CN104683290A - Method and device for monitoring phishing and terminal - Google Patents
Method and device for monitoring phishing and terminal Download PDFInfo
- Publication number
- CN104683290A CN104683290A CN201310611863.8A CN201310611863A CN104683290A CN 104683290 A CN104683290 A CN 104683290A CN 201310611863 A CN201310611863 A CN 201310611863A CN 104683290 A CN104683290 A CN 104683290A
- Authority
- CN
- China
- Prior art keywords
- address
- host name
- service device
- terminal
- searching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention is suitable for the field of Internet, and provides a method and a device for monitoring phishing and a terminal. The method comprises the following steps: sending an access request of a host name, and receiving a first IP (Internet Protocol) address obtained by resolving the host name; searching for a second IP address corresponding to the host name from a preset corresponding table according to the host name, wherein corresponding relations between the host name and the IP addresses are stored in the corresponding table; judging whether or not the searched second IP address is the same as the received first IP address; and if the searched second IP address is different from the searched first IP address, ending current network request operation. Through adoption of the method, the device and the terminal, property loss caused by the access of a user to a malicious server since the IP address corresponding to the host name is tampered via phishing can be effectively prevented, and the security of information is better ensured.
Description
Technical field
The invention belongs to internet arena, particularly relate to the method for a kind of monitor network fishing, device and terminal.
Background technology
Along with the development of network technology, people are by using mobile terminal as smart mobile phone, PAD or using computer to be connected to the Internet, can obtain data fast and easily, the interchange carrying out information on the net or the shopping payment etc. completing network, greatly facilitate the life of people.
Then, network brings easily simultaneously, also there are some therefore unsafe, such as WIFI fishing, the fraudulent means such as DNS abduction are two kinds of now common network cheating means, as shown in Figure 1, the WIFI hot spot of a malice, by arranging simple password, or simply password is not set, thus cause the access of other user, when user accesses host name by the WIFI hot spot of this malice, the dns server that false WIFI website is built by oneself, " the host name server A " of originally asking is transferred in " server B of malice ", when user inputs corresponding account number cipher, malicious server receives the account number cipher of input, thus the privacy information of user is stolen, bring threat also to the property of user.
Summary of the invention
The object of the embodiment of the present invention is a kind of method providing monitor network to go fishing, and to solve prior art because of error resolution, returns to the IP address of the server of malice, causes the problem stolen the account number cipher of user, thus ensure the personal secrets of user.
The embodiment of the present invention is achieved in that a kind of method that monitor network is gone fishing, and described method comprises:
Send the access request of host name, receive the IP address obtained by described hostname resolution;
Search the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception;
If described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
On the other hand, the invention provides the device of a kind of monitor network fishing, described device comprises:
Receiving element, for sending the access request of host name, receives the IP address obtained by described hostname resolution;
Search unit, for searching the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether judging unit is identical with an IP address of reception for the described 2nd IP address of searching described in judging;
Stop unit, if for described in the described 2nd IP address of searching not identical with an IP address of searching, then termination current network solicit operation.
Present invention also offers a kind of terminal, comprise the device of above-mentioned monitor network fishing.
In embodiments of the present invention, the IP address obtained after being resolved by network request, preset host name corresponding with IP address show in search the 2nd IP address corresponding to described host name, and judge that whether a described IP address is identical with the 2nd IP address, if not identical, the IP address of IP address corresponding to the server of malice that then may be current resolved, for the property safety and privacy ensureing user is maintained secrecy, stops current access operation.Thus can effectively prevent because phishing distorts IP address corresponding to host name, the property loss causing user to access malicious server to cause, the fail safe of better guarantee information.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of Phishing fraud user of the prior art;
Fig. 2 is the realization flow figure of the method for the monitor network fishing that first embodiment of the invention provides;
The schematic flow sheet preventing phishing that Fig. 3 provides for first embodiment of the invention;
Fig. 4 is the realization flow figure of the method for the monitor network fishing that second embodiment of the invention provides;
Fig. 5 is the realization flow figure of the method for the monitor network fishing that third embodiment of the invention provides;
Fig. 6 is the structural representation of the device of the monitor network fishing that fourth embodiment of the invention provides;
The structural representation of the terminal that Fig. 7 provides for fifth embodiment of the invention.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The embodiment of the present invention can be used for terminal, and can be the mobile terminal being connected to network by Wireless Fidelity (wireless fidelity, WiFi), as smart mobile phone, PAD, notebook computer etc., the equipment also can fixed, as desktop computer.
