+ 2

Prevention of DoS attack - Python Socket Networking

Hi, I built a client-server project and I'd like to make a system to detect a DoS attack. I thought of making a thread that every 10 seconds it gets a list of all the requests that the server got, and then if the list contains more than 5 requests from the same user/ip - it's a DoS attack. (After the check, clear the list again and let it fill up for 10 more seconds) 1. Is it a good solution? 2. If so, how can I implement it easily into python code using the threading module... ?

4th Aug 2021, 10:41 AM
Yahel
Yahel - avatar
6 odpowiedzi
+ 1
Jazz I understand... so my detection is necessary BUT if it detects an attacker it should block his IP within the Firewall and not inside the server... Am I right?
5th Aug 2021, 8:36 AM
Yahel
Yahel - avatar
+ 1
Jazz thanks :)
5th Aug 2021, 8:54 AM
Yahel
Yahel - avatar
0
example (let me know if its fine, and if its even good to make that list 'global'): import threading import time l = [('1', '1.1.1.1'), ('1', '1.1.1.1'), ('2', '2.2.2.2')] # list of (id, ip) or users who requested the server def ban_user(id, ip): print(f'Banned {id}, {ip}!') def func(): global l while True: # always keeps checking for attacks time.sleep(10) # waits 10 seconds till next check for i in l: # iterate over every request in the requests list of the last 10 seconds if l.count(i) >= 5: # if a user requested and flooded the server with more than 5 requests in the last 10 seconds - its an attack print('DoS!') ban_user(i[0], i[1]) l.clear() # clears the list, so new requests can fill up for the next 10 seconds t = threading.Thread(target=func, daemon=True) t.start() time.sleep(11) # just to make the program more visual l = [('1', '1.1.1.1'), ('2', '2.2.2.2'), ('2', '2.2.2.2')] # list of the next 10 seconds (after the previous one was cleared) time.sleep(11) # just to make the program more visual
4th Aug 2021, 12:42 PM
Yahel
Yahel - avatar