016-06-09 | 2017-12-14 | Akamai Technologies, Inc. | Internet address structure analysis, and applications thereof |
| CN108924012A (en) * | 2018-08-24 | 2018-11-30 | 赛尔网络有限公司 | Method, equipment, system and the medium of IPv6 name server liveness detection |
| US20210051132A1 (en) * | 2019-08-16 | 2021-02-18 | Forcepoint Llc | System and method for service aliasing and pooled load balancing |
| CN112383644A (en) * | 2020-10-21 | 2021-02-19 | 北京邮电大学 | Heuristic IPv6 address scanning target generation method and related equipment |
| CN112492062A (en) * | 2020-11-20 | 2021-03-12 | 清华大学 | IPv6 alias prefix detection method based on fragment fingerprints |
| CN112653764A (en) * | 2020-12-24 | 2021-04-13 | 清华大学 | IPv6 service detection method and system, electronic equipment and storage medium |
| CN113630482A (en) * | 2021-08-23 | 2021-11-09 | 南京莱克贝尔信息技术有限公司 | IPv6 rapid detection method based on hidden semi-Markov |
| CN113779165A (en) * | 2021-08-03 | 2021-12-10 | 北京邮电大学 | Method for judging geographic position ambiguity of IP address and related equipment |
| CN114221932A (en) * | 2021-10-26 | 2022-03-22 | 北京邮电大学 | IPv6 active address security evaluation method and electronic equipment |
| CN114297941A (en) * | 2021-10-22 | 2022-04-08 | 北京邮电大学 | Distributed active IPv6 address prediction method and related equipment |
-
2022
- 2022-07-21 CN CN202210862867.2A patent/CN115378912B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008028742A (en) * | 2006-07-21 | 2008-02-07 | Yaskawa Information Systems Co Ltd | Node device for ipv6 and program therefor |
| US20110075590A1 (en) * | 2009-09-30 | 2011-03-31 | David Kormann | Methods and apparatus for discovering hosts on an ipv6 network |
| CN101945043A (en) * | 2010-09-06 | 2011-01-12 | 华南理工大学 | Topology discovery system of next generation Internet based on IPv6 (Internet Protocol Version 6) and realizing method thereof |
| US20140086249A1 (en) * | 2012-09-27 | 2014-03-27 | Avaya, Inc. | Method for IPv6 Longest Prefix Match |
| US20170359227A1 (en) * | 2016-06-09 | 2017-12-14 | Akamai Technologies, Inc. | Internet address structure analysis, and applications thereof |
| CN108924012A (en) * | 2018-08-24 | 2018-11-30 | 赛尔网络有限公司 | Method, equipment, system and the medium of IPv6 name server liveness detection |
| US20210051132A1 (en) * | 2019-08-16 | 2021-02-18 | Forcepoint Llc | System and method for service aliasing and pooled load balancing |
| CN112383644A (en) * | 2020-10-21 | 2021-02-19 | 北京邮电大学 | Heuristic IPv6 address scanning target generation method and related equipment |
| CN112492062A (en) * | 2020-11-20 | 2021-03-12 | 清华大学 | IPv6 alias prefix detection method based on fragment fingerprints |
| CN112653764A (en) * | 2020-12-24 | 2021-04-13 | 清华大学 | IPv6 service detection method and system, electronic equipment and storage medium |
| CN113779165A (en) * | 2021-08-03 | 2021-12-10 | 北京邮电大学 | Method for judging geographic position ambiguity of IP address and related equipment |
| CN113630482A (en) * | 2021-08-23 | 2021-11-09 | 南京莱克贝尔信息技术有限公司 | IPv6 rapid detection method based on hidden semi-Markov |
| CN114297941A (en) * | 2021-10-22 | 2022-04-08 | 北京邮电大学 | Distributed active IPv6 address prediction method and related equipment |
| CN114221932A (en) * | 2021-10-26 | 2022-03-22 | 北京邮电大学 | IPv6 active address security evaluation method and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 李果;何林;宋光磊;王之梁;杨家海;李子木;: "基于种子地址的IPv6地址探测技术综述", 电信科学, no. 12, pages 11 - 14 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115378912B (en) | 2023-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112383644B (en) | Heuristic IPv6 address scanning target generation method and related equipment | |
| CN109905497B (en) | IPv6 active address dynamic discovery method | |
| US20080320119A1 (en) | Automatically identifying dynamic Internet protocol addresses | |
| EP2892203A1 (en) | Methods of structuring data, pre-compiled exception list engines, and network appliances | |
| US7349392B2 (en) | Assigning IP addresses in an internet data center | |
| US10944639B2 (en) | Internet address structure analysis, and applications thereof | |
| CN102754394A (en) | Method for hash table storage, method for hash table lookup, and devices thereof | |
| CN112653764A (en) | IPv6 service detection method and system, electronic equipment and storage medium | |
| CN115378912B (en) | Scanning method and system for active IPv6 address | |
| CN112019652B (en) | Method and device for judging IPV6 address field | |
| CN106844553B (en) | Data detection and expansion method and device based on sample data | |
| CN111629074A (en) | Session sequencing method and device of gateway equipment | |
| US9201982B2 (en) | Priority search trees | |
| CN113382092B (en) | Active address detection method and device based on graph community discovery | |
| CN113795032B (en) | Method and device for judging invisible faults of indoor division, storage medium and equipment | |
| Zheng et al. | An effective target address generation method for IPv6 address scan | |
| CN111859040B (en) | Data matching method, device and related equipment | |
| CN110784561A (en) | IPv6 address segmentation method and similar site or link address set searching method | |
| CN110909288A (en) | Service data processing method, device, platform, service end, system and medium | |
| EP2497256B1 (en) | Reducing computational complexity during user data analysis | |
| CN106776598B (en) | Information processing method and device | |
| CN112417041B (en) | Parameter configuration method and device, electronic equipment and storage medium | |
| CN115297036B (en) | IPv6 address intelligent analysis-based network space map drawing method and system | |
| CN110278130B (en) | Information equipment technology evaluation method, device, equipment and readable storage medium | |
| CN116389361B (en) | Flow distribution method, device, equipment and storage medium of kernel in DPU |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |