+

CN115114617A - Login result detection method and system - Google Patents

Login result detection method and system Download PDF

Info

Publication number
CN115114617A
CN115114617A CN202110309625.6A CN202110309625A CN115114617A CN 115114617 A CN115114617 A CN 115114617A CN 202110309625 A CN202110309625 A CN 202110309625A CN 115114617 A CN115114617 A CN 115114617A
Authority
CN
China
Prior art keywords
login
command
state
server
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110309625.6A
Other languages
Chinese (zh)
Other versions
CN115114617B (en
Inventor
王利新
陈超
姚翼雄
谈文彬
陈大钊
马睿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Original Assignee
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secworld Information Technology Beijing Co Ltd, Qax Technology Group Inc filed Critical Secworld Information Technology Beijing Co Ltd
Priority to CN202110309625.6A priority Critical patent/CN115114617B/en
Publication of CN115114617A publication Critical patent/CN115114617A/en
Application granted granted Critical
Publication of CN115114617B publication Critical patent/CN115114617B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a login result detection method, which comprises the following steps: the method comprises the steps of obtaining a first command sent by a client to a server, matching the first command with a command in login in a preset command set in login, judging whether a program state is updated to the state in login according to a matching result, obtaining a second command sent by the client to the server when the program state is updated to the state in login, judging whether the first command is consistent with the second command, and matching the second command with a successful command in a preset successful command set in login when the first command is inconsistent with the second command; and when the matching is successful, judging that the login is successful, and updating the program state into a login successful state. The embodiment of the invention can realize accurate judgment of the login result even without the return result of the server under the condition of unilateral flow.

Description

登录结果检测方法及系统Login result detection method and system

技术领域technical field

本发明涉及网络安全技术领域,具体涉及一种登录结果检测方法及系统。The invention relates to the technical field of network security, in particular to a login result detection method and system.

背景技术Background technique

现有的应用协议登录结果判断,都是基于登录请求命令的返回结果和返回码判断登录成功还是失败。以SMTP协议为例,当客户端发送命令AUTH LOGIN至服务器后,服务器返回码为235时表示登录成功,服务器返回码为501时表示登录失败。以Pop3协议为例,当客户端发送登录命令USER或PASS至服务器后,服务器返回结果为-ERR时表示登录失败,服务器返回结果为+OK时表示登录成功。The existing application protocol login result judgment is based on the return result and the return code of the login request command to judge whether the login is successful or not. Taking the SMTP protocol as an example, after the client sends the command AUTH LOGIN to the server, the server's return code is 235, which means the login is successful, and the server's return code is 501, which means the login fails. Taking the Pop3 protocol as an example, when the client sends the login command USER or PASS to the server, if the server returns -ERR, the login fails, and when the server returns +OK, the login is successful.

然而,这种依赖服务器返回结果进行登录结果判断,在遇到单边流量的情况,例如只有请求端的流量时,由于没有服务器的返回结果,使得登录结果无法判断。However, this kind of relying on the result returned by the server to judge the login result, in the case of unilateral traffic, for example, when there is only the traffic of the requester, because there is no return result from the server, the login result cannot be judged.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于提供一种登录结果检测方法、系统、计算机设备及可读存储介质,用于解决现有技术中在遇到单边流量的情况,例如只有请求端的流量时,由于没有服务器的返回结果,使得登录结果无法判断的缺陷。The purpose of the present invention is to provide a login result detection method, system, computer equipment and readable storage medium, which are used to solve the situation of unilateral traffic in the prior art, for example, when there is only traffic of the requesting end, because there is no server The defect of returning the result, making the login result impossible to judge.

根据本发明的一个方面,提供了一种登录结果检测方法,该方法包括如下步骤:According to one aspect of the present invention, a method for detecting a login result is provided, the method comprising the following steps:

获取客户端发送至服务器的第一命令,所述第一命令用于所述客户端向所述服务器发出连接请求;obtaining the first command sent by the client to the server, where the first command is used by the client to send a connection request to the server;

将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态,其中,所述程序状态用于表征所述客户端登录至所述服务器的登录结果,包括登录中状态及登录成功状态;Matching the first command with the logging command in the preset logging command set, and judging whether to update the program status to the logging status according to the matching result, wherein the program status is used to represent the client logging in The login result to the server, including the login status and the login success status;

当所述程序状态更新为所述登录中状态时,获取所述客户端发送至所述服务器的第二命令,其中,所述第二命令用于所述客户端向所述服务器发出连接请求或数据请求;When the program state is updated to the logging-in state, obtain a second command sent by the client to the server, where the second command is used by the client to send a connection request to the server or data request;

判断所述第一命令与所述第二命令是否一致;Determine whether the first command is consistent with the second command;

当所述第一命令与所述第二命令不一致时,将所述第二命令与预设的登录成功命令集中的登录成功命令进行匹配;When the first command is inconsistent with the second command, matching the second command with the login success command in the preset login success command set;

当匹配成功时,判断登录成功,并将所述程序状态更新为所述登录成功状态。When the matching is successful, it is judged that the login is successful, and the program state is updated to the login successful state.

可选地,所述程序状态还包括未登录状态,所述获取客户端发送至服务器的第一命令之前,包括:Optionally, the program state further includes an unlogged state, and before the obtaining the first command sent by the client to the server, includes:

将所述程序状态初始化为所述未登录状态。The program state is initialized to the unlogged state.

可选地,所述根据匹配结果判断是否将程序状态更新为登录中状态,包括:Optionally, the judging whether to update the program status to the logging-in status according to the matching result includes:

当匹配成功时,将所述程序状态更新为所述登录中状态;When the matching is successful, update the program status to the logging-in status;

当匹配失败时,保持所述程序状态不变。When a match fails, the program state is kept unchanged.

可选地,所述当所述程序状态更新为所述登录中状态时,获取所述客户端发送至所述服务器的第二命令,包括:Optionally, acquiring the second command sent by the client to the server when the program state is updated to the logging-in state, includes:

当所述程序状态更新为所述登录中状态时,检测所述客户端是否将用户名及密码发送至所述服务器;及When the program state is updated to the logging-in state, detecting whether the client sends the user name and password to the server; and

当检测到所述客户端将所述用户名及所述密码发送至所述服务器时,获取所述第二命令。The second command is acquired when it is detected that the client sends the user name and the password to the server.

可选地,所述登录结果检测方法还包括:Optionally, the login result detection method further includes:

当所述程序状态更新为所述登录中状态,且未检测到所述客户端将所述用户名及所述密码发送至所述服务器时,不获取所述第二命令。When the program state is updated to the logging-in state, and it is not detected that the client sends the user name and the password to the server, the second command is not obtained.

可选地,所述程序状态还包括登录失败状态,所述登录结果检测方法还包括:Optionally, the program status further includes a login failure status, and the login result detection method further includes:

当所述第一命令与所述第二命令一致时,将所述程序状态更新为所述登录失败状态;和/或,When the first command is consistent with the second command, update the program status to the login failure status; and/or,

在获取所述第二命令前,所述方法还包括:Before acquiring the second command, the method further includes:

当接收到第三命令时,将所述程序状态更新为所述登录失败状态,所述第三命令用于所述服务器指令所述客户端退出连接。When a third command is received, the program state is updated to the login failure state, and the third command is used by the server to instruct the client to exit the connection.

可选地,所述登录结果检测方法还包括:Optionally, the login result detection method further includes:

当匹配失败时,判断登录失败,并将所述程序状态更新为所述登录失败状态。When the matching fails, it is judged that the login fails, and the program state is updated to the login failure state.

为了实现上述目的,本发明还提供一种登录结果检测系统,该系统具体包括以下组成部分:In order to achieve the above object, the present invention also provides a login result detection system, which specifically includes the following components:

第一获取模块,用于获取客户端发送至服务器的第一命令,所述第一命令用于所述客户端向所述服务器发出连接请求;a first obtaining module, configured to obtain a first command sent by the client to the server, where the first command is used by the client to send a connection request to the server;

第一判断模块,用于将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态,其中,所述程序状态用于表征所述客户端登录至所述服务器的登录结果,包括登录中状态及登录成功状态;The first judging module is used to match the first command with the command in login in the preset login command set, and determine whether to update the program status to the login status according to the matching result, wherein the program status is determined by In characterizing the login result of the client logging in to the server, including the login status and the login success status;

第二获取模块,用于当所述程序状态更新为所述登录中状态时,获取所述客户端发送至所述服务器的第二命令,其中,所述第二命令用于所述客户端向所述服务器发出连接请求或数据请求;A second obtaining module, configured to obtain a second command sent by the client to the server when the program state is updated to the logging-in state, wherein the second command is used by the client to send The server sends a connection request or a data request;

第二判断模块,用于判断所述第一命令与所述第二命令是否一致;a second judging module for judging whether the first command is consistent with the second command;

匹配模块,用于当所述第一命令与所述第二命令不一致时,将所述第二命令与预设的登录成功命令集中的登录成功命令进行匹配;a matching module, configured to match the second command with the login success command in the preset login success command set when the first command is inconsistent with the second command;

更新模块,用于当匹配成功时,判断登录成功,并将所述程序状态更新为所述登录成功状态。The updating module is used for judging that the login is successful when the matching is successful, and updating the program state to the login success state.

为了实现上述目的,本发明还提供一种计算机设备,该计算机设备具体包括:存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述介绍的登录结果检测方法的步骤。In order to achieve the above object, the present invention also provides a computer device, the computer device specifically includes: a memory, a processor, and a computer program stored in the memory and running on the processor, and the processor executes the computer program. When the computer program is described, the steps of implementing the method for detecting the login result described above are implemented.

为了实现上述目的,本发明还提供一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述介绍的登录结果检测方法的步骤。In order to achieve the above object, the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the login result detection method described above.

本发明提供的登录结果检测方法通过获取客户端向服务器发送的命令,且结合程序状态对应的命令集中的命令以及命令上下文,使得在单向流量的情况下,即使没有服务器的返回结果,也能实现对登录结果的精确判断。The login result detection method provided by the present invention obtains the command sent by the client to the server, and combines the command and the command context in the command set corresponding to the program state, so that in the case of one-way traffic, even if there is no return result from the server, the Accurate judgment on the login result is realized.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1为本发明实施例提供的登录结果检测方法的一种可选的应用环境示意图;1 is a schematic diagram of an optional application environment of a method for detecting a login result provided by an embodiment of the present invention;

图2为本发明实施例提供的登录结果检测方法的一种可选的步骤流程示意图;2 is a schematic flowchart of an optional step of a method for detecting a login result provided by an embodiment of the present invention;

图3为本发明实施例提供的图2中步骤S300的一种可选的步骤细化流程示意图;FIG. 3 is a schematic schematic diagram of an optional step refinement process of step S300 in FIG. 2 according to an embodiment of the present invention;

图4为本发明实施例提供的登录结果检测系统的一种可选的程序模块示意图;4 is a schematic diagram of an optional program module of a login result detection system provided by an embodiment of the present invention;

图5为本发明实施例提供的计算机设备的一种可选的硬件架构示意图。FIG. 5 is a schematic diagram of an optional hardware architecture of a computer device according to an embodiment of the present invention.

具体实施方式Detailed ways

这里将详细地对示例性发明实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性发明实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本发明的一些方面相一致的系统和方法的例子。Exemplary inventive embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following illustrative inventive examples are not intended to represent all implementations consistent with the present invention. Rather, they are merely examples of systems and methods consistent with some aspects of the invention as recited in the appended claims.

在本发明使用的术语是仅仅出于描述特定发明实施例的目的,而非旨在限制本发明。在本发明和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terminology used in the present invention is for the purpose of describing particular embodiments of the invention only and is not intended to limit the invention. As used in this specification and the appended claims, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

应当理解,尽管在本发明可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本发明范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in the present invention to describe various information, such information should not be limited by these terms. These terms are only used to distinguish the same type of information from each other. For example, the first information may also be referred to as the second information, and similarly, the second information may also be referred to as the first information, without departing from the scope of the present invention. Depending on the context, the word "if" as used herein can be interpreted as "at the time of" or "when" or "in response to determining."

在本发明的描述中,需要理解的是,步骤前的数字标号并不标识执行步骤的前后顺序,仅用于方便描述本发明及区别每一步骤,因此不能理解为对本发明的限制。基于本发明中的发明实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他发明实施例,都属于本发明保护的范围。In the description of the present invention, it should be understood that the numerical labels before the steps do not identify the sequence of executing the steps, but are only used to facilitate the description of the present invention and to distinguish each step, and therefore should not be construed as a limitation of the present invention. Based on the invention embodiments in the present invention, all other invention embodiments obtained by persons of ordinary skill in the art without creative work fall within the protection scope of the present invention.

下面结合附图对本发明实施例进行说明。The embodiments of the present invention will be described below with reference to the accompanying drawings.

参阅图1,示出了本发明实施例提供的登录结果检测方法的一种可选的应用环境示意图,用户使用客户端2通过网络8发送命令至服务器4,实现与服务器4的通信。计算机设备6获取客户端2发送至服务器6的所述命令,并基于获取的命令上下文以及设置的登录状态机制,确定登录结果是否成功。Referring to FIG. 1 , a schematic diagram of an optional application environment of the login result detection method provided by the embodiment of the present invention is shown. The user uses the client terminal 2 to send commands to the server 4 through the network 8 to realize communication with the server 4 . The computer device 6 acquires the command sent by the client 2 to the server 6, and determines whether the login result is successful based on the acquired command context and the set login state mechanism.

实施例一Example 1

参阅图2,示出了本发明实施例提供的一种登录结果检测方法的步骤流程示意图。可以理解,本发明实施例中的流程图不用于对执行步骤的顺序进行限定。本发明实施例以图1中所述计算机设备6为执行主体进行示例性描述,所述计算机设备可以包括诸如智能手机、平板个人计算机(tablet personal computer)、膝上型计算机(laptop computer)等移动终端,以及诸如台式计算机等固定终端。具体如下:Referring to FIG. 2 , a schematic flowchart of steps of a method for detecting a login result provided by an embodiment of the present invention is shown. It can be understood that the flowcharts in the embodiments of the present invention are not used to limit the order of executing steps. The embodiment of the present invention is exemplarily described by taking the computer device 6 in FIG. 1 as the execution subject, and the computer device may include mobile phones such as smart phones, tablet personal computers, and laptop computers. terminals, and stationary terminals such as desktop computers. details as follows:

步骤S100,获取客户端发送至服务器的第一命令,所述第一命令用于所述客户端向所述服务器发出连接请求。Step S100: Obtain a first command sent by the client to the server, where the first command is used by the client to send a connection request to the server.

示例性的,以简单邮件传输协议(Simple Mail Transfer Protocol,SMTP)为例,在单向流量的情况下,先获取客户端发送至服务器的第一命令,所述第一命令用于所述客户端向所述服务器发出连接请求。所述单向流量是指只有客户端的请求流量,因为只有请求流量中有登录请求命令。Exemplarily, taking the Simple Mail Transfer Protocol (Simple Mail Transfer Protocol, SMTP) as an example, in the case of one-way traffic, first obtain the first command sent by the client to the server, and the first command is used for the client. The terminal sends a connection request to the server. The one-way traffic refers to only the client's request traffic, because only the request traffic has a login request command.

在示例性的实施例中,所述步骤S100可以包括:In an exemplary embodiment, the step S100 may include:

将所述程序状态初始化为所述未登录状态。The program state is initialized to the unlogged state.

示例性的,在获取客户端发送至服务器的第一命令之前,将所述程序状态初始化为未登录状态。Exemplarily, before acquiring the first command sent by the client to the server, the program state is initialized to a logout state.

步骤S200,将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态,其中,所述程序状态用于表征所述客户端登录至所述服务器的登录结果,包括登录中状态及登录成功状态。Step S200, matching the first command with a command in the login command set in a preset login command set, and judging whether to update the program state to the login state according to the matching result, wherein the program state is used to represent the The login result of the client logging in to the server, including the login status and the login successful status.

示例性的,以SMTP为例,假设所述未登录对应的命令集为{EHLO},所述登录中的预设的登录中命令集为{AUTH LOGIN},所述登录成功对应的预设的登录成功命令集为{MAILFROM,RCPT TO,DATA},所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。Exemplarily, taking SMTP as an example, it is assumed that the command set corresponding to the non-login is {EHLO}, the preset command set in the login is {AUTH LOGIN}, and the preset corresponding to the successful login is {EHLO}. The login success command set is {MAILFROM, RCPT TO, DATA}, the preset login failure command set corresponding to the login failure is {QUIT}, and the first command and the login command in the preset login command set are combined. Carry out matching, and judge whether to update the program status to the logging-in status according to the matching result.

在邮局协议的第3个版本(Post Office Protocol 3,POP3)中,假设所述未登录对应的未登录命令集为{CAPA},所述登录中的预设的登录中命令集为{USER,PASS},所述登录成功对应的预设的登录成功命令集为{RETR,LIST,UIDL,STAT},所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the third version of the Post Office Protocol (Post Office Protocol 3, POP3), it is assumed that the non-login command set corresponding to the non-login is {CAPA}, and the preset in-login command set in the login is {USER, PASS}, the preset login success command set corresponding to the login success is {RETR, LIST, UIDL, STAT}, and the preset login failure command set corresponding to the login failure is {QUIT}. The command is matched with the login command in the preset login command set, and whether to update the program state to the login state is determined according to the matching result.

在因特网消息访问协议(Internet Message Access Protocol,IMAP)中,假设所述登录中的预设的登录中命令集为{LOGIN},在未获取到预设的登录中命令集中的登录中命令之前都视为未登录状态,所述登录成功对应的预设的登录成功命令集为{UID fetch1452420187(UID RFC822.SIZE BODY[])},所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the Internet Message Access Protocol (IMAP), it is assumed that the preset log-in command set in the log-in is {LOGIN}, before the preset log-in command set in the log-in command set is obtained It is regarded as not logged in, the preset login success command set corresponding to the login success is {UID fetch1452420187(UID RFC822.SIZE BODY[])}, and the preset login failure command set corresponding to the login failure is {QUIT }, the first command is matched with the command under login in the preset log under command set, and whether to update the program state to the under login state is determined according to the matching result.

在远程终端协议TELNET中,假设所述登录中的预设的登录中命令集为{LOGIN,USERNAME,PASSWARD},在未获取到预设的登录中命令集中的登录中命令之前都视为未登录状态,所述登录失败对应的预设的登录失败命令集为{EXIT},将所述第一命令与预设的登录中命令集中的命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the remote terminal protocol TELNET, it is assumed that the preset login command set in the login is {LOGIN, USERNAME, PASSWARD}, and it is regarded as not logged in until the preset login command set in the login command set is not obtained. state, the preset login failure command set corresponding to the login failure is {EXIT}, the first command is matched with the command in the preset login command set, and according to the matching result, it is judged whether to update the program state to Login status.

在文件传输协议(File Transfer Protocol,FTP)中,假设所述登录中的预设的登录中命令集为{USER,PASS},在未获取到预设的登录中命令集中的登录中命令之前都视为未登录状态,所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the file transfer protocol (File Transfer Protocol, FTP), it is assumed that the preset in-login command set in the login is {USER, PASS}, before the preset in-login command set in the in-login command set is obtained It is regarded as not logged in, the preset login failure command set corresponding to the login failure is {QUIT}, the first command is matched with the login command in the preset login command set, and judged according to the matching result Whether to update the program status to logging in status.

在示例性的实施例中,所述步骤S200可以包括:In an exemplary embodiment, the step S200 may include:

当匹配成功时,将所述程序状态更新为所述登录中状态;When the matching is successful, update the program status to the logging-in status;

当匹配失败时,保持所述程序状态不变。When a match fails, the program state is kept unchanged.

示例性的,以SMTP为例,假设此时获取的第一命令为“AUTH LOGIN”,所述第一命令属于所述预设的登录中命令集中的登录中命令,将所述程序状态更新为登录中状态,当所述程序状态更新为登录中状态时,获取所述客户端发送至所述服务器的第二命令。Exemplarily, taking SMTP as an example, it is assumed that the first command obtained at this time is "AUTH LOGIN", and the first command belongs to the commands in the login command in the preset login command set, and the program status is updated as: Logging-in state, when the program state is updated to the logging-in state, obtain the second command sent by the client to the server.

示例性的,以SMTP为例,假设此时获取的第一命令为“EHLO”,将“EHLO”与所述预设的登录中命令集{AUTH LOGIN}中的登录中命令进行匹配,当匹配成功时,将所述程序状态更新为登录中状态。当所述第一命令不属于所述预设的登录中命令集时,判断为匹配失败,保持所述程序状态不变。Exemplarily, taking SMTP as an example, it is assumed that the first command obtained at this time is "EHLO", and "EHLO" is matched with the login command in the preset login command set {AUTH LOGIN}. On success, the program state is updated to the logging in state. When the first command does not belong to the preset logging-in command set, it is determined that the matching fails, and the program state is kept unchanged.

步骤S300,当所述程序状态更新为所述登录中状态时,获取所述客户端发送至所述服务器的第二命令,其中,所述第二命令用于所述客户端向所述服务器发出连接请求或数据请求。Step S300, when the program state is updated to the logging-in state, obtain a second command sent by the client to the server, where the second command is used by the client to send to the server Connection request or data request.

在示例性的实施例中,如图3所示,所述步骤S300可以包括:In an exemplary embodiment, as shown in FIG. 3 , the step S300 may include:

步骤S301,当所述程序状态更新为所述登录中状态时,检测所述客户端是否将用户名及密码发送至所述服务器;Step S301, when the program status is updated to the login status, detect whether the client sends the user name and password to the server;

步骤S302,当检测到所述客户端将所述用户名及所述密码发送至所述服务器时,获取所述第二命令。Step S302, when it is detected that the client sends the user name and the password to the server, obtain the second command.

示例性的,当所述程序状态更新为登录中状态后,记录用户输入的用户名假设为“username”及密码假设为“password”,并当客户端将用户输入的用户名及密码发送至服务器后,若所述客户端发送至所述服务器的第二命令为“AUTH LOGIN”,则获取所述客户端发送至所述服务器的所述第二命令“AUTH LOGIN”。Exemplarily, after the program status is updated to the logging-in status, record the username entered by the user as "username" and the password as "password", and when the client sends the username and password entered by the user to the server Then, if the second command sent by the client to the server is "AUTH LOGIN", obtain the second command "AUTH LOGIN" sent by the client to the server.

步骤S400,判断所述第一命令与所述第二命令是否一致。Step S400, judging whether the first command is consistent with the second command.

具体地,将所述第一命令与所述第二命令进行比较,判断所述第一命令与所述第二命令是否一致,以判断是否对所述程序状态进行更新。Specifically, the first command and the second command are compared to determine whether the first command and the second command are consistent, so as to determine whether to update the program state.

步骤S500,当所述第一命令与所述第二命令不一致时,将所述第二命令与预设的登录成功命令集中的登录成功命令进行匹配。Step S500, when the first command is inconsistent with the second command, match the second command with a login successful command in a preset login success command set.

示例性的,假设获取的第一命令为“AUTH LOGIN”且当所述程序状态更新为登录中状态后,获取的第二命令假设为“MAIL FROM”,将所述第二命令“MAIL FROM”与所述预设的登录成功命令集中的登录成功命令进行匹配,并根据匹配结果对所述程序状态进行更新,以确定所述目标登录结果。Exemplarily, it is assumed that the acquired first command is "AUTH LOGIN" and after the program status is updated to the logging-in status, the acquired second command is assumed to be "MAIL FROM", and the second command "MAIL FROM" It is matched with the login success command in the preset login success command set, and the program state is updated according to the matching result to determine the target login result.

步骤S600,当匹配成功时,判断登录成功,并将所述程序状态更新为所述登录成功状态。Step S600, when the match is successful, it is judged that the login is successful, and the program state is updated to the login successful state.

示例性的,当所述第二命令为“MAIL FROM”时,将所述第二命令“MAIL FROM”与所述预设的登录成功命令集{MAIL FROM,RCPT TO,DATA}中的命令进行匹配,匹配出所述第二命令“MAIL FROM”属于所述预设的登录成功命令集{MAIL FROM,RCPT TO,DATA},将所述程序状态更新为登录成功状态。需要说明的是,本发明还支持FTP、SMTP、TELNET、POP3、IMAP以及REDIS等多种协议。Exemplarily, when the second command is "MAIL FROM", perform the second command "MAIL FROM" with the commands in the preset login successful command set {MAIL FROM, RCPT TO, DATA}. Matching, it is found that the second command "MAIL FROM" belongs to the preset login successful command set {MAIL FROM, RCPT TO, DATA}, and the program state is updated to the login successful state. It should be noted that the present invention also supports multiple protocols such as FTP, SMTP, TELNET, POP3, IMAP, and REDIS.

在示例性的实施例中,所述登录结果检测方法还包括:In an exemplary embodiment, the login result detection method further includes:

当所述程序状态更新为所述登录中状态,且未检测到所述客户端将所述用户名及所述密码发送至所述服务器时,不获取所述第二命令。When the program state is updated to the logging-in state, and it is not detected that the client sends the user name and the password to the server, the second command is not obtained.

具体地,当所述程序状态更新为所述登录中状态时,检测所述客户端是否将所述用户名及所述密码发送至所述服务器,当未检测到所述客户端将所述用户名及所述密码发送至所述服务器时,不获取所述第二命令。Specifically, when the program status is updated to the logging-in status, it is detected whether the client sends the user name and the password to the server, and when it is not detected that the client sends the user When the name and the password are sent to the server, the second command is not obtained.

在示例性的实施例中,所述登录结果检测方法还包括:In an exemplary embodiment, the login result detection method further includes:

当所述第一命令与所述第二命令一致时,将所述程序状态更新为所述登录失败状态;和/或,When the first command is consistent with the second command, update the program status to the login failure status; and/or,

在获取所述第二命令前,所述方法还包括:Before acquiring the second command, the method further includes:

当接收到第三命令时,将所述程序状态更新为所述登录失败状态,所述第三命令用于所述服务器指令所述客户端退出连接。When a third command is received, the program state is updated to the login failure state, and the third command is used by the server to instruct the client to exit the connection.

示例性的,当所述第二命令为“AUTH LOGIN”时,判断登录失败,将所述程序状态更新为登录失败状态。Exemplarily, when the second command is "AUTH LOGIN", it is judged that the login fails, and the program state is updated to a login failure state.

示例性的,在获取所述第二命令为“AUTH LOGIN”之前,接收到第三命令假设为“QUIT”时,将所述程序状态更新为所述登录失败状态。Exemplarily, before acquiring the second command as "AUTH LOGIN", when the third command is received and assumed to be "QUIT", the program status is updated to the login failure status.

在示例性的实施例中,所述登录结果检测方法还包括:In an exemplary embodiment, the login result detection method further includes:

当匹配失败时,判断登录失败,并将所述程序状态更新为所述登录失败状态。When the matching fails, it is judged that the login fails, and the program state is updated to the login failure state.

示例性的,当所述第二命令为“QUIT”时,由于所述登录成功命令集{MAIL FROM,RCPT TO,DATA}中未匹配到与所述第二命令相同的命令,则将所述程序状态更新为登录失败状态。Exemplarily, when the second command is "QUIT", since the login successful command set {MAIL FROM, RCPT TO, DATA} does not match the same command as the second command, the The program status is updated to the login failed status.

本发明提供的登录结果检测方法通过获取客户端向服务器发送的命令,且结合程序状态对应的命令集中的命令以及命令上下文,使得在单向流量的情况下,即使没有服务器的返回结果,也能实现对登录结果的精确判断。The login result detection method provided by the present invention obtains the command sent by the client to the server, and combines the command and the command context in the command set corresponding to the program state, so that in the case of one-way traffic, even if there is no return result from the server, the Accurate judgment on the login result is realized.

在网络探针领域,本发明提供的登录结果检测方法所得到的登录结果,可以为暴力破解的发现提供准确的数据源,用于判断是否存在暴力破解攻击行为。例如:当检测到客户端日志中存在的登录失败的结果数量超出预设值时,视为暴力破解攻击行为。另,本发明提供的登录结果检测方法所得到的登录结果,还可以用于判断用户的用户名及密码是否为弱口令,例如:当客户端日志中判断为登录成功的登录结果对应的用户名及密码能被暴力破解得到时,视为弱口令。因此,通过本发明提供的登录结果检测方法,极大地提高了网络探针对弱口令和暴力破解攻击的发现效率,极大地增强了邮件协议的登录还原能力。In the field of network probes, the login result obtained by the login result detection method provided by the present invention can provide an accurate data source for the discovery of brute force cracking, and can be used to judge whether there is a brute force cracking attack behavior. For example, when it is detected that the number of login failure results in the client log exceeds the preset value, it is regarded as a brute force attack. In addition, the login result obtained by the login result detection method provided by the present invention can also be used to determine whether the user name and password of the user are weak passwords. When the password can be cracked by brute force, it is regarded as a weak password. Therefore, the detection method of the login result provided by the present invention greatly improves the discovery efficiency of the network probe against weak passwords and brute force cracking attacks, and greatly enhances the login restoration capability of the mail protocol.

实施例二Embodiment 2

参阅图4,示出了本发明实施例之一种登录结果检测系统700的程序模块示意图。所述登录结果检测系统700可以应用于计算机设备中,所述计算机设备可以是手机、平板个人计算机(tablet personal computer)、膝上型计算机(laptop computer)、等具有数据传输功能的设备。在本发明实施例中,所述登录结果检测系统700可以包括或被分割成一个或多个程序模块,一个或者多个程序模块被存储于可读存储介质中,并由一个或多个处理器所执行,以完成本发明实施例,并可实现上述登录结果检测系统700。本发明实施例所称的程序模块是指能够完成特定功能的一系列计算机程序指令段,比程序本身更适合于描述所述登录结果检测系统700在可读存储介质中的执行过程。在示例性的实施例中,该登录结果检测系统700包括第一获取模块701、第一判断模块702、第二获取模块703、第二判断模块704、匹配模块705以及更新模块706。以下描述将具体介绍本发明实施例各程序模块的功能:Referring to FIG. 4 , a schematic diagram of program modules of a login result detection system 700 according to an embodiment of the present invention is shown. The login result detection system 700 can be applied to a computer device, and the computer device can be a mobile phone, a tablet personal computer, a laptop computer, or other devices with a data transmission function. In this embodiment of the present invention, the login result detection system 700 may include or be divided into one or more program modules, and the one or more program modules are stored in a readable storage medium and executed by one or more processors Executed to complete the embodiments of the present invention, and the above login result detection system 700 can be implemented. The program modules referred to in the embodiments of the present invention refer to a series of computer program instruction segments capable of performing specific functions, and are more suitable for describing the execution process of the login result detection system 700 in the readable storage medium than the programs themselves. In an exemplary embodiment, the login result detection system 700 includes a first obtaining module 701 , a first judging module 702 , a second obtaining module 703 , a second judging module 704 , a matching module 705 and an updating module 706 . The following description will specifically introduce the functions of each program module in the embodiment of the present invention:

第一获取模块701,用于获取客户端发送至服务器的第一命令,所述第一命令用于所述客户端向所述服务器发出连接请求。The first obtaining module 701 is configured to obtain a first command sent by the client to the server, where the first command is used by the client to send a connection request to the server.

示例性的,以简单邮件传输协议(Simple Mail Transfer Protocol,SMTP)为例,在单向流量的情况下,所述第一获取模块701先获取客户端发送至服务器的第一命令,所述第一命令用于所述客户端向所述服务器发出连接请求。所述单向流量是指只有客户端的请求流量,因为只有请求流量中有登录请求命令。Exemplarily, taking Simple Mail Transfer Protocol (SMTP) as an example, in the case of one-way traffic, the first obtaining module 701 first obtains the first command sent by the client to the server, and the first command is sent to the server by the first obtaining module 701. A command is used for the client to send a connection request to the server. The one-way traffic refers to only the client's request traffic, because only the request traffic has a login request command.

在示例性的实施例中,所述第一获取模块701具体包括用于:In an exemplary embodiment, the first obtaining module 701 specifically includes:

将所述程序状态初始化为所述未登录状态。The program state is initialized to the unlogged state.

示例性的,所述第一获取模块701在获取客户端发送至服务器的第一命令之前,将所述程序状态初始化为未登录状态。Exemplarily, before the first obtaining module 701 obtains the first command sent by the client to the server, the program state is initialized to an unlogged state.

第一判断模块702,用于将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态,其中,所述程序状态用于表征所述客户端登录至所述服务器的登录结果,包括登录中状态及登录成功状态。The first judging module 702 is configured to match the first command with the command in the login command in the preset login command set, and determine whether to update the program status to the login status according to the matching result, wherein the program status It is used to characterize the login result of the client logging in to the server, including the login status and the login success status.

示例性的,以SMTP为例,假设所述未登录对应的命令集为{EHLO},所述登录中的预设的登录中命令集为{AUTH LOGIN},所述登录成功对应的预设的登录成功命令集为{MAILFROM,RCPT TO,DATA},所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。Exemplarily, taking SMTP as an example, it is assumed that the command set corresponding to the non-login is {EHLO}, the preset command set in the login is {AUTH LOGIN}, and the preset corresponding to the successful login is {EHLO}. The login success command set is {MAILFROM, RCPT TO, DATA}, the preset login failure command set corresponding to the login failure is {QUIT}, and the first command and the login command in the preset login command set are combined. Carry out matching, and judge whether to update the program status to the logging-in status according to the matching result.

在邮局协议的第3个版本(Post Office Protocol 3,POP3)中,假设所述未登录对应的未登录命令集为{CAPA},所述登录中的预设的登录中命令集为{USER,PASS},所述登录成功对应的预设的登录成功命令集为{RETR,LIST,UIDL,STAT},所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the third version of the Post Office Protocol (Post Office Protocol 3, POP3), it is assumed that the non-login command set corresponding to the non-login is {CAPA}, and the preset in-login command set in the login is {USER, PASS}, the preset login success command set corresponding to the login success is {RETR, LIST, UIDL, STAT}, and the preset login failure command set corresponding to the login failure is {QUIT}. The command is matched with the login command in the preset login command set, and whether to update the program state to the login state is determined according to the matching result.

在因特网消息访问协议(Internet Message Access Protocol,IMAP)中,假设所述登录中的预设的登录中命令集为{LOGIN},在未获取到预设的登录中命令集中的登录中命令之前都视为未登录状态,所述登录成功对应的预设的登录成功命令集为{UID fetch1452420187(UID RFC822.SIZE BODY[])},所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the Internet Message Access Protocol (IMAP), it is assumed that the preset log-in command set in the log-in is {LOGIN}, before the preset log-in command set in the log-in command set is obtained It is regarded as not logged in, the preset login success command set corresponding to the login success is {UID fetch1452420187(UID RFC822.SIZE BODY[])}, and the preset login failure command set corresponding to the login failure is {QUIT }, the first command is matched with the command under login in the preset log under command set, and whether to update the program state to the under login state is determined according to the matching result.

在远程终端协议TELNET中,假设所述登录中的预设的登录中命令集为{LOGIN,USERNAME,PASSWARD},在未获取到预设的登录中命令集中的登录中命令之前都视为未登录状态,所述登录失败对应的预设的登录失败命令集为{EXIT},将所述第一命令与预设的登录中命令集中的命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the remote terminal protocol TELNET, it is assumed that the preset login command set in the login is {LOGIN, USERNAME, PASSWARD}, and it is regarded as not logged in until the preset login command set in the login command set is not obtained. state, the preset login failure command set corresponding to the login failure is {EXIT}, the first command is matched with the command in the preset login command set, and according to the matching result, it is judged whether to update the program state to Login status.

在文件传输协议(File Transfer Protocol,FTP)中,假设所述登录中的预设的登录中命令集为{USER,PASS},在未获取到预设的登录中命令集中的登录中命令之前都视为未登录状态,所述登录失败对应的预设的登录失败命令集为{QUIT},将所述第一命令与预设的登录中命令集中的登录中命令进行匹配,并根据匹配结果判断是否将程序状态更新为登录中状态。In the file transfer protocol (File Transfer Protocol, FTP), it is assumed that the preset in-login command set in the login is {USER, PASS}, before the preset in-login command set in the in-login command set is obtained It is regarded as not logged in, the preset login failure command set corresponding to the login failure is {QUIT}, the first command is matched with the login command in the preset login command set, and judged according to the matching result Whether to update the program status to logging in status.

在示例性的实施例中,所述第一判断模块702具体用于:In an exemplary embodiment, the first judgment module 702 is specifically configured to:

当匹配成功时,将所述程序状态更新为所述登录中状态;When the matching is successful, update the program status to the logging-in status;

当匹配失败时,保持所述程序状态不变。When a match fails, the program state is kept unchanged.

示例性的,以SMTP为例,假设此时获取的第一命令为“AUTH LOGIN”,所述第一命令属于所述预设的登录中命令集中的登录中命令,将所述程序状态更新为登录中状态,当所述程序状态更新为登录中状态时,获取所述客户端发送至所述服务器的第二命令。Exemplarily, taking SMTP as an example, it is assumed that the first command obtained at this time is "AUTH LOGIN", and the first command belongs to the commands in the login command in the preset login command set, and the program status is updated as: Logging-in state, when the program state is updated to the logging-in state, obtain the second command sent by the client to the server.

示例性的,以SMTP为例,假设此时获取的第一命令为“EHLO”,将“EHLO”与所述预设的登录中命令集{AUTH LOGIN}中的登录中命令进行匹配,当匹配成功时,将所述程序状态更新为登录中状态。当所述第一命令不属于所述预设的登录中命令集时,判断为匹配失败,保持所述程序状态不变。Exemplarily, taking SMTP as an example, it is assumed that the first command obtained at this time is "EHLO", and "EHLO" is matched with the login command in the preset login command set {AUTH LOGIN}. On success, the program state is updated to the logging in state. When the first command does not belong to the preset logging-in command set, it is determined that the matching fails, and the program state is kept unchanged.

第二获取模块703,用于当所述程序状态更新为所述登录中状态时,获取所述客户端发送至所述服务器的第二命令,其中,所述第二命令用于所述客户端向所述服务器发出连接请求或数据请求。A second obtaining module 703, configured to obtain a second command sent by the client to the server when the program state is updated to the logging-in state, where the second command is used by the client A connection request or data request is made to the server.

在示例性的实施例中,所述第二获取模块703具体还用于:In an exemplary embodiment, the second obtaining module 703 is further configured to:

当所述程序状态更新为所述登录中状态时,检测所述客户端是否将用户名及密码发送至所述服务器;When the program state is updated to the logging-in state, detecting whether the client sends the user name and password to the server;

当检测到所述客户端将所述用户名及所述密码发送至所述服务器时,获取所述第二命令。The second command is acquired when it is detected that the client sends the user name and the password to the server.

示例性的,当所述程序状态更新为登录中状态后,记录用户输入的用户名假设为“username”及密码假设为“password”,并当客户端将用户输入的用户名及密码发送至服务器后,若所述客户端发送至所述服务器的第二命令为“AUTH LOGIN”,则获取所述客户端发送至所述服务器的所述第二命令“AUTH LOGIN”。Exemplarily, after the program status is updated to the logging-in status, record the username entered by the user as "username" and the password as "password", and when the client sends the username and password entered by the user to the server Then, if the second command sent by the client to the server is "AUTH LOGIN", obtain the second command "AUTH LOGIN" sent by the client to the server.

第二判断模块704,用于判断所述第一命令与所述第二命令是否一致。The second judging module 704 is configured to judge whether the first command is consistent with the second command.

具体地,所述第二判断模块704将所述第一命令与所述第二命令进行比较,判断所述第一命令与所述第二命令是否一致,以判断是否对所述程序状态进行更新。Specifically, the second judging module 704 compares the first command with the second command, and judges whether the first command and the second command are consistent, so as to judge whether to update the program state .

匹配模块705,用于当所述第一命令与所述第二命令不一致时,将所述第二命令与预设的登录成功命令集中的登录成功命令进行匹配。The matching module 705 is configured to match the second command with the login success command in the preset login success command set when the first command is inconsistent with the second command.

示例性的,假设获取的第一命令为“AUTH LOGIN”且当所述程序状态更新为登录中状态后,获取的第二命令假设为“MAIL FROM”,将所述第二命令“MAIL FROM”与所述预设的登录成功命令集中的登录成功命令进行匹配,并根据匹配结果对所述程序状态进行更新,以确定所述目标登录结果。Exemplarily, it is assumed that the acquired first command is "AUTH LOGIN" and after the program status is updated to the logging-in status, the acquired second command is assumed to be "MAIL FROM", and the second command "MAIL FROM" It is matched with the login success command in the preset login success command set, and the program state is updated according to the matching result to determine the target login result.

更新模块706,用于当匹配成功时,判断登录成功,并将所述程序状态更新为所述登录成功状态。The updating module 706 is configured to judge that the login is successful when the matching is successful, and update the program state to the login successful state.

示例性的,当所述第二命令为“MAIL FROM”时,将所述第二命令“MAIL FROM”与所述预设的登录成功命令集{MAIL FROM,RCPT TO,DATA}中的命令进行匹配,匹配出所述第二命令“MAIL FROM”属于所述预设的登录成功命令集{MAIL FROM,RCPT TO,DATA},将所述程序状态更新为登录成功状态。需要说明的是,本发明还支持FTP、SMTP、TELNET、POP3、IMAP以及REDIS等多种协议。Exemplarily, when the second command is "MAIL FROM", perform the second command "MAIL FROM" with the commands in the preset login successful command set {MAIL FROM, RCPT TO, DATA}. Matching, it is found that the second command "MAIL FROM" belongs to the preset login successful command set {MAIL FROM, RCPT TO, DATA}, and the program state is updated to the login successful state. It should be noted that the present invention also supports multiple protocols such as FTP, SMTP, TELNET, POP3, IMAP, and REDIS.

在示例性的实施例中,所述登录结果检测系统700还包括:In an exemplary embodiment, the login result detection system 700 further includes:

当所述程序状态更新为所述登录中状态,且未检测到所述客户端将所述用户名及所述密码发送至所述服务器时,不获取所述第二命令。When the program state is updated to the logging-in state, and it is not detected that the client sends the user name and the password to the server, the second command is not obtained.

具体地,当所述程序状态更新为所述登录中状态时,检测所述客户端是否将所述用户名及所述密码发送至所述服务器,当未检测到所述客户端将所述用户名及所述密码发送至所述服务器时,不获取所述第二命令。Specifically, when the program status is updated to the logging-in status, it is detected whether the client sends the user name and the password to the server, and when it is not detected that the client sends the user When the name and the password are sent to the server, the second command is not obtained.

在示例性的实施例中,所述登录结果检测系统700还包括:In an exemplary embodiment, the login result detection system 700 further includes:

当所述第一命令与所述第二命令一致时,将所述程序状态更新为所述登录失败状态;和/或,When the first command is consistent with the second command, update the program status to the login failure status; and/or,

在获取所述第二命令前,所述方法还包括:Before acquiring the second command, the method further includes:

当接收到第三命令时,将所述程序状态更新为所述登录失败状态,所述第三命令用于所述服务器指令所述客户端退出连接。When a third command is received, the program state is updated to the login failure state, and the third command is used by the server to instruct the client to exit the connection.

示例性的,当所述第二命令为“AUTH LOGIN”时,判断登录失败,将所述程序状态更新为登录失败状态。Exemplarily, when the second command is "AUTH LOGIN", it is judged that the login fails, and the program state is updated to a login failure state.

示例性的,在获取所述第二命令为“AUTH LOGIN”之前,接收到第三命令假设为“QUIT”时,将所述程序状态更新为所述登录失败状态。Exemplarily, before acquiring the second command as "AUTH LOGIN", when the third command is received and assumed to be "QUIT", the program status is updated to the login failure status.

在示例性的实施例中,所述登录结果检测系统700还包括:In an exemplary embodiment, the login result detection system 700 further includes:

当匹配失败时,判断登录失败,并将所述程序状态更新为所述登录失败状态。When the matching fails, it is judged that the login fails, and the program state is updated to the login failure state.

示例性的,当所述第二命令为“QUIT”时,由于所述登录成功命令集{MAIL FROM,RCPT TO,DATA}中未匹配到与所述第二命令相同的命令,则将所述程序状态更新为登录失败状态。Exemplarily, when the second command is "QUIT", since the login successful command set {MAIL FROM, RCPT TO, DATA} does not match the same command as the second command, the The program status is updated to the login failed status.

本发明提供的登录结果检测系统700通过获取客户端向服务器发送的命令,且结合程序状态对应的命令集中的命令以及命令上下文,使得在单向流量的情况下,即使没有服务器的返回结果,也能实现对登录结果的精确判断。The login result detection system 700 provided by the present invention obtains the command sent by the client to the server, and combines the command and the command context in the command set corresponding to the program state, so that in the case of one-way traffic, even if there is no return result from the server, the Accurate judgment of the login result can be realized.

在网络探针领域,本发明提供的登录结果检测系统700所得到的登录结果,可以为暴力破解的发现提供准确的数据源,用于判断是否存在暴力破解攻击行为。例如:当检测到客户端日志中存在的登录失败的结果数量超出预设值时,视为暴力破解攻击行为。另,本发明提供的登录结果检测方法所得到的登录结果,还可以用于判断用户的用户名及密码是否为弱口令,例如:当客户端日志中判断为登录成功的登录结果对应的用户名及密码能被暴力破解得到时,视为弱口令。因此,通过本发明提供的登录结果检测方法,极大地提高了网络探针对弱口令和暴力破解攻击的发现效率,极大地增强了邮件协议的登录还原能力。In the field of network probes, the login result obtained by the login result detection system 700 provided by the present invention can provide an accurate data source for the discovery of brute force cracking, and can be used to determine whether there is a brute force cracking attack behavior. For example, when it is detected that the number of login failure results in the client log exceeds the preset value, it is regarded as a brute force attack. In addition, the login result obtained by the login result detection method provided by the present invention can also be used to determine whether the user name and password of the user are weak passwords. When the password can be cracked by brute force, it is regarded as a weak password. Therefore, the detection method of the login result provided by the present invention greatly improves the discovery efficiency of the network probe against weak passwords and brute force cracking attacks, and greatly enhances the login restoration capability of the mail protocol.

实施例三Embodiment 3

参阅图5,本发明实施例还提供一种计算机设备800的硬件架构示意图。如可以执行程序的智能手机、平板电脑、笔记本电脑、台式计算机、机架式服务器、刀片式服务器、塔式服务器或机柜式服务器(包括独立的服务器,或者多个服务器所组成的服务器集群)等。在本发明实施例中,所述计算机设备800是一种能够按照事先设定或者存储的指令,自动进行数值计算和/或信息处理的设备。如图所示,所述计算机设备800至少包括,但不限于,可通过装置总线相互通信连接存储器801、处理器802、网络接口803。其中:Referring to FIG. 5 , an embodiment of the present invention further provides a schematic diagram of a hardware architecture of a computer device 800 . Such as smart phones, tablet computers, notebook computers, desktop computers, rack servers, blade servers, tower servers or rack servers (including independent servers, or server clusters composed of multiple servers) that can execute programs, etc. . In this embodiment of the present invention, the computer device 800 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. As shown in the figure, the computer device 800 at least includes, but is not limited to, a memory 801, a processor 802, and a network interface 803 that can communicate with each other through a device bus. in:

本发明实施例中,存储器801至少包括一种类型的计算机可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些发明实施例中,存储器801可以是计算机设备800的内部存储单元,例如所述计算机设备800的硬盘或内存。在另一些发明实施例中,存储器801也可以是计算机设备800的外部存储设备,例如所述计算机设备800上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(SecureDigital,SD)卡,闪存卡(Flash Card)等。当然,存储器801还可以既包括计算机设备800的内部存储单元也包括其外部存储设备。本发明实施例中,存储器801通常用于存储安装于计算机设备800的操作装置和各类应用软件,例如所述登录结果检测系统700的程序代码等。此外,存储器801还可以用于暂时地存储已经输出或者将要输出的各类数据。In this embodiment of the present invention, the memory 801 includes at least one type of computer-readable storage medium, and the readable storage medium includes a flash memory, a hard disk, a multimedia card, a card-type memory (for example, SD or DX memory, etc.), a random access memory, etc. (RAM), static random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, and the like. In some inventive embodiments, the memory 801 may be an internal storage unit of the computer device 800 , such as a hard disk or a memory of the computer device 800 . In other embodiments of the invention, the memory 801 may also be an external storage device of the computer device 800, for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital) equipped on the computer device 800 , SD) card, flash memory card (Flash Card) and so on. Of course, the memory 801 may also include both the internal storage unit of the computer device 800 and its external storage device. In this embodiment of the present invention, the memory 801 is generally used to store an operating device installed in the computer device 800 and various types of application software, such as program codes of the login result detection system 700 and the like. In addition, the memory 801 can also be used to temporarily store various types of data that have been output or will be output.

处理器802在一些发明实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他语音处理芯片。所述处理器802通常用于控制计算机设备800的总体操作。本发明实施例中,处理器802用于运行存储器801中存储的程序代码或者处理数据,例如运行所述登录结果检测系统700的程序代码,以实现上述各个发明实施例中的所述登录结果检测方法。In some inventive embodiments, the processor 802 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other voice processing chips. The processor 802 is generally used to control the overall operation of the computer device 800 . In this embodiment of the present invention, the processor 802 is configured to run the program code or process data stored in the memory 801, for example, run the program code of the login result detection system 700, so as to realize the login result detection in the above-mentioned various embodiments of the invention method.

所述网络接口803可包括无线网络接口或有线网络接口,所述网络接口803通常用于在所述计算机设备800与其他电子装置之间建立通信连接。例如,所述网络接口803用于通过网络将所述计算机设备800与外部终端相连,在所述计算机设备800与外部终端之间的建立数据传输通道和通信连接等。所述网络可以是企业内部网(Intranet)、互联网(Internet)、全球移动通讯装置(Global System of Mobile communication,GSM)、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)、4G网络、5G网络、蓝牙(Bluetooth)、Wi-Fi等无线或有线网络。The network interface 803 may include a wireless network interface or a wired network interface, and the network interface 803 is generally used to establish a communication connection between the computer device 800 and other electronic devices. For example, the network interface 803 is used to connect the computer device 800 with an external terminal through a network, and establish a data transmission channel and a communication connection between the computer device 800 and the external terminal. The network can be an intranet (Intranet), the Internet (Internet), a Global System of Mobile communication (GSM), a Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network Wireless or wired network such as network, Bluetooth (Bluetooth), Wi-Fi, etc.

需要指出的是,图5仅示出了具有部件801-803的计算机设备800,但是应理解的是,并不要求实施所有示出的部件,可以替代的实施更多或者更少的部件。It should be noted that FIG. 5 only shows the computer device 800 having components 801-803, but it should be understood that implementation of all of the shown components is not required, and that more or less components may be implemented instead.

在本发明实施例中,存储于存储器801中的所述登录结果检测系统700还可以被分割为一个或者多个程序模块,所述一个或者多个程序模块被存储于存储器801中,并由一个或多个处理器(本发明实施例为处理器802)所执行,以完成本发明之登录结果检测方法。In this embodiment of the present invention, the login result detection system 700 stored in the memory 801 may also be divided into one or more program modules, and the one or more program modules are stored in the memory 801 and are composed of one or more program modules. or multiple processors (in the embodiment of the present invention, the processor 802) is executed to complete the login result detection method of the present invention.

实施例四Embodiment 4

本发明实施例还提供一种计算机可读存储介质,如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘、服务器、App应用商城等等,其上存储有计算机程序,程序被处理器执行时实现相应功能。本发明实施例的计算机可读存储介质用于存储所述登录结果检测系统700,以被处理器执行时实现本发明之登录结果检测方法。Embodiments of the present invention also provide a computer-readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Programmable Read Only Memory (PROM), Magnetic Memory, Disk, Optical Disc, Server, App Store, etc., on which computer programs are stored , the program implements the corresponding function when the program is executed by the processor. The computer-readable storage medium of the embodiment of the present invention is used for storing the login result detection system 700, so as to implement the login result detection method of the present invention when executed by a processor.

上述本发明实施例序号仅仅为了描述,不代表发明实施例的优劣。The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages or disadvantages of the embodiments of the present invention.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述发明实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above-mentioned embodiments of the invention can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is more best implementation.

以上仅为本发明的优选发明实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present invention, or directly or indirectly applied to other related technologies Fields are similarly included in the scope of patent protection of the present invention.

Claims (10)

1. A method for detecting login results, the method comprising:
the method comprises the steps of obtaining a first command sent by a client to a server, wherein the first command is used for the client to send a connection request to the server;
matching the first command with a command in login in a preset command set in login, and judging whether a program state is updated to a state in login according to a matching result, wherein the program state is used for representing a login result of the client logging in the server and comprises a state in login and a successful login state;
when the program state is updated to be the in-login state, acquiring a second command sent by the client to the server, wherein the second command is used for the client to send a connection request or a data request to the server;
judging whether the first command is consistent with the second command;
when the first command is inconsistent with the second command, matching the second command with a login success command in a preset login success command set;
and when the matching is successful, judging that the login is successful, and updating the program state into the login successful state.
2. The login result detection method according to claim 1, wherein the program state further includes an unregistered state, and before the obtaining of the first command sent by the client to the server, the method includes:
initializing the program state to the unregistered state.
3. The login result detection method according to claim 1, wherein the determining whether to update the program state to the in-login state according to the matching result comprises:
when the matching is successful, updating the program state into the in-login state;
when the matching fails, the program state is kept unchanged.
4. The login result detection method according to claim 1, wherein the obtaining of the second command sent by the client to the server when the program state update is the logged-in state comprises:
when the program state is updated to be the in-login state, detecting whether the client sends a user name and a password to the server; and
and when the client side is detected to send the user name and the password to the server, acquiring the second command.
5. The login result detection method according to claim 4, wherein the login result detection method further comprises:
and when the program state is updated to be the in-login state and the client is not detected to send the user name and the password to the server, not acquiring the second command.
6. The login result detection method according to claim 1, wherein the program state further includes a login failure state, the login result detection method further comprising:
when the first command is consistent with the second command, updating the program state to the login failure state; and/or the presence of a gas in the gas,
before obtaining the second command, the method further comprises:
and when a third command is received, updating the program state to the login failure state, wherein the third command is used for instructing the client to quit connection by the server.
7. The login result detection method according to claim 6, wherein the login result detection method further comprises:
and when the matching fails, judging that the login fails, and updating the program state into the login failure state.
8. A login result detection system, the system comprising:
the system comprises an acquisition module, a connection module and a processing module, wherein the acquisition module is used for acquiring a first command sent to a server by a client, and the first command is used for sending a connection request to the server by the client;
the first judging module is used for matching the first command with a command in login in a preset command set in login, and judging whether a program state is updated to a state in login according to a matching result, wherein the program state is used for representing a login result of the client logging in the server and comprises a state in login and a successful login state;
a second obtaining module, configured to obtain a second command sent by the client to the server when the program status is updated to the login status, where the second command is used for the client to send a connection request or a data request to the server;
the second judging module is used for judging whether the first command is consistent with the second command;
the matching module is used for matching the second command with a login success command in a preset login success command set when the first command is inconsistent with the second command;
and the updating module is used for judging that the login is successful when the matching is successful, and updating the program state into the login successful state.
9. A computer device, the computer device comprising: memory, processor and computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the login result detection method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the login result detection method according to one of claims 1 to 7.
CN202110309625.6A 2021-03-23 2021-03-23 Login result detection method and system Active CN115114617B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110309625.6A CN115114617B (en) 2021-03-23 2021-03-23 Login result detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110309625.6A CN115114617B (en) 2021-03-23 2021-03-23 Login result detection method and system

Publications (2)

Publication Number Publication Date
CN115114617A true CN115114617A (en) 2022-09-27
CN115114617B CN115114617B (en) 2024-09-27

Family

ID=83323372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110309625.6A Active CN115114617B (en) 2021-03-23 2021-03-23 Login result detection method and system

Country Status (1)

Country Link
CN (1) CN115114617B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07168789A (en) * 1993-12-14 1995-07-04 Chugoku Nippon Denki Software Kk Sending system for event message
JP2006092562A (en) * 2005-10-07 2006-04-06 Hitachi Ltd Storage system and storage system access method
WO2014015707A1 (en) * 2012-07-27 2014-01-30 Tencent Technology (Shenzhen) Company Limited Online user account login method and server system implementing the method
CN103701805A (en) * 2013-12-26 2014-04-02 山石网科通信技术有限公司 Method and device for detecting weak password in network
US20140331093A1 (en) * 2013-05-03 2014-11-06 Riverbed Technology, Inc. Automatic prompt detection for universal device support
CN105554098A (en) * 2015-12-14 2016-05-04 瑞斯康达科技发展股份有限公司 Device configuration method, server and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07168789A (en) * 1993-12-14 1995-07-04 Chugoku Nippon Denki Software Kk Sending system for event message
JP2006092562A (en) * 2005-10-07 2006-04-06 Hitachi Ltd Storage system and storage system access method
WO2014015707A1 (en) * 2012-07-27 2014-01-30 Tencent Technology (Shenzhen) Company Limited Online user account login method and server system implementing the method
US20140331093A1 (en) * 2013-05-03 2014-11-06 Riverbed Technology, Inc. Automatic prompt detection for universal device support
CN103701805A (en) * 2013-12-26 2014-04-02 山石网科通信技术有限公司 Method and device for detecting weak password in network
CN105554098A (en) * 2015-12-14 2016-05-04 瑞斯康达科技发展股份有限公司 Device configuration method, server and system

Also Published As

Publication number Publication date
CN115114617B (en) 2024-09-27

Similar Documents

Publication Publication Date Title
CN109639724B (en) Password retrieving method, password retrieving device, computer device and storage medium
WO2016165536A1 (en) Identity verification method and device
WO2021174870A1 (en) Network security risk inspection method and system, computer device, and storage medium
WO2020181841A1 (en) Method for automatically testing horizontal over-permission vulnerabilities and related device
EP1785903A1 (en) Information processing device and process control method
CN105162802A (en) Portal authentication method and Portal authentication server
CN114499974A (en) Device detection method, device, computer device and storage medium
US8416754B2 (en) Network location based processing of data communication connection requests
CN112398786B (en) Penetration attack identification method and device, system, storage medium, electronic device
WO2017054307A1 (en) Recognition method and apparatus for user information
CN106507300A (en) A kind of method for giving loss terminal for change, device and terminal
CN108494749B (en) Method, device and equipment for disabling IP address and computer readable storage medium
CN106230702A (en) Identity information verification method, Apparatus and system
CN112822023B (en) Communication information transmission method, information access method, device and storage medium
CN110175111A (en) Automated testing method, device, computer equipment and storage medium
CN115114617A (en) Login result detection method and system
CN108833568B (en) Message synchronization method, client, server and electronic equipment
CN108307414A (en) Wi-Fi connection abnormity processing method and device of application program, terminal and storage medium
TWI661332B (en) Method for remotely authorizing a user to log on a computer system
CN113378180A (en) Vulnerability detection method and device, computer equipment and readable storage medium
CN110048864B (en) Method and apparatus for authenticating administrators of device-specific message groups
CN114419664A (en) Data processing method and device
CN107105046B (en) Method and system for remote access to big data
CN111950040A (en) Environment sensing method and device of terminal equipment, computer equipment and storage medium
CN113127869B (en) Identification environment tracking method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant after: QAX Technology Group Inc.

Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd.

Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant before: QAX Technology Group Inc.

Country or region before: China

Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载