Port security check method, device and system

Abstract

The invention discloses a port security check method executed in a server. A mapping relationship of ports and services as a port mapping table is stored in the server. The port security check method comprises the following steps of: receiving an IP address segment to be cracked transmitted by calculation equipment to generate a plurality of IP addresses to be cracked; generating a port list to be scanned according to the port mapping table; scanning the port of each IP address in the plurality of IP addresses to be cracked according to the port list, and determining that the port is the port to be cracked of the IP address if the port is an open port; associating the IP address with the corresponding port to be cracked so as to generate a first queue; inquiring services respectively corresponding to the plurality of ports to be cracked from the port mapping table; associating a user name and a password by invoking a user name dictionary and a password dictionary so as to generate a second queue; and cracking passwords of services corresponding to various ports to be cracked of various IP addresses in the first queue by using the second queue through an enumerative method. The invention further provides a corresponding device and system.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to a port security checking method, device and system. Background technique [0002] By port scanning the target computing device, the attacker can obtain the open ports of the IP address. Generally, these open ports have their fixed corresponding services. For example, port 22 corresponds to Ssh under Linux, which is remote login, and port 80 corresponds to The port 1433 corresponds to the Mssql database service. Therefore, the attacker obtains the corresponding service through the open port, and then uses the username and password dictionary to brute force the password of the identified service. [0003] Therefore, how enterprise security personnel can ensure port security is an urgent problem to be solved. Common password cracking tools for port services, such as Hydra, is a brute force password cracking tool under Linux, which supports online password cracking of almo...

AI Technical Summary

Problems solved by technology

However, Hydra can only brute force a single port from a single IP address at a time

Therefore, when enterprise security personnel are faced with tens of thousands of IP addresses and each IP address corresponds to multiple ports, using Hydra will generate a lot of duplication of labor, resulting in serious time-consuming

In addition, the port of Hydra cannot be configured. For example, when the user sets the port corresponding to the Ssh service from the default 22 to 22022, if the Ssh parameter of Hydra is used to crack the password, the default port will still be 22, and the cracking result will be affected. influences

Therefore, Hydra cannot be used when faced with a somewhat defensive server, and cannot accurately detect whether the port is safe

Images