For increasing WIFI fishing deception at present, by the WIFI hot spot access user terminal of malice, when the WIFI hot spot accesses network of user by described malice, the dns server that WIFI hot spot is built by oneself, by " server A " of original request access, transfers to " malicious server B ", and malicious server may the account password information of recording user, the particularly encrypted message of network payment, brings threat to the property of user, has equally also invaded user privacy information.
Certainly, be not limited to the form that wireless network connects, for the network cheating of wired connection, go for the method for monitor network of the present invention fishing equally.
The method of monitor network fishing of the present invention, comprising:
Send the access request of host name, receive the IP address obtained by described hostname resolution;
Search the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception;
If described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
The IP address obtained after being resolved by network request, preset host name corresponding with IP address show in search the 2nd IP address corresponding to described host name, and judge that whether a described IP address is identical with the 2nd IP address, if not identical, the IP address of IP address corresponding to the server of malice that then may be current resolved, for the property safety and privacy that ensure user are maintained secrecy, stop current access operation.Thus can effectively prevent because phishing distorts IP address corresponding to host name, the property loss causing user to access malicious server to cause, the fail safe of better guarantee information.
Embodiment one:
Fig. 2 shows the realization flow of the method for the monitor network fishing that first embodiment of the invention provides, and details are as follows:
In step s 201, send the access request of host name, receive the IP address obtained by described hostname resolution.
Concrete, the access request of described host name of specifying, the URL(Chinese full name of the access host name that can input in a browser for user is: URL(uniform resource locator), English full name is Uniform ResourceLocator) access request, also can be the access request to host name by other application or the transmission of click shortcut, described host name is contained in the middle of described access request, as input
https: //mail.qqduring URL address .com/cgi-bin/loginpage, the main frame comprised is called qq.com, i.e. server name.
After receiving the access request of user, the DNS(Chinese full name according to setting is: domain name system, English full name is: Domain Name System) resolution server resolves and obtains IP address corresponding to domain name.
Dns server described herein, in default situations, for domain name service, business provides, the real IP address of its analysis result corresponding to the domain name of host name, but, when the DNS name server of resolving domain name is modified, or when using illegal DNS name server to resolve, to resolve the IP address obtained may not be just real IP address, or be the false corresponding false server of WIFI hot spot, when user is by false IP address access malicious server, when the page of false service device is comparatively close with the page of real host name, account number cipher information is very likely sent to false server by user, cause that privacy information is open or property is dangerous.
In step S202, search the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address.
In step S203, whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception.
As the main distinction point of the present invention and prior art, after obtaining the IP address of resolving, preset a host name corresponding with IP address show in search IP address corresponding to described host name, obtain the 2nd IP address, then the 2nd IP address and an IP address are compared, judge that whether an IP address is identical with the 2nd IP address.
In step S204, if described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
When an IP address does not conform to the 2nd IP address; represent that the IP address that current parse obtains may be the IP address of malice; for protection privacy of user and property; stop the operation of the current network request to an IP address; as shown in Figure 3, also according to inquiring about the 2nd IP address obtained, the normal webpage of access can be continued; and reminding user, present terminal may be subject to the malicious act of phishing.
When an IP address is identical with the 2nd IP address, represents that the IP address that current parse returns is normal IP address, can normally access.
The IP address that the embodiment of the present invention is obtained after being resolved by network request, preset host name corresponding with IP address show in search the 2nd IP address corresponding to described host name, and judge that whether a described IP address is identical with the 2nd IP address, if not identical, the IP address of IP address corresponding to the server of malice that then may be current resolved, for the property safety and privacy that ensure user are maintained secrecy, stop current access operation.Thus can effectively prevent because phishing distorts IP address corresponding to host name, the property loss causing user to access malicious server to cause, the fail safe of better guarantee information.
Embodiment two:
Fig. 4 shows the realization flow of the method for the monitor network fishing that second embodiment of the invention provides, and show corresponding with IP address of host name of presetting in the present embodiment is stored in validate service device, and details are as follows:
In step S401, send the access request of host name, receive the IP address obtained by described hostname resolution.
