CN116938570B - Detection method and device, storage medium and electronic equipment - Google Patents
Detection method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN116938570B CN116938570B CN202310934413.6A CN202310934413A CN116938570B CN 116938570 B CN116938570 B CN 116938570B CN 202310934413 A CN202310934413 A CN 202310934413A CN 116938570 B CN116938570 B CN 116938570B
- Authority
- CN
- China
- Prior art keywords
- request message
- intranet
- equipment
- message
- redirection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 102
- 238000000034 method Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a detection method, a device, a storage medium and electronic equipment, wherein the detection method is applied to detection equipment in an intranet and comprises the following steps: acquiring a first request message sent by intranet equipment to an intranet server; under the condition that the first request message meets the preset condition, generating a first redirection message, and sending the first redirection message to an external network server; after receiving a second request message sent by the intranet equipment, determining that the intranet equipment belongs to illegal external connection equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by an external network server. The application determines whether the intranet equipment belongs to illegal external connection equipment or not through the detection equipment in the intranet, and can determine the detection result without detecting by the external network, thereby realizing effective detection of the illegal external connection equipment; and the first redirection message is generated based on 307 state codes, so that the intranet equipment can perform normal data request, and the noninductive detection is realized.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a detection method, a detection device, a storage medium, and an electronic device.
Background
Illegal external connection refers to the act of connecting an unauthorized host computer to a public network in a computer network in a private manner or connecting the network by some illegal means, which may cause security problems such as data leakage and network attack, and even affect the stability and security of the whole network.
The current detection means include: firstly, an external network server detects illegal external connection equipment, but the means cannot inform an alarm to an administrator of an internal network in time; secondly, effective monitoring can be performed only when the intranet equipment sends a message to an extranet address, namely, the monitoring scene is limited; third, detection is performed by the 302 status code, but this approach may change the original request method and message body, resulting in an interruption of the initial request.
Therefore, a detection method is needed to effectively detect illegal external connection devices.
Disclosure of Invention
In view of the above, an object of an embodiment of the present application is to provide a detection method, a device, a storage medium, and an electronic apparatus, which can effectively detect an illegal external device.
In a first aspect, an embodiment of the present application provides a detection method, applied to a detection device located in an intranet, where the detection method includes:
Acquiring a first request message sent by intranet equipment to an intranet server;
generating a first redirection message and sending the first redirection message to an external network server under the condition that the first request message meets a preset condition;
After receiving a second request message sent by the intranet equipment, determining that the intranet equipment belongs to illegal external connection equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by the external network server.
In one possible embodiment, the detection method further includes:
And after receiving the second request message sent by the intranet equipment, generating a third redirection message, and sending the third redirection message to the intranet server so that the intranet server responds to the first request message.
In a possible implementation manner, the first redirecting message includes the first request message, the detection device address, and an extranet server address, the second redirecting message includes the first request message and the detection device address, and the third redirecting message includes the first request message.
In one possible embodiment, the detection method further includes:
and generating an alarm log after receiving the second request message sent by the intranet equipment.
In one possible embodiment, the detection method further includes:
determining whether the first request message belongs to a target request or not and whether the first request message contains a target icon or not;
if yes, determining that the first request message meets the preset condition.
In one possible embodiment, the detection method further includes:
And under the condition that the first request message does not meet the preset condition, sending the first request message to the intranet server so that the intranet server responds to the first request message.
In one possible embodiment, the detection method further includes:
under the condition that the second request message is not received within a preset time period, determining that the intranet equipment does not belong to the illegal external connection equipment;
And sending the first request message to the intranet server so that the intranet server responds to the first request message.
In a second aspect, an embodiment of the present application further provides a detection apparatus, including:
the acquisition module is configured to acquire a first request message sent by the intranet equipment to the intranet server;
the first sending module is configured to generate a first redirection message and send the first redirection message to an external network server under the condition that the first request message meets a preset condition;
The first determining module is configured to determine that the intranet equipment belongs to illegal external connection equipment after receiving a second request message sent by the intranet equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by the external network server.
In a third aspect, an embodiment of the present application further provides a storage medium, where the computer program, when executed by a processor, performs the steps of the detection method as set forth in any one of the preceding claims.
In a fourth aspect, an embodiment of the present application further provides an electronic device, including: a processor and a memory storing machine readable instructions executable by the processor, the processor and the memory communicating over a bus when the electronic device is operating, the machine readable instructions when executed by the processor performing the steps of the detection method as claimed in any one of the preceding claims.
According to the embodiment of the application, the first request message of the intranet equipment is analyzed through the detection equipment in the intranet, the first redirection message is generated and sent to the external network server under the condition that the first request message meets the preset condition, and then whether the intranet equipment belongs to illegal external connection equipment is determined based on whether the external network server feeds back the first redirection message or not, the detection result can be determined without detection of the external network, and effective detection of the illegal external connection equipment is realized; and the first redirection message is generated based on 307 state codes, which ensures that the request method and the message body are not changed, namely the first request message is not changed, so that the intranet equipment can perform normal data request, and the noninductive detection is realized.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the application or the technical solutions of the prior art, the drawings that are used in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments described in the present application, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a flow chart of a detection method provided by the application;
FIG. 2 is a schematic diagram showing the structure of an environment in which a detection device according to the present application is located;
FIG. 3 is a schematic diagram of a detecting device according to the present application;
fig. 4 shows a schematic structural diagram of an electronic device provided by the application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the accompanying drawings.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of the application will occur to persons of ordinary skill in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with a general description of the application given above, and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the application will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the application has been described with reference to some specific examples, a person skilled in the art will certainly be able to achieve many other equivalent forms of the application, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present application will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application in unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
It is to be appreciated that the hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) is an application protocol based on a transmission control protocol and a network protocol (Transmission Control Protocol/Internet Protocol, TCP/IP) for transmitting hypertext markup language (Hyper Text Markup Language, HTML) and picture files. The HTTP protocol mainly works on the B-S architecture, and at this time, the browser, as a client of the HTTP, sends all requests to a server of the HTTP (i.e., a Web server) through a uniform resource locator (Uniform Resource Locator, URL), and the Web server sends response information to the client according to the received requests. When the client requests to send to the server, a request method and a path need to be transmitted. The path is URL, and the common request methods of HTTP are GET and POST, each method prescribes a communication mode and data message between the client and the server.
In the first aspect, in order to facilitate understanding of the present application, a detailed description is first provided of a detection method according to the present application.
As shown in fig. 1, a flowchart of a detection method provided by an embodiment of the present application is applied to detection devices of an intranet, such as a gateway of the intranet, where the detection device can effectively detect whether the intranet device belongs to an illegal external connection device according to the method steps shown in fig. 1. Wherein the specific steps include S101-S103.
S101, acquiring a first request message sent by intranet equipment to an intranet server.
As one example, fig. 2 shows a schematic structural diagram of an environment where the detection device is located, referring to fig. 2, it is known that the environment where the detection device is located includes an intranet and an external network, the intranet is provided with the detection device, the intranet device, and an intranet server, and the detection device is set as a bypass or connected in series between the intranet device and the intranet server, that is, the detection device is connected with the intranet device or the detection device is connected with both the intranet device and the intranet server.
In a specific implementation, the intranet device generates a first request message based on the data to be requested, and sends the first request message to the intranet server, so that the intranet server returns the data to be requested by the intranet device in response to the first request message. The first request message at least includes an intranet device address, an address corresponding to the data to be requested, and the like.
After the intranet equipment sends the first request message and before the intranet server receives the first request message, the detection equipment acquires the first request message.
S102, under the condition that the first request message meets the preset condition, a first redirection message is generated, and the first redirection message is sent to an external network server.
Here, after the detection device acquires the first request packet, the detection device analyzes the first request packet to determine whether the first request packet meets a preset condition. Optionally, when determining whether the first request message meets the preset condition, determining whether the first request message belongs to a target request and whether the first request message contains a target Icon, wherein the target request is a GET request, and a way of the GET request includes URL, source (src)/hypertext reference (Hypertext Reference, href), form format, and the like, and the target Icon includes Favorites Icon, and the like.
If the first request message is determined to belong to the target request and contains the target icon, the first request message is determined to meet the preset condition, at this time, a first redirection message is generated, and the first redirection message is sent to the external network server. The first redirection message in the embodiment of the application is generated based on 307 status codes, namely, the request method and the message body can be ensured not to change
The first redirection message comprises a first request message, a detection device address and an external network device address.
