CN118301616A - Wireless network security protection method and device - Google Patents
Wireless network security protection method and device Download PDFInfo
- Publication number
- CN118301616A CN118301616A CN202410272166.2A CN202410272166A CN118301616A CN 118301616 A CN118301616 A CN 118301616A CN 202410272166 A CN202410272166 A CN 202410272166A CN 118301616 A CN118301616 A CN 118301616A
- Authority
- CN
- China
- Prior art keywords
- network
- wireless network
- association
- message
- service set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000001629 suppression Effects 0.000 claims description 30
- 230000004044 response Effects 0.000 claims description 28
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 4
- KLPWJLBORRMFGK-UHFFFAOYSA-N Molindone Chemical compound O=C1C=2C(CC)=C(C)NC=2CCC1CN1CCOCC1 KLPWJLBORRMFGK-UHFFFAOYSA-N 0.000 claims description 3
- 229940028394 moban Drugs 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000000452 restraining effect Effects 0.000 description 4
- 239000000523 sample Substances 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application relates to a wireless network safety protection method and device. The method comprises the following steps: acquiring a target message in a current wireless network in real time; analyzing the target message to obtain a service set identifier and a network hardware unique identifier; when the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network; constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and sending the refusing association message to the current wireless network to terminate the connection of the illegal wireless access point. The wireless network security protection method and device can detect and inhibit private WiFi and phishing WiFi, and prevent illegal hackers from launching network attacks through the wireless network.
Description
Technical Field
The disclosure relates to the field of computer information processing, in particular to a wireless network security protection method and device.
Background
At present, the digital information intranet internet of things has a plurality of terminals, the asset condition is difficult to control, the installation positions are scattered, the exposed surfaces are more, the digital information intranet internet of things is very easy to contact by external personnel, and the risk of illegal access exists, so that the safety technical problems of physical attack, terminal counterfeiting, information tampering and the like are caused; the internet of things terminal has security risks such as weak passwords, maintenance backdoors, known loopholes, a large number of open ports and the like, and is easy to be infected by malicious codes to form a zombie host, so that a zombie network is formed, and normal service operation is affected.
In the prior art, a private network connection device and a mobile terminal are connected and network signals are searched through the private network connection device; when the private network connection equipment searches for a wireless private network signal, sending state information which indicates that the network signal is searched for and a network to be connected to a network control module; after the network control module recognizes the state information which is sent by the private network connection equipment and indicates that the network signal to be connected is searched, a WiFi disabling request is sent to the WiFi module; after receiving the WiFi disabling request, the WiFi module executes a WiFi disabling strategy; if the WiFi is disabled, the WiFi module returns disabling failure state information to the network control module, and the network control module reinitiates a disabling WiFi request; if the WiFi is disabled successfully, the WiFi module returns disable success state information to the network control module.
In prior art solutions, private WiFi and phishing WiFi in wireless networks are not managed, and the network control module does not have the ability to disable these WiFi modules.
Therefore, a new method and apparatus for wireless network security protection are needed.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of the above, the present application provides a method and apparatus for protecting wireless network security, which can detect and inhibit private WiFi and phishing WiFi, and prevent illegal hackers from launching network attacks through the wireless network.
Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application.
According to an aspect of the present application, a wireless network security protection method is provided, which includes: acquiring a target message in a current wireless network in real time; analyzing the target message to obtain a service set identifier and a network hardware unique identifier; when the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network; constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and sending the refusing association message to the current wireless network to terminate the connection of the illegal wireless access point.
In an exemplary embodiment of the present application, acquiring, in real time, a target packet in a current wireless network includes: acquiring related information of legal wireless access points in a current wireless network; configuring a wireless signal suppression device through relevant information of legal wireless access points; and acquiring the target message in the current wireless network in real time through the wireless information suppression device.
In an exemplary embodiment of the present application, acquiring, in real time, a target packet in a current wireless network by a wireless information suppression device includes: and acquiring Association Request messages in the current wireless network in real time through the wireless information suppression device.