In step S402, send check request to validate service device, described check request comprises described host name, an IP address.
Described validate service device, for the server set by the special fraud tactics for phishing, comprising the corresponding relation of each server ip address of conventional host name and the domain name of host name, and, for large-scale host name, it may comprise multiple IP address, therefore, also may comprise the corresponding multiple IP address of same domain name.
In step S403, receive by according to described host name, show the host name of validate service device is corresponding with IP address, search the 2nd IP address that described host name is corresponding.
In step s 404, whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception.
In step S405, if described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
As the execution mode that the embodiment of the present invention is optimized further, for ensureing whether validate service device is reliable, real validate service device, and and the illegal IP that returns of the validate service device of non-malicious, therefore, in step S406, whether be the validate service device of specifying by validate service device described in key authentication.
Wherein, whether be the validate service device of specifying by key authentication validate service device, by the storytelling of server by public key encryption, after terminal is deciphered by private key, can obtain certificate content, close the reliability judging storytelling content.Owing to adopting PKI and the encrypted private key of coupling, can distorting certificate be prevented, thus ensure its fail safe.
Or, as a kind of mode that can improve the fail safe of validate service device equally, describedly send in the step of check request step and described reception the 2nd IP address to validate service device, specifically by VPN (virtual private network) VPN(Virtual Private Network) send request to validate service device and receive the 2nd IP address by VPN (virtual private network) VPN.By VPN (virtual private network) VPN, the 2nd IP address that validate service device transmits is carried out to the transmission of high-reliability, thus ensure the correctness of verification.
In addition, for improving the validity of server data and reducing misoperation, validate service device needs the corresponding relation of regular update name server and IP address.
Further optimization, in described step S402, described check request also comprises the unique identification information of terminal; Described method also can comprise:
In step S 407, the phishing record that the unique identification that whether records described terminal at described validate service device is corresponding is inquired about.
Wherein, for mobile terminal, described unique identification is the English full name of IMEI(is International Mobile Equipment Identity, Chinese full name is International Mobile Equipment Identity code), for terminal, its unique identification can be MAC(Media Access Control) address.
In step S408, if the phishing record that the unique identification comprising described terminal is corresponding, then receive the hint instructions that the present terminal sent by described verification exists potential safety hazard.
By recording the terminal that may be in harm, can the network of reminding user present terminal access timely dangerous, change password in time, facilitate user to avoid loss as early as possible.
The difference of the embodiment of the present invention and embodiment one is, in the embodiment of the present invention, the corresponding relation of concrete host name and IP address is stored in server, by searching its corresponding relation in server, thus complete the real IP address to host name, i.e. the searching work of the 2nd IP address.Additionally by the data upgraded in examination service device, the accuracy of judgement can be improved, reduce misoperation; By the unique identification of recording user terminal, password can be changed in time by reminding user, reduce the loss.
And by carrying out the mode of key authentication to validate service device, the fail safe of the data verified can be ensured, and by VPN (virtual private network) VPN, checking data is transmitted, can further improve the fail safe of data equally, can access destination server reliably.
Embodiment three:
Fig. 5 shows the realization flow of the method for the monitor network fishing that third embodiment of the invention provides, and show corresponding with IP address of host name of presetting in the present embodiment is stored in terminal, and details are as follows:
In step S501, send the access request of host name, receive the IP address obtained by described hostname resolution.
In step S502, according to described host name, in the database of described this locality, search the 2nd IP address that described host name is corresponding.
In step S503, whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception.
In step S504, if described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
As the further optimal way of the embodiment of the present invention, also comprise step S505, receive and upgrade validate service device send the host name more new data shown corresponding to IP address, described validate service device comprises the host name of renewal and the corresponding data of IP address.
In addition, as the mode of the optional enforcement of another kind, after the access request of given host name receiving user's input, by searching the 2nd IP address corresponding to described host name, read and write data by the direct access services device in the IP address returned.Equally, this execution mode is also applicable to embodiment two, and difference is, the 2nd IP address returned is for read from validate service device.The same direct accessed web page in IP address by inquiry, can avoid the server having access to malice.
The difference of the embodiment of the present invention and embodiment two is, by the data of corresponding relation are stored in terminal local, better ensures the access security of terminal.In addition, by the corresponding relation in validate service device more new terminal, better improve its accuracy.