Of course, when the first request message does not meet the preset condition, for example, the first request message does not belong to the target request and the first request message includes the target icon, or the first request message belongs to the target request and the first request message does not include the target icon, or the first request message does not belong to the target request and the first request message does not include the target icon, at this time, the first request message is sent to the intranet server, so that the intranet server responds to the first request message, and further normal data request of the intranet device is achieved.
S103, after receiving a second request message sent by the intranet equipment, determining that the intranet equipment belongs to illegal external connection equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by an external network server.
In a specific implementation, after the detection device sends the first redirection message to the external network server, the external network server responds to the first redirection message and generates a second redirection message, where the second redirection message includes the first request message and the detection device address. And then, sending the second redirection message to the intranet equipment.
If the intranet equipment receives the second redirection message, the intranet equipment directly generates a second request message based on the second redirection message and sends the second request message to the detection equipment.
After receiving the second request message sent by the intranet equipment, the detection equipment can determine that the intranet equipment can communicate with the extranet, namely that the intranet equipment belongs to illegal extranet equipment.
Generating an alarm log while determining that the intranet equipment belongs to illegal external connection equipment, and transmitting the alarm log to a manager corresponding to the intranet in a preset mode, wherein the preset mode comprises, but is not limited to, short messages, mails, popup windows and the like, namely, detection by the intranet is not needed, a detection result can be determined by using detection equipment of the intranet, and effective detection of the illegal external connection equipment is realized.
In yet another example, the detection device generates a third redirection message after receiving the second request message sent by the intranet device, where the third redirection message includes the first request message. And then, sending the third redirection message to the intranet server so that the intranet server responds to the first request message. Because the first redirecting message, the second redirecting message and the third redirecting message in the embodiment of the application are generated based on the 307 status code, the request method and the message body are ensured not to be changed, namely the first request message is not changed, the intranet equipment is ensured to be capable of carrying out normal data request, and the noninductive detection is realized.
It should be noted that, if the detection device does not receive the second request message within a preset period of time after sending the first redirection message, it can be determined that the intranet device can not communicate with the external network, that is, it is determined that the intranet device does not belong to an illegal external connection device. At this time, the first request message is sent to the intranet server, so that the intranet server responds to the first request message, and the intranet device can not influence the request data of the intranet server.
According to the embodiment of the application, the first request message of the intranet equipment is analyzed through the detection equipment in the intranet, the first redirection message is generated and sent to the external network server under the condition that the first request message meets the preset condition, and then whether the intranet equipment belongs to illegal external connection equipment is determined based on whether the external network server feeds back the first redirection message or not, the detection result can be determined without detection of the external network, effective detection of the illegal external connection equipment is realized, and the safety of intranet data and the intranet equipment is ensured; and the first redirecting message, the second redirecting message and the third redirecting message are generated based on the 307 state code, so that the request method and the message body are not changed, namely the first request message is not changed, normal data request of the intranet equipment is ensured, and the noninductive detection is realized.
Based on the same inventive concept, the second aspect of the present application also provides a detection device corresponding to the detection method, and since the principle of solving the problem of the detection device in the present application is similar to that of the detection method in the present application, the implementation of the detection device can refer to the implementation of the method, and the repetition is omitted.
Fig. 3 shows a schematic diagram of a detection device provided in an embodiment of the present application, which specifically includes:
An obtaining module 301, configured to obtain a first request packet sent by an intranet device to an intranet server;
A first sending module 302, configured to generate a first redirection message and send the first redirection message to an external network server when the first request message meets a preset condition;
The first determining module 303 is configured to determine that the intranet device belongs to an illegal external connection device after receiving a second request packet sent by the intranet device, where the second request packet is generated by the intranet device based on a second redirection packet sent by the external network server.
In yet another embodiment, the detection apparatus further comprises a second sending module 304 configured to:
And after receiving the second request message sent by the intranet equipment, generating a third redirection message, and sending the third redirection message to the intranet server so that the intranet server responds to the first request message.
In yet another embodiment, the first redirect message includes the first request message, the detection device address, and an extranet server address, the second redirect message includes the first request message and the detection device address, and the third redirect message includes the first request message.
In yet another embodiment, the detection apparatus further comprises a generation module 305 configured to:
and generating an alarm log after receiving the second request message sent by the intranet equipment.
In yet another embodiment, the detection apparatus further comprises a second determination module 306 configured to:
determining whether the first request message belongs to a target request or not and whether the first request message contains a target icon or not;
if yes, determining that the first request message meets the preset condition.