In an exemplary embodiment of the present application, parsing the target message to obtain a service set identifier and a network hardware unique identifier includes: analyzing the target message; and extracting the service set identifier and the network hardware unique identifier at a preset position in the analysis result.
In an exemplary embodiment of the present application, when the service set identifier and the network hardware unique identifier do not satisfy a preset condition, determining that an illegal wireless access point exists in the current wireless network includes: matching the service set identifier with the network hardware unique identifier and the related information of the legal wireless access point in the wireless signal suppression device; and when the valid result is not matched, determining that an illegal wireless access point exists in the current wireless network.
In an exemplary embodiment of the present application, constructing a reject association message based on the service set identifier and the network hardware unique identifier includes: and constructing Association Response a reject associated message based on the service set identifier and the network hardware unique identifier.
In an exemplary embodiment of the present application, constructing Association Response a reject association message based on the service set identifier and the network hardware unique identifier includes: acquiring Association Response reject association report Wen Moban; filling the service set identifier and the network hardware unique identifier into a preset position of the Association Response associated rejection message template to generate Association Response associated rejection message.
In an exemplary embodiment of the present application, the sending the reject association message to the current wireless network to terminate the connection of the illegal wireless access point includes: and sending the refusing association message to the current wireless network in a broadcast mode so as to terminate the connection of the illegal wireless access point.
In an exemplary embodiment of the present application, the step of sending the reject association message to the current wireless network in a broadcast form to terminate the connection of the illegal wireless access point includes: transmitting the refusing association message to the current wireless network in a broadcast mode; and the terminal in the current wireless network terminates the connection with the illegal wireless access point according to the refused association message.
According to an aspect of the present application, a wireless network security protection apparatus is provided, the apparatus comprising: the message module is used for acquiring a target message in the current wireless network in real time; the analysis module is used for analyzing the target message to obtain a service set identifier and a network hardware unique identifier; the matching module is used for determining that an illegal wireless access point exists in the current wireless network when the service set identifier and the network hardware unique identifier do not meet preset conditions; the construction module is used for constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and the sending module is used for sending the refusing association message to the current wireless network so as to terminate the connection of the illegal wireless access point.
According to an aspect of the present application, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the application, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the wireless network safety protection method and device, the target message in the current wireless network is obtained in real time; analyzing the target message to obtain a service set identifier and a network hardware unique identifier; when the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network; constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and sending the refusal association message to the current wireless network, so that the private WiFi and the phishing WiFi can be detected and restrained in a mode of stopping the connection of the illegal wireless access point, and illegal hackers are prevented from launching network attacks through the wireless network.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a system block diagram illustrating a method and apparatus for wireless network security protection in accordance with an exemplary embodiment.
Fig. 2 is a flow chart illustrating a wireless network security protection method in accordance with an exemplary embodiment.
Fig. 3 is a schematic diagram illustrating a wireless network security protection method according to another exemplary embodiment.
Fig. 4 is a schematic diagram illustrating a wireless network security protection method according to another exemplary embodiment.
Fig. 5 is a block diagram illustrating a wireless network security guard in accordance with an exemplary embodiment.
Fig. 6 is a block diagram of an electronic device, according to an example embodiment.
Fig. 7 is a block diagram of a computer-readable medium shown according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the application may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Accordingly, a first component discussed below could be termed a second component without departing from the teachings of the present inventive concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments and that the modules or flows in the drawings are not necessarily required to practice the application and therefore should not be taken to limit the scope of the application.
The technical abbreviations involved in the present application are explained as follows:
WiFi: also referred to as "mobile hotspot" in chinese, is a brand authentication of Wi-Fi alliance manufacturers as a product, and is a wireless local area network technology created in the IEEE 802.11 standard.
And (3) STA: each connected to a terminal of the wireless network.
AP: the wireless network access point is a creator of the wireless network and is a central node of the network.
The SSID (service set identifier) is a unique identifier assigned to the wireless network. It has the function of network name and is used by WiFi-enabled devices (such as smartphones, laptops and tablet computers) to distinguish multiple networks within the same area. SSID is critical in establishing and maintaining wireless connections because it enables devices to identify and connect to a desired network.
