From e3415eaf07302e2a5c34f03d7c24c82f54bd1dad Mon Sep 17 00:00:00 2001 From: HuangXin Date: Mon, 10 Aug 2020 18:02:17 +0800 Subject: [PATCH] =?UTF-8?q?OCT=20REM:=201.=20=E5=A2=9E=E5=8A=A0=E9=9B=86?= =?UTF-8?q?=E4=B8=AD=E6=8A=97D=2043=E7=A7=8D=E6=94=BB=E5=87=BB=E7=B1=BB?= =?UTF-8?q?=E5=9E=8B=E5=AE=9A=E4=B9=89=202.=20=E5=A2=9E=E5=8A=A0=E9=9B=86?= =?UTF-8?q?=E4=B8=AD=E6=8A=97D=E6=94=BB=E5=87=BB=E7=B1=BB=E5=9E=8B?= =?UTF-8?q?=E4=B8=8E=E8=BF=AA=E6=99=AE=E6=94=BB=E5=87=BB=E7=B1=BB=E5=9E=8B?= =?UTF-8?q?=E8=BD=AC=E6=8D=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ability/impl/DpTechAbilityImpl.java | 9 +- .../com/dispose/common/DDoSAttackType.java | 171 +++++++++++++++--- .../com/dispose/common/DpTechAttackType.java | 105 ++++++++++- 3 files changed, 246 insertions(+), 39 deletions(-) diff --git a/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java b/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java index e7f77431..42e00f13 100644 --- a/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java +++ b/src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java @@ -1,7 +1,6 @@ package com.dispose.ability.impl; import com.dispose.ability.DisposeAbility; -import com.dispose.common.CommonEnumHandler; import com.dispose.common.DDoSAttackType; import com.dispose.common.DisposeCapacityType; import com.dispose.common.DpTechAttackType; @@ -113,8 +112,8 @@ public class DpTechAbilityImpl implements DisposeAbility { // 查找需要处理的攻击类型集合 List typeList = Arrays.stream(DDoSAttackType.values()) .filter(t -> attackType == null || attackType.length == 0 || Arrays.asList(attackType).contains(t)) - .map(t -> CommonEnumHandler.codeOf(DpTechAttackType.class, - DpTechAttackType.fromDdosAttackTypeValue(t))) + .flatMap(DpTechAttackType::fromDdosAttackTypeValue) + .distinct() .collect(Collectors.toList()); dirList.forEach(d -> typeList.forEach(t -> CompletableFuture.supplyAsync(() -> @@ -168,8 +167,8 @@ public class DpTechAbilityImpl implements DisposeAbility { // 查找需要处理的攻击类型集合 List typeList = Arrays.stream(DDoSAttackType.values()) .filter(t -> attackType == null || attackType.length == 0 || Arrays.asList(attackType).contains(t)) - .map(t -> CommonEnumHandler.codeOf(DpTechAttackType.class, - DpTechAttackType.fromDdosAttackTypeValue(t))) + .flatMap(DpTechAttackType::fromDdosAttackTypeValue) + .distinct() .collect(Collectors.toList()); dirList.forEach(d -> typeList.forEach(t -> CompletableFuture.supplyAsync(() -> diff --git a/src/main/java/com/dispose/common/DDoSAttackType.java b/src/main/java/com/dispose/common/DDoSAttackType.java index cec55456..277a2a2b 100644 --- a/src/main/java/com/dispose/common/DDoSAttackType.java +++ b/src/main/java/com/dispose/common/DDoSAttackType.java @@ -7,55 +7,178 @@ package com.dispose.common; */ public enum DDoSAttackType implements BaseEnum { /** - * The Tcp syn flood. + * The Host total traffic. */ - TCP_SYN_FLOOD(0, "TCP SYN Flood"), + HOST_TOTAL_TRAFFIC ( 0, "HOST_TOTAL_TRAFFIC"), /** - * The Udp flood. + * The Rst flood. */ - UDP_FLOOD(1, "UDP Flood"), + RST_FLOOD ( 1, "RST_FLOOD"), /** - * The Icmp flood. + * The Syn flood. */ - ICMP_FLOOD(2, "ICMP Flood"), + SYN_FLOOD ( 2, "SYN_FLOOD"), /** - * The Tcp syn ack flood. + * The Ack flood. */ - TCP_SYN_ACK_FLOOD(3, "TCP SYN-ACK Flood"), + ACK_FLOOD ( 3, "ACK_FLOOD"), /** - * The Tcp fin flood. + * The Tcp null. */ - TCP_FIN_FLOOD(4, "TCP FIN Flood"), + TCP_NULL ( 4, "TCP_NULL"), /** - * The Ip fragment flood. + * The Syn ack amplification. */ - IP_FRAGMENT_FLOOD(5, "IP Fragment Flood"), + SYN_ACK_AMPLIFICATION ( 5, "SYN/ACK_AMPLIFICATION"), /** - * The Tcp ack flood. + * The Tcp misuse. */ - TCP_ACK_FLOOD(6, "TCP ACK Flood"), + TCP_MISUSE ( 6, "TCP_MISUSE"), /** - * The Cc flood. + * The Fin flood. */ - CC_FLOOD(7, "CC Flood"), + FIN_FLOOD ( 7, "FIN_FLOOD"), + /** + * The Tcp fragment. + */ + TCP_FRAGMENT ( 8, "TCP_FRAGMENT"), /** * The Http flood. */ - HTTP_FLOOD(8, "HTTP Flood"), + HTTP_FLOOD ( 9, "HTTP_FLOOD"), /** - * The Dns query flood. + * The Https flood. */ - DNS_QUERY_FLOOD(9, "DNS Query Flood"), + HTTPS_FLOOD ( 10, "HTTPS_FLOOD"), /** - * The Dns reply flood. + * The Win nuke. */ - DNS_REPLY_FLOOD(10, "DNS Reply Flood"), + WIN_NUKE ( 11, "WIN_NUKE"), /** - * The Host total traffic. + * The Sip flood. */ - HOST_TOTAL_TRAFFIC(11, "Host Total Traffic"); + SIP_FLOOD ( 12, "SIP_FLOOD"), + /** + * The Dns flood. + */ + DNS_FLOOD ( 13, "DNS_FLOOD"), + /** + * The Udp fragment. + */ + UDP_FRAGMENT ( 14, "UDP_FRAGMENT"), + /** + * The Charged amplification. + */ + CHARGED_AMPLIFICATION ( 15, "CHARGED_AMPLIFICATION"), + /** + * The L 2 tp amplification. + */ + L2TP_AMPLIFICATION ( 16, "L2TP_AMPLIFICATION"), + /** + * The Mdns amplification. + */ + MDNS_AMPLIFICATION ( 17, "MDNS_AMPLIFICATION"), + /** + * The Ms sql rs amplification. + */ + MS_SQL_RS_AMPLIFICATION ( 18, "MS_SQL_RS_AMPLIFICATION"), + /** + * The Net bios amplification. + */ + NET_BIOS_AMPLIFICATION ( 19, "NET_BIOS_AMPLIFICATION"), + /** + * The Ntp amplification. + */ + NTP_AMPLIFICATION ( 20, "NTP_AMPLIFICATION"), + /** + * The Ripv 1 amplification. + */ + RIPV1_AMPLIFICATION ( 21, "RIPV1_AMPLIFICATION"), + /** + * The Rpcbind amplification. + */ + RPCBIND_AMPLIFICATION ( 22, "RPCBIND_AMPLIFICATION"), + /** + * The Snmp amplification. + */ + SNMP_AMPLIFICATION ( 23, "SNMP_AMPLIFICATION"), + /** + * The Ssdp amplification. + */ + SSDP_AMPLIFICATION ( 24, "SSDP_AMPLIFICATION"), + /** + * The Dns amplification. + */ + DNS_AMPLIFICATION ( 25, "DNS_AMPLIFICATION"), + /** + * The Qotd amplification. + */ + QOTD_AMPLIFICATION ( 26, "QOTD_AMPLIFICATION"), + /** + * The Quake 3 amplification. + */ + QUAKE3_AMPLIFICATION ( 27, "QUAKE3_AMPLIFICATION"), + /** + * The Steam amplification. + */ + STEAM_AMPLIFICATION ( 28, "STEAM_AMPLIFICATION"), + /** + * The Cldap amplification. + */ + CLDAP_AMPLIFICATION ( 29, "CLDAP_AMPLIFICATION"), + /** + * The Memcache amplification. + */ + MEMCACHE_AMPLIFICATION ( 30, "MEMCACHE_AMPLIFICATION"), + /** + * The Tftp amplification. + */ + TFTP_AMPLIFICATION ( 31, "TFTP_AMPLIFICATION"), + /** + * The Portmapper amplification. + */ + PORTMAPPER_AMPLIFICATION ( 32, "PORTMAPPER_AMPLIFICATION"), + /** + * The Sentinel amplification. + */ + SENTINEL_AMPLIFICATION ( 33, "SENTINEL_AMPLIFICATION"), + /** + * The Fraggle. + */ + FRAGGLE_FLOOD ( 34, "FRAGGLE_FLOOD"), + /** + * The Udp flood. + */ + UDP_FLOOD ( 35, "UDP_FLOOD"), + /** + * The Smurf. + */ + SMURF ( 36, "SMURF"), + /** + * The Icmp fragment. + */ + ICMP_FRAGMENT ( 37, "ICMP_FRAGMENT"), + /** + * The Icmp flood. + */ + ICMP_FLOOD ( 38, "ICMP_FLOOD"), + /** + * The Ipv 4 protocol 0. + */ + IPV4_PROTOCOL0 ( 39, "IPV4_PROTOCOL0"), + /** + * The Ip private. + */ + IP_PRIVATE ( 40, "IP_PRIVATE"), + /** + * The Land flood. + */ + LAND_FLOOD ( 41, "LAND_FLOOD"), + /** + * The Igmp flood. + */ + IGMP_FLOOD ( 42, "IGMP_FLOOD"); - /** * The Code. diff --git a/src/main/java/com/dispose/common/DpTechAttackType.java b/src/main/java/com/dispose/common/DpTechAttackType.java index 6deb31f2..6c1c3794 100644 --- a/src/main/java/com/dispose/common/DpTechAttackType.java +++ b/src/main/java/com/dispose/common/DpTechAttackType.java @@ -1,5 +1,9 @@ package com.dispose.common; +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Stream; + /** * The enum Dp tech attack type. * @@ -75,6 +79,97 @@ public enum DpTechAttackType implements BaseEnum { this.readme = readme; } + /** + * From ddos attack type value stream. + * + * @param type the type + * @return the stream + */ + public static Stream fromDdosAttackTypeValue(DDoSAttackType type) { + List attackList = new ArrayList<>(); + + switch (type) { + case HOST_TOTAL_TRAFFIC: + attackList.add(HOST_TOTAL_TRAFFIC); + break; + + case RST_FLOOD: + case FIN_FLOOD: + case SIP_FLOOD: + attackList.add(TCP_FIN_FLOOD); + break; + + case SYN_FLOOD: + attackList.add(TCP_SYN_FLOOD); + break; + + case ACK_FLOOD: + attackList.add(TCP_ACK_FLOOD); + break; + + case TCP_NULL: + case SYN_ACK_AMPLIFICATION: + case TCP_MISUSE: + attackList.add(TCP_SYN_ACK_FLOOD); + break; + + case TCP_FRAGMENT: + case WIN_NUKE: + case UDP_FRAGMENT: + case ICMP_FRAGMENT: + case IPV4_PROTOCOL0: + case IP_PRIVATE: + case LAND_FLOOD: + attackList.add(IP_FRAGMENT_FLOOD); + break; + + case HTTP_FLOOD: + case HTTPS_FLOOD: + attackList.add(HTTP_FLOOD); + break; + + case DNS_FLOOD: + attackList.add(DNS_REPLY_FLOOD); + attackList.add(DNS_QUERY_FLOOD); + break; + + case CHARGED_AMPLIFICATION: + case L2TP_AMPLIFICATION: + case MDNS_AMPLIFICATION: + case MS_SQL_RS_AMPLIFICATION: + case NET_BIOS_AMPLIFICATION: + case NTP_AMPLIFICATION: + case RIPV1_AMPLIFICATION: + case RPCBIND_AMPLIFICATION: + case SNMP_AMPLIFICATION: + case SSDP_AMPLIFICATION: + case DNS_AMPLIFICATION: + case QOTD_AMPLIFICATION: + case QUAKE3_AMPLIFICATION: + case STEAM_AMPLIFICATION: + case CLDAP_AMPLIFICATION: + case MEMCACHE_AMPLIFICATION: + case TFTP_AMPLIFICATION: + case PORTMAPPER_AMPLIFICATION: + case SENTINEL_AMPLIFICATION: + case FRAGGLE_FLOOD: + case UDP_FLOOD: + case IGMP_FLOOD: + attackList.add(UDP_FLOOD); + break; + + case SMURF: + case ICMP_FLOOD: + attackList.add(ICMP_FLOOD); + break; + + default: + return attackList.stream(); + } + + return attackList.stream(); + } + /** * Gets value. * @@ -85,16 +180,6 @@ public enum DpTechAttackType implements BaseEnum { return this.code; } - /** - * From ddos attack type value integer. - * - * @param type the type - * @return the integer - */ - public static Integer fromDdosAttackTypeValue(DDoSAttackType type) { - return type.getValue(); - } - /** * Gets description. *