In yet another embodiment, the detection apparatus further comprises a third sending module 307 configured to:
And under the condition that the first request message does not meet the preset condition, sending the first request message to the intranet server so that the intranet server responds to the first request message.
In yet another embodiment, the detection apparatus further comprises a fourth transmission module 308 configured to:
under the condition that the second request message is not received within a preset time period, determining that the intranet equipment does not belong to the illegal external connection equipment;
And sending the first request message to the intranet server so that the intranet server responds to the first request message.
According to the embodiment of the application, the first request message of the intranet equipment is analyzed through the detection equipment in the intranet, the first redirection message is generated and sent to the external network server under the condition that the first request message meets the preset condition, and then whether the intranet equipment belongs to illegal external connection equipment is determined based on whether the external network server feeds back the first redirection message or not, the detection result can be determined without detection of the external network, and effective detection of the illegal external connection equipment is realized; and the first redirection message is generated based on 307 state codes, which ensures that the request method and the message body are not changed, namely the first request message is not changed, so that the intranet equipment can perform normal data request, and the noninductive detection is realized.
An embodiment of the present application provides a storage medium, which is a computer readable medium storing a computer program, where the computer program when executed by a processor implements a method provided by any embodiment of the present application, including steps S11 to S13 as follows:
S11, acquiring a first request message sent by intranet equipment to an intranet server;
S12, under the condition that the first request message meets the preset condition, generating a first redirection message, and sending the first redirection message to an external network server;
S13, after receiving a second request message sent by the intranet equipment, determining that the intranet equipment belongs to illegal external connection equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by the external network server.
According to the embodiment of the application, the first request message of the intranet equipment is analyzed through the detection equipment in the intranet, the first redirection message is generated and sent to the external network server under the condition that the first request message meets the preset condition, and then whether the intranet equipment belongs to illegal external connection equipment is determined based on whether the external network server feeds back the first redirection message or not, the detection result can be determined without detection of the external network, and effective detection of the illegal external connection equipment is realized; and the first redirection message is generated based on 307 state codes, which ensures that the request method and the message body are not changed, namely the first request message is not changed, so that the intranet equipment can perform normal data request, and the noninductive detection is realized.
The embodiment of the present application further provides an electronic device, where the schematic structural diagram of the electronic device may be as shown in fig. 4, and the electronic device at least includes a memory 401 and a processor 402, where the memory 401 stores a computer program, and the processor 402 implements the method provided by any embodiment of the present application when executing the computer program on the memory 401. Exemplary, the electronic device computer program steps are as follows S21 to S23:
s21, acquiring a first request message sent by intranet equipment to an intranet server;
S22, under the condition that the first request message meets the preset condition, generating a first redirection message, and sending the first redirection message to an external network server;
S23, after receiving a second request message sent by the intranet equipment, determining that the intranet equipment belongs to illegal external connection equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by the external network server.
According to the embodiment of the application, the first request message of the intranet equipment is analyzed through the detection equipment in the intranet, the first redirection message is generated and sent to the external network server under the condition that the first request message meets the preset condition, and then whether the intranet equipment belongs to illegal external connection equipment is determined based on whether the external network server feeds back the first redirection message or not, the detection result can be determined without detection of the external network, and effective detection of the illegal external connection equipment is realized; and the first redirection message is generated based on 307 state codes, which ensures that the request method and the message body are not changed, namely the first request message is not changed, so that the intranet equipment can perform normal data request, and the noninductive detection is realized.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes. Optionally, in this embodiment, the processor performs the method steps described in the above embodiment according to the program code stored in the storage medium. Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein. It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a memory device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module for implementation. Thus, the present application is not limited to any specific combination of hardware and software.
Furthermore, although exemplary embodiments have been described herein, the scope thereof includes any and all embodiments having equivalent elements, modifications, omissions, combinations (e.g., of the various embodiments across), adaptations or alterations as pertains to the present application. The elements in the claims are to be construed broadly based on the language employed in the claims and are not limited to examples described in the present specification or during the practice of the application, which examples are to be construed as non-exclusive. It is intended, therefore, that the specification and examples be considered as exemplary only, with a true scope and spirit being indicated by the following claims and their full scope of equivalents.