MAC address-a Medium Access Control (MAC) address is a unique identifier assigned to a network interface for communication over a physical network segment. Each device has its own MAC address, enabling accurate identification and communication between devices on the network.
Fig. 1 is a system block diagram illustrating a method and apparatus for wireless network security protection in accordance with an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include terminal devices 101, 102, 103, a network 104, wireless access points 105, 106, and wireless information suppression means 107. The network 104 is a medium used to provide a communication link between the terminal devices 101, 102, 103 and the wireless access points 105, 106, and the wireless information suppression apparatus 107. The network 104 is typically a wireless communication link.
A user may interact with the wireless access points 105, 106 through the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The wireless information suppression device 107 may, for example, acquire the target message in the current wireless network in real time; the wireless information suppression device 107 may, for example, parse the target message to obtain a service set identifier and a network hardware unique identifier; the wireless information suppression means 107 may determine that an illegal wireless access point exists in the current wireless network, for example, when the service set identifier and the network hardware unique identifier do not satisfy a preset condition; the wireless information suppression means 107 may construct a reject association message, e.g. based on the service set identifier and the network hardware unique identifier; the wireless information suppression device 107 may, for example, send the reject association message into the current wireless network to terminate the connection of the rogue wireless access point.
The wireless information suppression device 107 may be a server of one entity, or may be a plurality of servers, for example, it should be noted that the wireless network security protection method provided by the embodiment of the present application may be executed by the wireless information suppression device 107, and accordingly, the wireless network security protection device may be disposed in the wireless information suppression device 107.
Fig. 2 is a flow chart illustrating a wireless network security protection method in accordance with an exemplary embodiment. The wireless network security protection method 20 at least includes steps S202 to S208.
As shown in fig. 2, in S202, a target packet in the current wireless network is acquired in real time. Acquiring related information of legal wireless access points in a current wireless network; configuring a wireless signal suppression device through relevant information of legal wireless access points; and acquiring the target message in the current wireless network in real time through the wireless information suppression device.
More specifically, the Association Request message in the current wireless network can be obtained in real time through the wireless information suppression device.
In S204, the target packet is parsed to obtain a service set identifier and a network hardware unique identifier. The target message may be parsed, for example; and extracting the service set identifier and the network hardware unique identifier at a preset position in the analysis result.
In S206, when the service set identifier and the network hardware unique identifier do not meet a preset condition, it is determined that an illegal wireless access point exists in the current wireless network. The service set identifier and the network hardware unique identifier may be matched with information related to a legal wireless access point in the wireless signal suppression device, for example; and when the valid result is not matched, determining that an illegal wireless access point exists in the current wireless network.
In S208, a reject association message is constructed based on the service set identifier and the network hardware unique identifier. The association message may be rejected Association Response based on the service set identifier and the network hardware unique identifier construct. Association Response reject association message is a communication message that is used to reject an attempt by a device to establish an associated connection. The message is typically sent by the network device to the device attempting to connect to the network. When the associated message is rejected by the construction Association Response, the following contents may be included:
service Set Identifier (SSID): this is the unique name in the network that is used to identify the particular wireless network. The reject association message should contain the reject SSID to inform the device that it cannot join the network.
Network hardware unique identifier: typically the MAC address of the device, for uniquely identifying the network device. In the reject association message, the MAC address of the rejected device may be provided.
The process of establishing association between STA and AP:
The AP periodically broadcasts a beacon frame, and the STA acquires own data broadcasted by the AP in an active scanning mode of a Probe Request;
The reply Probe Response message from the AP to the SAT may include: information such as self SSID;
Authentication is performed between the STA and the AP, and the authentication types may include: open System, SHARED KEY, etc.;
the AP replies Authentication Response messages to the STA; in Authentication (Authentication), the STA and the AP mutually authenticate each other whether the counterpart is an 802.11 device. Of course, the AP performs a downlink authentication on the STA to confirm its validity.