Embodiment four:
The structural representation of the device of the monitor network fishing that Fig. 6 provides for fourth embodiment of the invention, details are as follows:
The device of monitor network fishing described in the embodiment of the present invention, comprising:
Receiving element 601, for sending the access request of host name, receives the IP address obtained by described hostname resolution;
Search unit 602, for searching the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether judging unit 603 is identical with an IP address of reception for the described 2nd IP address of searching described in judging;
Stop unit 604, if for described in the described 2nd IP address of searching not identical with an IP address of searching, then termination current network solicit operation.
Further, show corresponding with IP address of described default host name is stored in validate service device, described in search unit 602 and comprise:
Check request sends subelement 6021, and for sending check request to validate service device, described check request comprises described host name, an IP address;
Search subelement 6022, for receiving by validate service device according to described host name, showing host name is corresponding with IP address, searching the 2nd IP address that described host name is corresponding.
For improving the fail safe of the renewal of data message, described device also comprises:
Whether authentication unit 605, for being the validate service device of specifying by validate service device described in key authentication.
Optionally, described check request is sent subelement and searches subelement for be sent request to validate service device by VPN (virtual private network) VPN and receive the 2nd IP address by VPN (virtual private network) VPN.
Further, described check request sends in subelement 6021, and described check request also comprises the unique identification information of terminal;
Described device also comprises:
Query unit 606, for inquiring about phishing record corresponding to the unique identification that whether records described terminal at described validate service device;
Instruction sending unit 607, if the phishing record that the unique identification for comprising described terminal is corresponding, then receives the hint instructions that the present terminal sent by described verification exists potential safety hazard.
Optionally, described default host name is corresponding with IP address to be shown to be stored in local database, described in search unit 602 for according to described host name, in the database of described this locality, search the 2nd IP address that described host name is corresponding.
Device described in the embodiment of the present invention is corresponding with method described in embodiment one to embodiment three, does not repeat at this.
Embodiment five:
The structured flowchart of the terminal that Fig. 7 provides for fifth embodiment of the invention, terminal described in the present embodiment, comprising: the parts such as memory 720, input unit 730, display unit 740, voicefrequency circuit 760, mixed-media network modules mixed-media 770, processor 780 and power supply 790.It will be understood by those skilled in the art that the restriction of the not structure paired terminal of the terminal structure shown in Fig. 7, the parts more more or less than diagram can be comprised, or combine some parts, or different parts are arranged.
Concrete introduction is carried out below in conjunction with Fig. 7 each component parts to terminal:
Memory 720 can be used for storing software program and module, and processor 780 is stored in software program and the module of memory 720 by running, thus performs various function application and the data processing of terminal.Memory 720 mainly can comprise storage program district and store data field, and wherein, storage program district can storage operation system, application program (such as sound-playing function, image player function etc.) etc. needed at least one function; Store data field and can store the data (such as voice data, phone directory etc.) etc. created according to the use of terminal.In addition, memory 720 can comprise high-speed random access memory, can also comprise nonvolatile memory, such as at least one disk memory, flush memory device or other volatile solid-state parts.
Input unit 730 can be used for the numeral or the character information that receive input, and generation arranges with the user of terminal and function controls the input of relevant key signals.Particularly, input unit 730 can comprise contact panel 731 and other input equipments 732.Contact panel 731, also referred to as touch-screen, user can be collected or neighbouring touch operation (such as user uses any applicable object or the operations of annex on contact panel 731 or near contact panel 731 such as finger, stylus) thereon, and drive corresponding jockey according to the formula preset.Optionally, contact panel 731 can comprise touch detecting apparatus and touch controller two parts.Wherein, touch detecting apparatus detects the touch orientation of user, and detects the signal that touch operation brings, and sends signal to touch controller; Touch controller receives touch information from touch detecting apparatus, and converts it to contact coordinate, then gives processor 780, and the order that energy receiving processor 780 is sent also is performed.In addition, the polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave can be adopted to realize contact panel 731.Except contact panel 731, input unit 730 can also comprise other input equipments 732.Particularly, other input equipments 732 can include but not limited to one or more in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc.