The above description is intended to be illustrative and not restrictive. For example, the above-described examples (or one or more aspects thereof) may be used in combination with each other. For example, other embodiments may be used by those of ordinary skill in the art upon reading the above description. In addition, in the above detailed description, various features may be grouped together to streamline the application. This is not to be interpreted as an intention that the disclosed features not being claimed are essential to any claim. Rather, inventive subject matter may lie in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description as examples or embodiments, with each claim standing on its own as a separate embodiment, and it is contemplated that these embodiments may be combined with one another in various combinations or permutations. The scope of the application should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
While various embodiments of the present application have been described in detail, the present application is not limited to these specific embodiments, and various modifications and embodiments can be made by those skilled in the art on the basis of the inventive concept, and these modifications and modifications should be included in the scope of the claimed application.
Claims (8)
1. The detection method is characterized by being applied to detection equipment in an intranet, and comprises the following steps:
Acquiring a first request message sent by intranet equipment to an intranet server;
generating a first redirection message and sending the first redirection message to an external network server under the condition that the first request message meets a preset condition;
After receiving a second request message sent by the intranet equipment, determining that the intranet equipment belongs to illegal external connection equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by the external network server;
after receiving a second request message sent by the intranet equipment, generating a third redirection message, and sending the third redirection message to the intranet server so that the intranet server responds to the first request message;
The first redirection message comprises the first request message, a detection device address and an extranet server address, the second redirection message comprises the first request message and the detection device address, and the third redirection message comprises the first request message.
2. The method of detecting according to claim 1, further comprising:
and generating an alarm log after receiving the second request message sent by the intranet equipment.
3. The method of detecting according to claim 1, further comprising:
determining whether the first request message belongs to a target request or not and whether the first request message contains a target icon or not;
if yes, determining that the first request message meets the preset condition.
4. The method of detecting according to claim 1, further comprising:
And under the condition that the first request message does not meet the preset condition, sending the first request message to the intranet server so that the intranet server responds to the first request message.
5. The method of detecting according to claim 1, further comprising:
under the condition that the second request message is not received within a preset time period, determining that the intranet equipment does not belong to the illegal external connection equipment;
And sending the first request message to the intranet server so that the intranet server responds to the first request message.
6. A detection apparatus, characterized by comprising:
the acquisition module is configured to acquire a first request message sent by the intranet equipment to the intranet server;
the first sending module is configured to generate a first redirection message and send the first redirection message to an external network server under the condition that the first request message meets a preset condition;
the first determining module is configured to determine that the intranet equipment belongs to illegal external connection equipment after receiving a second request message sent by the intranet equipment, wherein the second request message is generated by the intranet equipment based on a second redirection message sent by the external network server;
The second sending module is configured to generate a third redirection message after receiving a second request message sent by the intranet equipment, and send the third redirection message to the intranet server so that the intranet server responds to the first request message;
The first redirection message comprises the first request message, a detection device address and an extranet server address, the second redirection message comprises the first request message and the detection device address, and the third redirection message comprises the first request message.
7. A storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the detection method according to any one of claims 1 to 5.
8. An electronic device, comprising: a processor and a memory storing machine readable instructions executable by the processor, the processor and the memory communicating over a bus when the electronic device is running, the machine readable instructions when executed by the processor performing the steps of the detection method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310934413.6A CN116938570B (en) | 2023-07-27 | 2023-07-27 | Detection method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310934413.6A CN116938570B (en) | 2023-07-27 | 2023-07-27 | Detection method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116938570A CN116938570A (en) | 2023-10-24 |