The STA requests to establish association with the AP so as to perform data interaction; at the step of Association (Association): association is always initiated by the STA, and in fact association is the process of radio link service negotiation between the STA and the AP. The AP replies Association Response with a message to the STA that a connection has been established.
The AP will connect +1 at this point (and then-1 if the handshake fails).
The requests made by the STA may include the capabilities of the STA to support rates, channels, qoS, and selected access authentication and encryption algorithms, etc.;
After the association is completed, it marks that a wireless link is established between the STA and the AP, and if the STA does not select a security authentication mechanism, the STA can directly perform data interaction after obtaining the IP.
Association is always initiated by the STA, and in fact association is the process of radio link service negotiation between the STA and the AP.
The association is divided into two steps: an association request and an association response.
The STA may include some information in the transmitted association request frame, including various parameters of the STA itself, and various parameters selected according to service configuration, more specifically, the capability of the STA to support a rate, a channel, qoS, and a selected access SSID and MAC address, etc.
Fig. 3 is a schematic diagram illustrating a wireless network security protection method according to another exemplary embodiment. As shown in fig. 3, if FATAP receives the association request of the STA, the FAT AP directly determines whether the STA is to perform access authentication subsequently and responds to the STA;
Fig. 4 is a schematic diagram illustrating a wireless network security protection method according to another exemplary embodiment. As shown in fig. 4, if the FIT AP receives the association request of the STA, the FIT AP is responsible for encapsulating the request packet with CAPWAP and then sending the request packet to the AC, the AC performs the judgment processing, and the FIT AP is also responsible for releasing the processing result of the AC from the CAPWAP encapsulation and then sending the request packet to the STA. (in this process FIT AP acts as a transmitter and such association messages between AP and AC need to be tunneled through CAPWAP.)
Regardless of the manner in which the management is performed, in the present application, the association between the AP and the SAT may be disconnected by rejecting the association message.
More specifically, a Association Response reject association report Wen Moban may be obtained; filling the service set identifier and the network hardware unique identifier into a preset position of the Association Response associated rejection message template to generate Association Response associated rejection message.
In S210, the reject association message is sent to the current wireless network to terminate the connection of the illegal wireless access point. The reject association message may be sent in broadcast form into the current wireless network to terminate the connection of the rogue wireless access point.
The reject association message may be sent, for example, in broadcast form into the current wireless network; and the terminal in the current wireless network terminates the connection with the illegal wireless access point according to the refused association message.
By sending such a reject association message in broadcast form into the current wireless network, the connection of the rogue wireless access point will be terminated, as all devices will receive and respond to this reject connection message, thereby avoiding the establishment of a connection with the rogue access point.
In the present application, wireless network signals are broadcast in space, and wireless devices within the space are able to receive wireless requests or transmit wireless responses. In the application, a WiFi suppression device presets an SSID name and MAC corresponding relation table of legal WiFi in a configuration form, monitors Association Request messages sent by an STA in a space in real time, analyzes SSID and MAC address parameters in the messages, matches the parameters with data in the preset table, and judges that an AP associated with the STA is an illegal AP if the matching fails.
Then, the WiFi restraint device constructs a Association Response reject association message based on the SSID and MAC parameters of the illegal AP carried in the Association Request message. After receiving the reject message, the STA will terminate association with the current AP. Therefore, the WiFi restraining device achieves the function of restraining private WiFi and fishing WiFi.
According to the wireless network safety protection method, the target message in the current wireless network is obtained in real time; analyzing the target message to obtain a service set identifier and a network hardware unique identifier; when the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network; constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and sending the refusal association message to the current wireless network, so that the private WiFi and the phishing WiFi can be detected and restrained in a mode of stopping the connection of the illegal wireless access point, and illegal hackers are prevented from launching network attacks through the wireless network.
It should be clearly understood that the present application describes how to make and use specific examples, but the principles of the present application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above-described method provided by the present application. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiment of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are examples of the apparatus of the present application that may be used to perform the method embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the method of the present application.
Fig. 5 is a block diagram illustrating a wireless network security guard in accordance with an exemplary embodiment. As shown in fig. 5, the wireless network security guard 50 includes: message module 502, parsing module 504, matching module 506, constructing module 508, and transmitting module 510.
The message module 502 is configured to obtain, in real time, a target message in the current wireless network; the message module 502 is further configured to obtain related information of a legal wireless access point in the current wireless network; configuring a wireless signal suppression device through relevant information of legal wireless access points; and acquiring the target message in the current wireless network in real time through the wireless information suppression device.
The parsing module 504 is configured to parse the target packet to obtain a service set identifier and a network hardware unique identifier; the parsing module 504 is further configured to parse the target packet; and extracting the service set identifier and the network hardware unique identifier at a preset position in the analysis result.
The matching module 506 is configured to determine that an illegal wireless access point exists in the current wireless network when the service set identifier and the network hardware unique identifier do not satisfy a preset condition; the matching module 506 is further configured to match the service set identifier with the unique network hardware identifier and related information of a legal wireless access point in the wireless signal suppression device; and when the valid result is not matched, determining that an illegal wireless access point exists in the current wireless network.
The construction module 508 is configured to construct a reject association message based on the service set identifier and the network hardware unique identifier; the constructing module 508 is further configured to construct Association Response a reject association message based on the service set identifier and the network hardware unique identifier.
The sending module 510 is configured to send the reject association message to the current wireless network to terminate the connection of the illegal wireless access point. The sending module 510 is further configured to send the reject association message to the current wireless network in a broadcast manner, so as to terminate the connection of the illegal wireless access point.
According to the wireless network safety protection device, the target message in the current wireless network is acquired in real time; analyzing the target message to obtain a service set identifier and a network hardware unique identifier; when the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network; constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and sending the refusal association message to the current wireless network, so that the private WiFi and the phishing WiFi can be detected and restrained in a mode of stopping the connection of the illegal wireless access point, and illegal hackers are prevented from launching network attacks through the wireless network.
In general, the present disclosure is directed to addressing the enhancement of wireless network protection, detecting and suppressing private WiFi and phishing WiFi, preventing illegal hackers from launching network attacks over wireless networks. That is, the WiFi suppression device imitates association messages of private WiFi and phishing WiFi by monitoring messages of the STA and the AP in the wireless network in real time, so that the STA is prevented from accessing the private WiFi and the phishing WiFi. The process of establishing association between STA and AP includes AP-periodically broadcasting beacon frame (STA passive scanning if AP does not hide SSID), STA-Probe Request (STA active scanning mode) - - > AP// broadcasting own data; STA < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -; STA- > Authentication Request- > AP (authentication type, open System, SHARED KEY, etc.); STA < - - - - - -Authentication Response < - - - - - -AP; STA- > Association Request- > AP (request to establish association with AP so that data interaction can be performed); And STA < - - - - -Association Response < - - - -AP. Specifically, authentication (Authentication) is first: the STA and AP mutually authenticate each other as to whether the other is an 802.11 device. Of course, the AP performs a downlink authentication on the STA to confirm its validity. Next is Association (Association): association is always initiated by the STA, and in fact association is the process of radio link service negotiation between the STA and the AP. The AP has now joined the number +1 (subsequent handshake failure re-1). request packets (incorporating STA supported rate, channel, qoS capabilities, and selected access authentication and encryption algorithms, etc.) are issued by the STA. After the association is completed, it marks that a wireless link is established between the STA and the AP, and if the STA does not select a security authentication mechanism, the STA can directly perform data interaction after obtaining the IP. (that is why the number of links can be +1). Association is always initiated by the STA, and in fact association is the process of radio link service negotiation between the STA and the AP. The association is divided into two steps: an association request and an association response. The STA may include some information in the transmitted association request frame, including various parameters of the STA itself, and various parameters selected according to service configuration. (mainly including the capabilities of STA supported rates, channels, qoS, and selected access SSID and MAC address, etc.). If the FAT AP receives the association request of the STA, the FAT AP directly judges whether the STA is to perform access authentication subsequently and responds to the STA; if the FIT AP receives the association request of the STA, the FIT AP is responsible for encapsulating the request message by CAPWAP and then sending the request message to the AC, the AC carries out judgment processing, and the FIT AP is also responsible for releasing the CAPWAP encapsulation from the processing result of the AC and then sending the result to the STA. (in this process the FIT AP acts as a transmitter and such association messages between AP and AC need to be tunneled through CAPWAP. The wireless network signals are broadcast in space where wireless devices can either receive wireless requests or transmit wireless responses. The WiFi suppression device in the scheme presets the SSID name and MAC corresponding relation table of legal WiFi in a configuration form, monitors Association Request messages sent by the STA in the space in real time, analyzes SSID and MAC address parameters in the messages, matches the SSID and MAC address parameters with data in the preset table, and if the matching fails, judges that the AP associated with the STA is an illegal AP. Then, the WiFi restraint device constructs a Association Response reject association message based on the SSID and MAC parameters of the illegal AP carried in the Association Request message. After receiving the reject message, the STA will terminate association with the current AP. Therefore, the WiFi restraining device achieves the function of restraining private WiFi and fishing WiFi.