Display unit 740 can be used for the various menus showing information or the information being supplied to user and the terminal inputted by user.Display unit 740 can comprise display floater 741, optionally, the form such as liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) can be adopted to configure display floater 741.Further, contact panel 731 can cover display floater 741, when contact panel 731 detects thereon or after neighbouring touch operation, send processor 780 to determine the type of touch event, on display floater 741, provide corresponding vision to export with preprocessor 780 according to the type of touch event.Although in the figure 7, contact panel 731 and display floater 741 be as two independently parts to realize input and the input function of terminal, but in certain embodiments, can by integrated to contact panel 731 and display floater 741 and realize the input and output function of terminal.
Voicefrequency circuit 760, loud speaker 761, microphone 762 can provide the audio interface between user and terminal.Voicefrequency circuit 760 can by receive voice data conversion after the signal of telecommunication, be transferred to loud speaker 761, by loud speaker 761 be converted to voice signal export; On the other hand, the voice signal of collection is converted to the signal of telecommunication by microphone 762, voice data is converted to after being received by voicefrequency circuit 760, after again voice data output processor 780 being processed, through mixed-media network modules mixed-media 710 to send to such as another terminal, or export voice data to memory 720 to process further.
Mixed-media network modules mixed-media 770 can comprise Wireless Fidelity (wireless fidelity, WiFi) module, cable network module or radio-frequency module, wherein wireless fidelity module belongs to short range wireless transmission technology, by mixed-media network modules mixed-media 770, terminal can help that user sends and receive e-mail, browsing page and access streaming video etc., and its broadband internet wireless for user provides is accessed.Although Fig. 7 shows mixed-media network modules mixed-media 770, be understandable that, it does not belong to must forming of terminal, can omit in the scope of essence not changing invention as required completely.
Processor 780 is control centres of terminal, utilize the various piece of various interface and the whole terminal of connection, software program in memory 720 and/or module is stored in by running or performing, and call the data be stored in memory 720, perform various function and the deal with data of terminal, thus integral monitoring is carried out to terminal.Optionally, processor 780 can comprise one or more processing unit; Preferably, processor 780 accessible site application processor and modem processor, wherein, application processor mainly processes operating system, user interface and application program etc., and modem processor mainly processes radio communication.Be understandable that, above-mentioned modem processor also can not be integrated in processor 780.
Terminal also comprises the power supply 790(such as battery of powering to all parts), preferably, power supply can be connected with processor 780 logic by power-supply management system, thus realizes the functions such as management charging, electric discharge and power managed by power-supply management system.
Although not shown, terminal can also comprise camera, bluetooth module etc., does not repeat them here.
In embodiments of the present invention, the processor 780 included by this terminal also has following functions: the method performing monitor network fishing, comprising:
Send the access request of host name, receive the IP address obtained by described hostname resolution;
Search the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception;
If described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1. a method for monitor network fishing, it is characterized in that, described method comprises:
Send the access request of host name, receive the IP address obtained by described hostname resolution;
Search the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether the described 2nd IP address of searching described in judgement is identical with an IP address of reception;
If described in the described 2nd IP address of searching not identical with an IP address of searching, then stop current network solicit operation.
2. method according to claim 1, it is characterized in that, described default correspondence table is stored in validate service device, describedly searches the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, and the corresponding relation step that described correspondence table stores host name and IP address is:
Send check request to validate service device, described check request comprises described host name, an IP address;
Receive by validate service device according to described host name, show host name is corresponding with IP address, search the 2nd IP address that the described host name that obtains is corresponding.
3. method according to claim 2, it is characterized in that, before whether the described 2nd IP address of searching described in described judgement is identical with an IP address of reception, described method also comprises:
Whether be the validate service device of specifying by validate service device described in key authentication.
4. method according to claim 2, it is characterized in that, describedly send to validate service device in the step of check request step and described reception the 2nd IP address, to send request to validate service device specifically by VPN (virtual private network) VPN and receive the 2nd IP address by VPN (virtual private network) VPN.
5. method according to claim 2, is characterized in that, describedly sends check request to validate service device, and described check request comprises in described host name, an IP address step, and described check request also comprises the unique identification information of terminal;
Described method also comprises:
The phishing record that the unique identification whether inquiry records described terminal at described validate service device is corresponding;
If the phishing record that the unique identification comprising described terminal is corresponding, then receive the hint instructions that the present terminal sent by described verification exists potential safety hazard.
6. method according to claim 1, it is characterized in that, described default correspondence table is stored in local database, describedly searches the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, and the corresponding relation step that described correspondence table stores host name and IP address is:
According to described host name, in the database of described this locality, search the 2nd IP address that described host name is corresponding.
7. a device for monitor network fishing, it is characterized in that, described device comprises:
Receiving element, for sending the access request of host name, receives the IP address obtained by described hostname resolution;
Search unit, for searching the 2nd IP address corresponding to described host name according to the correspondence table that described host name is being preset, described correspondence table stores the corresponding relation of host name and IP address;
Whether judging unit is identical with an IP address of reception for the described 2nd IP address of searching described in judging;
Stop unit, if for described in the described 2nd IP address of searching not identical with an IP address of searching, then termination current network solicit operation.
8. device according to claim 7, it is characterized in that, described default correspondence table is stored in validate service device, described in search unit and comprise:
Check request sends subelement, and for sending check request to validate service device, described check request comprises described host name, an IP address;
Searching subelement, for receiving by validate service device according to described host name, showing host name is corresponding with IP address, search the 2nd IP address that the described host name that obtains is corresponding.
9. device according to claim 8, it is characterized in that, described device also comprises:
Whether authentication unit, for being the validate service device of specifying by validate service device described in key authentication.
10. device according to claim 8, is characterized in that, described check request is sent subelement and searches subelement for be sent request to validate service device by VPN (virtual private network) VPN and receive the 2nd IP address by VPN (virtual private network) VPN.
11. devices according to claim 8, is characterized in that, described check request sends subelement, and described check request also comprises the unique identification information of terminal;
Described device also comprises:
Query unit, for inquiring about phishing record corresponding to the unique identification that whether records described terminal at described validate service device;
Instruction sending unit, if the phishing record that the unique identification for comprising described terminal is corresponding, then receives the hint instructions that the present terminal sent by described verification exists potential safety hazard.
12. devices according to claim 7, is characterized in that, described default correspondence table is stored in local database, described in search unit for according to described host name, in the database of described this locality, search the 2nd IP address that described host name is corresponding.
13. 1 kinds of terminals, is characterized in that, described terminal comprises the device of the monitor network fishing described in any one of claim 7-12.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310611863.8A CN104683290A (en) | 2013-11-26 | 2013-11-26 | Method and device for monitoring phishing and terminal |
PCT/CN2014/089269 WO2015078247A1 (en) | 2013-11-26 | 2014-10-23 | Method, apparatus and terminal for monitoring phishing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310611863.8A CN104683290A (en) | 2013-11-26 | 2013-11-26 | Method and device for monitoring phishing and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104683290A true CN104683290A (en) | 2015-06-03 |
Family
ID=53198325
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310611863.8A Pending CN104683290A (en) | 2013-11-26 | 2013-11-26 | Method and device for monitoring phishing and terminal |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104683290A (en) |
WO (1) | WO2015078247A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681358A (en) * | 2016-03-31 | 2016-06-15 | 北京奇虎科技有限公司 | Domain name hijacking detection method, device and system |
CN106095781A (en) * | 2016-05-26 | 2016-11-09 | 北京小米移动软件有限公司 | Malicious websites recognition methods and device |
CN106230864A (en) * | 2016-09-22 | 2016-12-14 | 安徽云图信息技术有限公司 | Website security detection system |
CN106789979A (en) * | 2016-12-07 | 2017-05-31 | 北京亚鸿世纪科技发展有限公司 | The validity diagnostic method and device of domain name are enlivened in a kind of IDC computer rooms |
CN110766845A (en) * | 2019-09-11 | 2020-02-07 | 中国南方电网有限责任公司 | Identification method and device for power construction user information and computer equipment |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109788435B (en) * | 2018-12-28 | 2021-06-18 | 奇安信科技集团股份有限公司 | Wireless hotspot control method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102685074A (en) * | 2011-03-14 | 2012-09-19 | 国基电子(上海)有限公司 | Anti-phishing network communication system and method |
US20130036468A1 (en) * | 2011-08-01 | 2013-02-07 | Visicom Media Inc. | Anti-phishing domain advisor and method thereof |
CN103152354A (en) * | 2013-03-19 | 2013-06-12 | 北京奇虎科技有限公司 | Method and system for promoting dangerous website and client device |
CN103220302A (en) * | 2013-05-07 | 2013-07-24 | 腾讯科技(深圳)有限公司 | Malicious website access defending method and related device |
CN103269389A (en) * | 2013-06-03 | 2013-08-28 | 北京奇虎科技有限公司 | Method and device for detecting and repairing malicious DNS setting |
-
2013
- 2013-11-26 CN CN201310611863.8A patent/CN104683290A/en active Pending
-
2014
- 2014-10-23 WO PCT/CN2014/089269 patent/WO2015078247A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102685074A (en) * | 2011-03-14 | 2012-09-19 | 国基电子(上海)有限公司 | Anti-phishing network communication system and method |
US20130036468A1 (en) * | 2011-08-01 | 2013-02-07 | Visicom Media Inc. | Anti-phishing domain advisor and method thereof |
CN103152354A (en) * | 2013-03-19 | 2013-06-12 | 北京奇虎科技有限公司 | Method and system for promoting dangerous website and client device |
CN103220302A (en) * | 2013-05-07 | 2013-07-24 | 腾讯科技(深圳)有限公司 | Malicious website access defending method and related device |
CN103269389A (en) * | 2013-06-03 | 2013-08-28 | 北京奇虎科技有限公司 | Method and device for detecting and repairing malicious DNS setting |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681358A (en) * | 2016-03-31 | 2016-06-15 | 北京奇虎科技有限公司 | Domain name hijacking detection method, device and system |
CN106095781A (en) * | 2016-05-26 | 2016-11-09 | 北京小米移动软件有限公司 | Malicious websites recognition methods and device |
CN106230864A (en) * | 2016-09-22 | 2016-12-14 | 安徽云图信息技术有限公司 | Website security detection system |
CN106789979A (en) * | 2016-12-07 | 2017-05-31 | 北京亚鸿世纪科技发展有限公司 | The validity diagnostic method and device of domain name are enlivened in a kind of IDC computer rooms |
CN106789979B (en) * | 2016-12-07 | 2020-01-21 | 北京亚鸿世纪科技发展有限公司 | Method and device for diagnosing effectiveness of active domain name in IDC machine room |
CN110766845A (en) * | 2019-09-11 | 2020-02-07 | 中国南方电网有限责任公司 | Identification method and device for power construction user information and computer equipment |
Also Published As
Publication number | Publication date |
---|---|
WO2015078247A1 (en) | 2015-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9712562B2 (en) | Method, device and system for detecting potential phishing websites | |
CN104125216B (en) | A kind of method, system and terminal for lifting credible performing environment security | |
CN103634294B (en) | Information verifying method and device | |
CN108632253B (en) | Client data security access method and device based on mobile terminal | |
CN103634109A (en) | Operation right authentication method and device | |
US20150319173A1 (en) | Co-verification method, two dimensional code generation method, and device and system therefor | |
CN104639672A (en) | Method and device for domain name resolution (DNS) | |
CN110198301B (en) | Service data acquisition method, device and equipment | |
CN104836664A (en) | Method for executing business processing, device for executing business processing and system for executing business processing | |
CN105407074A (en) | Authentication method, apparatus and system | |
CN111475841A (en) | Access control method, related device, equipment, system and storage medium | |
CN104683290A (en) | Method and device for monitoring phishing and terminal | |
CN104243155A (en) | Safety verification method and device | |
CN104376353A (en) | Two-dimension code generating method, terminal and server and two-dimension code reading method, terminal and server | |
CN104468464A (en) | Authentication method, device and system | |
CN104580167A (en) | Data transmission method, device and system | |
CN104468101A (en) | User identity authentication method and device and authentication service system | |
CN105491067A (en) | Key-based business security verification method and device | |
CN103716793A (en) | Access point information sharing method and apparatus | |
CN104967601A (en) | Data processing method and apparatus | |
CN107615294A (en) | A kind of identifying code short message display method and mobile terminal | |
CN105681032A (en) | Key storage method and device as well as key management method and device | |
CN104954126A (en) | Sensitive operation verification method, device and system | |
CN104424431A (en) | Method and device for resetting virtual machine user login password | |
CN104901805A (en) | Identity authentication method and device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150603 |
|
RJ01 | Rejection of invention patent application after publication |