Unlock instant, AI-driven research and patent intelligence for your innovation.

A kind of ssh path tracing method, system and medium

A path tracking and storage medium technology, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve problems such as inability to be handled by attackers, lack of upper-level login IP address information, and inability to locate the host IP address, etc. The effect of improving the safety defense coefficient

Active Publication Date: 2022-04-05
湖南麒麟信安科技股份有限公司
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since each level of login only records the source IP address and destination IP address information of the current level of login, there is no information about the upper level of login IP address
This means that when the internal system is attacked by SSH at multiple levels due to password leakage, the IP address of the host that initiated the attack cannot be located, and the attacker cannot be dealt with in time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of ssh path tracing method, system and medium
  • A kind of ssh path tracing method, system and medium

Examples

Experimental program
Comparison scheme
Effect test

1 example 1

[0033] refer to figure 2 , the attacking host M1 logs in to the host M2 through SSH, and then logs in from the host M2 to the host M3 through SSH in this connection, generating a link A (M1->M2->M3). When the host M3 is attacked by the host M1's SSH multi-level attack, it can quickly locate the host IP address of the host M1 that initiated the attack. The process includes:

[0034] I) Splicing of multiple single connections.

[0035] When logging in to M2 from host M1 through SSH, host M2 will generate connection A1 (M1->M2), and the value of connection A1 is [S1, P1, D1], where S1 is the IP of host M1, and P1 is opened by host M1 D1 is the IP of the host M2; when logging in to the host M3 through SSH in the connection A1, the host M2 generates a connection A2 (M2->M3), and the value of the connection A2 is [S2, P2, D2], where S2 is the IP of the host M2, P2 is the port opened by the host M2, and D2 is the IP of the host M3; since the connection to A2 is connected in the co...

2 example 2

[0039] In Example 1, the host M1 has been connected to M3, and in this connection, log in to the host M4 through SSH from the host M3, generate link B (M2->M3->M4), link A and link B Splicing forms a link C (M1->M2->M3->M4). When the host M4 is attacked by the host M1's SSH multi-level attack, it can quickly locate the host IP address of the host M1 that initiated the attack. The process includes:

[0040] I) Splicing of multiple single links.

[0041] In example 1, link A (M1->M2-M3) is generated, and the value of link A is {[S1, P1, D1], [S2, P2, D2]}. When logging in from the host M3 to M4, the host M3 will generate a connection A4 (M3->M4), and the value of A4 is (S4, P4, D4), where S4 is the IP of the host M3, and P4 is the port opened by the host M3. D4 is the IP of the host M4. According to the connection A3 (M2->M3) and connection A4 (M3->M4), the same processing as Example 1 can generate link B (M2->M3->M4), and the value of link B is {[S3,P3,D3],[S4,P4,D4]}. Sinc...

3 example 3

[0045] In Example 2, the host M1 has been connected to M4, and in this connection, log in to the host M5 through SSH from the host M4 to generate link D (M3->M4->M5), link C and link D splicing to form a link F (M1->M2->M3->M4->M5). When the host M5 is attacked by the host M1's SSH multi-level attack, it can quickly locate the host IP address of the host M1 that initiated the attack. The process includes:

[0046] I) Splicing of multiple single links.

[0047] In example 2, a link C (M1->M2->M3->M4) is generated,

[0048] The value of link C is {[S1,P1,D1],[S2,P2,D2],[S4,P4,D4]}.

[0049] When logging in from the host M4 to M5, the host M4 will generate a connection A6 (M4->M5), and the value of A6 is (S6, P6, D6), where S6 is the IP of the host M4, and P6 is the port opened by the host M4. D6 is the IP of host M5. According to the connection A5 (M3->M4) and connection A6 (M4->M5), the same processing as Example 1 can generate link D (M3->M4->M5), and the value of link D i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SSH path tracking method, system and medium. The implementation steps of the invention include: when a target host logs in with ssh from any host, sequentially splicing according to all the connections between the target host and the source host that originally issued the ssh login , forming a link between the target host and the source host; when the target host is attacked, search for the link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host, and realizing the attack. Location tracking of the source host. The invention can quickly locate the IP address of the attacking host when the SSH multi-level attack occurs under the condition of maintaining the security and convenience of computer remote login.

Description

technical field [0001] The invention relates to computer network, network security and remote computer security access technology, in particular to an SSH path tracking method, system and medium. Background technique [0002] SSH is a set of connection tools used to securely access remote computers. It encrypts all transmitted data, effectively preventing eavesdropping, connection hijacking, and other network-level attacks. SSH can be used not only for remote login between two machines, but also for remote login between multiple machines through multi-level jumps, which provides great convenience for remote computer login and maintenance. However, because each level of login only records the source IP address and destination IP address information of this level of login, there is no upper level login IP address information. This means that when the internal system is attacked by SSH at multiple levels due to password leakage, the IP address of the host computer that initiat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/168H04L63/1441H04L63/20
Inventor 王小庆孙利杰石勇杨鹏举周强陈松政刘文清杨涛
Owner 湖南麒麟信安科技股份有限公司