Fig. 6 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 600 according to this embodiment of the application is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 6, the electronic device 600 is in the form of a general purpose computing device. Components of electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 connecting the different system components (including the memory unit 620 and the processing unit 610), a display unit 640, etc.
Wherein the storage unit stores program code that is executable by the processing unit 610 such that the processing unit 610 performs steps according to various exemplary embodiments of the present application described in the present specification. For example, the processing unit 610 may perform the steps as shown in fig. 2.
The memory unit 620 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 6201 and/or cache memory unit 6202, and may further include Read Only Memory (ROM) 6203.
The storage unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 630 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 600' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 600, and/or any devices (e.g., routers, modems, etc.) that the electronic device 600 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650. Also, electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 7, the technical solution according to the embodiment of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiment of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: acquiring a target message in a current wireless network in real time; analyzing the target message to obtain a service set identifier and a network hardware unique identifier; when the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network; constructing a refusing association message based on the service set identifier and the network hardware unique identifier; and sending the refusing association message to the current wireless network to terminate the connection of the illegal wireless access point.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
The exemplary embodiments of the present application have been particularly shown and described above. It is to be understood that this application is not limited to the precise arrangements, instrumentalities and instrumentalities described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A method for securing a wireless network, comprising:
Acquiring a target message in a current wireless network in real time;
Analyzing the target message to obtain a service set identifier and a network hardware unique identifier;
When the service set identifier and the network hardware unique identifier do not meet preset conditions, determining that an illegal wireless access point exists in the current wireless network;
Constructing a refusing association message based on the service set identifier and the network hardware unique identifier;
And sending the refusing association message to the current wireless network to terminate the connection of the illegal wireless access point.
2. The method of claim 1, wherein obtaining in real time the target message in the current wireless network comprises:
Acquiring related information of legal wireless access points in a current wireless network;
Configuring a wireless signal suppression device through relevant information of legal wireless access points;
And acquiring the target message in the current wireless network in real time through the wireless information suppression device.
3. The method of claim 2, wherein obtaining, in real time, the target message in the current wireless network by the wireless information suppression device, comprises:
And acquiring Association Request messages in the current wireless network in real time through the wireless information suppression device.
4. The method of claim 1, wherein parsing the target message to obtain a service set identifier and a network hardware unique identifier comprises:
analyzing the target message;
and extracting the service set identifier and the network hardware unique identifier at a preset position in the analysis result.
5. The method of claim 1, wherein determining that an illegitimate wireless access point is present in the current wireless network when the service set identifier and the network hardware unique identifier do not satisfy a preset condition comprises:
Matching the service set identifier with the network hardware unique identifier and the related information of the legal wireless access point in the wireless signal suppression device;
and when the valid result is not matched, determining that an illegal wireless access point exists in the current wireless network.
6. The method of claim 1, wherein constructing a reject association message based on the service set identifier and the network hardware unique identifier comprises:
And constructing Association Response a reject associated message based on the service set identifier and the network hardware unique identifier.