| CN116938570B true CN116938570B (en) | 2024-05-28 |
Family
ID=88380459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310934413.6A Active CN116938570B (en) | 2023-07-27 | 2023-07-27 | Detection method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116938570B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413097A (en) * | 2018-11-30 | 2019-03-01 | 深信服科技股份有限公司 | A kind of lawless exterior joint detecting method, device, equipment and storage medium |
| JP2019152912A (en) * | 2018-02-28 | 2019-09-12 | 沖電気工業株式会社 | Unauthorized communication handling system and method |
| CN110365793A (en) * | 2019-07-30 | 2019-10-22 | 北京华赛在线科技有限公司 | Illegal external connection monitoring method, device, system and storage medium |
| CN111130931A (en) * | 2019-12-17 | 2020-05-08 | 杭州迪普科技股份有限公司 | Detection method and device for illegal external connection equipment |
| CN112738095A (en) * | 2020-12-29 | 2021-04-30 | 杭州迪普科技股份有限公司 | Method, device, system, storage medium and equipment for detecting illegal external connection |
| CN113328972A (en) * | 2020-02-28 | 2021-08-31 | 浙江宇视科技有限公司 | Equipment monitoring method, device, equipment and storage medium |
| CN114244570A (en) * | 2021-11-18 | 2022-03-25 | 广东电网有限责任公司 | Terminal illegal external connection monitoring method and device, computer equipment and storage medium |
| CN114257405A (en) * | 2021-11-17 | 2022-03-29 | 广东电网有限责任公司 | Method, device, computer equipment and storage medium for preventing illegal external connection |
| CN116346429A (en) * | 2023-03-03 | 2023-06-27 | 北京北信源软件股份有限公司 | Illegal external connection equipment detection method and device |
-
2023
- 2023-07-27 CN CN202310934413.6A patent/CN116938570B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2019152912A (en) * | 2018-02-28 | 2019-09-12 | 沖電気工業株式会社 | Unauthorized communication handling system and method |
| CN109413097A (en) * | 2018-11-30 | 2019-03-01 | 深信服科技股份有限公司 | A kind of lawless exterior joint detecting method, device, equipment and storage medium |
| CN110365793A (en) * | 2019-07-30 | 2019-10-22 | 北京华赛在线科技有限公司 | Illegal external connection monitoring method, device, system and storage medium |
| CN111130931A (en) * | 2019-12-17 | 2020-05-08 | 杭州迪普科技股份有限公司 | Detection method and device for illegal external connection equipment |
| CN113328972A (en) * | 2020-02-28 | 2021-08-31 | 浙江宇视科技有限公司 | Equipment monitoring method, device, equipment and storage medium |
| CN112738095A (en) * | 2020-12-29 | 2021-04-30 | 杭州迪普科技股份有限公司 | Method, device, system, storage medium and equipment for detecting illegal external connection |
| CN114257405A (en) * | 2021-11-17 | 2022-03-29 | 广东电网有限责任公司 | Method, device, computer equipment and storage medium for preventing illegal external connection |
| CN114244570A (en) * | 2021-11-18 | 2022-03-25 | 广东电网有限责任公司 | Terminal illegal external connection monitoring method and device, computer equipment and storage medium |
| CN116346429A (en) * | 2023-03-03 | 2023-06-27 | 北京北信源软件股份有限公司 | Illegal external connection equipment detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116938570A (en) | 2023-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8856325B2 (en) | Network element failure detection | |
| Ismail et al. | A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability | |
| US8533581B2 (en) | Optimizing security seals on web pages | |
| US9112828B2 (en) | Method for defending against session hijacking attacks and firewall | |
| US9379952B2 (en) | Monitoring NAT behaviors through URI dereferences in web browsers | |
| US9166951B2 (en) | Strict communications transport security | |
| EP3830726B1 (en) | Content policy based notification of application users about malicious browser plugins | |
| US20150047042A1 (en) | Techniques for validating distributed denial of service attacks based on social media content | |
| WO2013111027A1 (en) | Dynamically scanning a web application through use of web traffic information | |
| CN101789947A (en) | Method and firewall for preventing HTTP POST flooding attacks | |
| US11818149B2 (en) | Content delivery network (CDN) edge server-based bot detection with session cookie support handling | |
| CN104573520A (en) | Method and device for detecting permanent type cross site scripting vulnerability | |
| WO2017113082A1 (en) | Url filtering method and device | |
| US9985976B1 (en) | Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof | |
| EP2847976A1 (en) | Method and apparatus | |
| US8650214B1 (en) | Dynamic frame buster injection | |
| CN116938570B (en) | Detection method and device, storage medium and electronic equipment | |
| CN103560884A (en) | Method and system for user identity information logout, authentication server and client terminal | |
| CN108259416A (en) | Detect the method and relevant device of malicious web pages | |
| US11848960B2 (en) | Content delivery network (CDN)-based bot detection service with stop and reset protocols | |
| CN112069509A (en) | Method, device, equipment and medium for detecting frame injection vulnerability | |
| CN116915641A (en) | Network bridging detection method, device, equipment and medium | |
| CN116582469A (en) | Illegal external connection monitoring method, device, equipment and storage medium | |
| KR20210061918A (en) | Method of securing web application and apparatus thereof | |
| TWI486039B (en) | Inter-domain communication methods, systems and devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |