比如说我用socket,或者swoole的websocket服务器编写一个游戏服务端,但是客户端可以通过无限发包的方式来攻击我的游戏服务端,导致服务端崩溃,请问目前有什么比较好的方案可以防止这类ddos,cc攻击?(像网上各种cdn都只能防HTTP类型的请求攻击)
听别人说有硬件防火墙,但是如果我用阿里云腾讯云之类的服务器搭建服务端的话就没办法安硬件防火墙啊,有软件可以做类似的防御吗?
(不知道这里的朋友是否玩过英雄联盟或者穿越火线,这些游戏曾经都有各种炸房外挂,原理其实也是向他们的服务端发送大量垃圾数据包,或者超出正常频率发送含有奇怪逻辑的数据包,导致同一个房间内的其他订阅了该游戏服务端某种消息的玩家也会短时间大量收到这些数据包从而让客户端崩溃掉线,可见连腾讯游戏之前都对这类攻击没什么防范措施)
巴扎黑2017-04-18 10:29:00
iptables blocks IP addresses, limits the number of requests accepted per second, etc. . . Or add whitelist and blacklist
迷茫2017-04-18 10:29:00
Yes. Common cloud firewalls, software firewalls, traffic cleaning, etc. all target the HTTP protocol. Firewalls for TCP connections or data filtering are rare in WEB development. But it’s not impossible. For example, the DDOS mentioned in this article is similar to the subject’s question, so the subject’s question should be changed to “How to defend against TCP denial of service attacks”
大家讲道理2017-04-18 10:29:00
It is recommended to control the frequency and verify the legality of the product.
If any abnormal IP is found, it will be blocked directly.
