+ 2
Prevention of DoS attack - Python Socket Networking
Hi, I built a client-server project and I'd like to make a system to detect a DoS attack. I thought of making a thread that every 10 seconds it gets a list of all the requests that the server got, and then if the list contains more than 5 requests from the same user/ip - it's a DoS attack. (After the check, clear the list again and let it fill up for 10 more seconds) 1. Is it a good solution? 2. If so, how can I implement it easily into python code using the threading module... ?
6 odpowiedzi
+ 1
Jazz I understand... so my detection is necessary BUT if it detects an attacker it should block his IP within the Firewall and not inside the server...
Am I right?
+ 1
Jazz thanks :)
0
example (let me know if its fine, and if its even good to make that list 'global'):
import threading
import time
l = [('1', '1.1.1.1'), ('1', '1.1.1.1'), ('2', '2.2.2.2')] # list of (id, ip) or users who requested the server
def ban_user(id, ip):
print(f'Banned {id}, {ip}!')
def func():
global l
while True: # always keeps checking for attacks
time.sleep(10) # waits 10 seconds till next check
for i in l: # iterate over every request in the requests list of the last 10 seconds
if l.count(i) >= 5: # if a user requested and flooded the server with more than 5 requests in the last 10 seconds - its an attack
print('DoS!')
ban_user(i[0], i[1])
l.clear() # clears the list, so new requests can fill up for the next 10 seconds
t = threading.Thread(target=func, daemon=True)
t.start()
time.sleep(11) # just to make the program more visual
l = [('1', '1.1.1.1'), ('2', '2.2.2.2'), ('2', '2.2.2.2')] # list of the next 10 seconds (after the previous one was cleared)
time.sleep(11) # just to make the program more visual