7. The method of claim 6, wherein constructing Association Response a reject association message based on the service set identifier and the network hardware unique identifier comprises:
acquiring Association Response reject association report Wen Moban;
filling the service set identifier and the network hardware unique identifier into a preset position of the Association Response associated rejection message template to generate Association Response associated rejection message.
8. The method of claim 1, wherein sending the reject association message into the current wireless network to terminate the connection of the rogue wireless access point comprises:
and sending the refusing association message to the current wireless network in a broadcast mode so as to terminate the connection of the illegal wireless access point.
9. The method of claim 8, wherein transmitting the reject association message in broadcast form into the current wireless network to terminate the connection of the rogue wireless access point comprises:
Transmitting the refusing association message to the current wireless network in a broadcast mode;
and the terminal in the current wireless network terminates the connection with the illegal wireless access point according to the refused association message.
10. A wireless network security appliance, comprising:
The message module is used for acquiring a target message in the current wireless network in real time;
The analysis module is used for analyzing the target message to obtain a service set identifier and a network hardware unique identifier;
the matching module is used for determining that an illegal wireless access point exists in the current wireless network when the service set identifier and the network hardware unique identifier do not meet preset conditions;
the construction module is used for constructing a refusing association message based on the service set identifier and the network hardware unique identifier;
and the sending module is used for sending the refusing association message to the current wireless network so as to terminate the connection of the illegal wireless access point.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410272166.2A CN118301616A (en) | 2024-03-11 | 2024-03-11 | Wireless network security protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410272166.2A CN118301616A (en) | 2024-03-11 | 2024-03-11 | Wireless network security protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118301616A true CN118301616A (en) | 2024-07-05 |
Family
ID=91673292
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410272166.2A Pending CN118301616A (en) | 2024-03-11 | 2024-03-11 | Wireless network security protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118301616A (en) |
-
2024
- 2024-03-11 CN CN202410272166.2A patent/CN118301616A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11849315B2 (en) | Wireless communications | |
| RU2546610C1 (en) | Method of determining unsafe wireless access point | |
| US8997201B2 (en) | Integrity monitoring to detect changes at network device for use in secure network access | |
| US20150040194A1 (en) | Monitoring of smart mobile devices in the wireless access networks | |
| US11683312B2 (en) | Client device authentication to a secure network | |
| US20160057149A1 (en) | Device-Based Authentication For Secure Online Access | |
| KR20130079277A (en) | Mobile infringement protection system based on smart apparatus for securing cloud environments and method thereof | |
| US20190387408A1 (en) | Wireless access node detecting method, wireless network detecting system and server | |
| US8191143B1 (en) | Anti-pharming in wireless computer networks at pre-IP state | |
| CN107567017B (en) | Wireless connection system, device and method | |
| EP3562187B1 (en) | Method, apparatus, and system for performing authentication on terminal in wireless local area network | |
| US11336621B2 (en) | WiFiwall | |
| CN104519490A (en) | WIFI (wireless fidelity) connection method, WIFI connection device, mobile terminal and system | |
| CN105681272A (en) | Method for detecting and defensing fishing WiFi of mobile terminal | |
| WO2019084340A1 (en) | System and method for providing a secure vlan within a wireless network | |
| WO2017128546A1 (en) | Method and apparatus for securely accessing wifi network | |
| JP2010263310A (en) | Wireless communication apparatus, wireless communication monitoring system, wireless communication method, and program | |
| WO2016131289A1 (en) | Method, device and user equipment for testing security of wireless hotspot | |
| US10785703B1 (en) | Preventing connections to unauthorized access points with channel switch announcements | |
| CN106878992B (en) | Wireless network security detection method and system | |
| CN104486764A (en) | Wireless network detection method, server and wireless network sensor | |
| CN110933018B (en) | Network authentication method, device and computer storage medium | |
| US11601813B2 (en) | Preventing wireless connections to an unauthorized access point on a data communication network using NAV values | |
| Kim et al. | A technical survey on methods for detecting rogue access points | |
| WO2019047693A1 (en) | Method and device for carrying out wifi network security monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |