cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 

REM:
1. 增加集中抗D 43种攻击类型定义
2. 增加集中抗D攻击类型与迪普攻击类型转换
This commit is contained in:
HuangXin 2020-08-10 18:02:17 +08:00
parent 6cbc49ed48
commit e3415eaf07
3 changed files with 246 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/com/dispose/ability/impl/DpTechAbilityImpl.java
View File

@ -1,7 +1,6 @@
package com.dispose.ability.impl; package com.dispose.ability.impl;
import com.dispose.ability.DisposeAbility; import com.dispose.ability.DisposeAbility;
import com.dispose.common.CommonEnumHandler;
import com.dispose.common.DDoSAttackType; import com.dispose.common.DDoSAttackType;
import com.dispose.common.DisposeCapacityType; import com.dispose.common.DisposeCapacityType;
import com.dispose.common.DpTechAttackType; import com.dispose.common.DpTechAttackType;
@ -113,8 +112,8 @@ public class DpTechAbilityImpl implements DisposeAbility {
// 查找需要处理的攻击类型集合 // 查找需要处理的攻击类型集合
List<DpTechAttackType> typeList = Arrays.stream(DDoSAttackType.values()) List<DpTechAttackType> typeList = Arrays.stream(DDoSAttackType.values())
.filter(t -> attackType == null || attackType.length == 0 || Arrays.asList(attackType).contains(t)) .filter(t -> attackType == null || attackType.length == 0 || Arrays.asList(attackType).contains(t))
.map(t -> CommonEnumHandler.codeOf(DpTechAttackType.class, .flatMap(DpTechAttackType::fromDdosAttackTypeValue)
DpTechAttackType.fromDdosAttackTypeValue(t))) .distinct()
.collect(Collectors.toList()); .collect(Collectors.toList());
dirList.forEach(d -> typeList.forEach(t -> CompletableFuture.supplyAsync(() -> dirList.forEach(d -> typeList.forEach(t -> CompletableFuture.supplyAsync(() ->
@ -168,8 +167,8 @@ public class DpTechAbilityImpl implements DisposeAbility {
// 查找需要处理的攻击类型集合 // 查找需要处理的攻击类型集合
List<DpTechAttackType> typeList = Arrays.stream(DDoSAttackType.values()) List<DpTechAttackType> typeList = Arrays.stream(DDoSAttackType.values())
.filter(t -> attackType == null || attackType.length == 0 || Arrays.asList(attackType).contains(t)) .filter(t -> attackType == null || attackType.length == 0 || Arrays.asList(attackType).contains(t))
.map(t -> CommonEnumHandler.codeOf(DpTechAttackType.class, .flatMap(DpTechAttackType::fromDdosAttackTypeValue)
DpTechAttackType.fromDdosAttackTypeValue(t))) .distinct()
.collect(Collectors.toList()); .collect(Collectors.toList());
dirList.forEach(d -> typeList.forEach(t -> CompletableFuture.supplyAsync(() -> dirList.forEach(d -> typeList.forEach(t -> CompletableFuture.supplyAsync(() ->

171
src/main/java/com/dispose/common/DDoSAttackType.java
View File

@ -7,54 +7,177 @@ package com.dispose.common;
*/ */
public enum DDoSAttackType implements BaseEnum { public enum DDoSAttackType implements BaseEnum {
/** /**
* The Tcp syn flood. * The Host total traffic.
*/ */
TCP_SYN_FLOOD(0, "TCP SYN Flood"), HOST_TOTAL_TRAFFIC ( 0, "HOST_TOTAL_TRAFFIC"),
/** /**
* The Udp flood. * The Rst flood.
*/ */
UDP_FLOOD(1, "UDP Flood"), RST_FLOOD ( 1, "RST_FLOOD"),
/** /**
* The Icmp flood. * The Syn flood.
*/ */
ICMP_FLOOD(2, "ICMP Flood"), SYN_FLOOD ( 2, "SYN_FLOOD"),
/** /**
* The Tcp syn ack flood. * The Ack flood.
*/ */
TCP_SYN_ACK_FLOOD(3, "TCP SYN-ACK Flood"), ACK_FLOOD ( 3, "ACK_FLOOD"),
/** /**
* The Tcp fin flood. * The Tcp null.
*/ */
TCP_FIN_FLOOD(4, "TCP FIN Flood"), TCP_NULL ( 4, "TCP_NULL"),
/** /**
* The Ip fragment flood. * The Syn ack amplification.
*/ */
IP_FRAGMENT_FLOOD(5, "IP Fragment Flood"), SYN_ACK_AMPLIFICATION ( 5, "SYN/ACK_AMPLIFICATION"),
/** /**
* The Tcp ack flood. * The Tcp misuse.
*/ */
TCP_ACK_FLOOD(6, "TCP ACK Flood"), TCP_MISUSE ( 6, "TCP_MISUSE"),
/** /**
* The Cc flood. * The Fin flood.
*/ */
CC_FLOOD(7, "CC Flood"), FIN_FLOOD ( 7, "FIN_FLOOD"),
/**
* The Tcp fragment.
*/
TCP_FRAGMENT ( 8, "TCP_FRAGMENT"),
/** /**
* The Http flood. * The Http flood.
*/ */
HTTP_FLOOD(8, "HTTP Flood"), HTTP_FLOOD ( 9, "HTTP_FLOOD"),
/** /**
* The Dns query flood. * The Https flood.
*/ */
DNS_QUERY_FLOOD(9, "DNS Query Flood"), HTTPS_FLOOD ( 10, "HTTPS_FLOOD"),
/** /**
* The Dns reply flood. * The Win nuke.
*/ */
DNS_REPLY_FLOOD(10, "DNS Reply Flood"), WIN_NUKE ( 11, "WIN_NUKE"),
/** /**
* The Host total traffic. * The Sip flood.
*/ */
HOST_TOTAL_TRAFFIC(11, "Host Total Traffic"); SIP_FLOOD ( 12, "SIP_FLOOD"),
/**
* The Dns flood.
*/
DNS_FLOOD ( 13, "DNS_FLOOD"),
/**
* The Udp fragment.
*/
UDP_FRAGMENT ( 14, "UDP_FRAGMENT"),
/**
* The Charged amplification.
*/
CHARGED_AMPLIFICATION ( 15, "CHARGED_AMPLIFICATION"),
/**
* The L 2 tp amplification.
*/
L2TP_AMPLIFICATION ( 16, "L2TP_AMPLIFICATION"),
/**
* The Mdns amplification.
*/
MDNS_AMPLIFICATION ( 17, "MDNS_AMPLIFICATION"),
/**
* The Ms sql rs amplification.
*/
MS_SQL_RS_AMPLIFICATION ( 18, "MS_SQL_RS_AMPLIFICATION"),
/**
* The Net bios amplification.
*/
NET_BIOS_AMPLIFICATION ( 19, "NET_BIOS_AMPLIFICATION"),
/**
* The Ntp amplification.
*/
NTP_AMPLIFICATION ( 20, "NTP_AMPLIFICATION"),
/**
* The Ripv 1 amplification.
*/
RIPV1_AMPLIFICATION ( 21, "RIPV1_AMPLIFICATION"),
/**
* The Rpcbind amplification.
*/
RPCBIND_AMPLIFICATION ( 22, "RPCBIND_AMPLIFICATION"),
/**
* The Snmp amplification.
*/
SNMP_AMPLIFICATION ( 23, "SNMP_AMPLIFICATION"),
/**
* The Ssdp amplification.
*/
SSDP_AMPLIFICATION ( 24, "SSDP_AMPLIFICATION"),
/**
* The Dns amplification.
*/
DNS_AMPLIFICATION ( 25, "DNS_AMPLIFICATION"),
/**
* The Qotd amplification.
*/
QOTD_AMPLIFICATION ( 26, "QOTD_AMPLIFICATION"),
/**
* The Quake 3 amplification.
*/
QUAKE3_AMPLIFICATION ( 27, "QUAKE3_AMPLIFICATION"),
/**
* The Steam amplification.
*/
STEAM_AMPLIFICATION ( 28, "STEAM_AMPLIFICATION"),
/**
* The Cldap amplification.
*/
CLDAP_AMPLIFICATION ( 29, "CLDAP_AMPLIFICATION"),
/**
* The Memcache amplification.
*/
MEMCACHE_AMPLIFICATION ( 30, "MEMCACHE_AMPLIFICATION"),
/**
* The Tftp amplification.
*/
TFTP_AMPLIFICATION ( 31, "TFTP_AMPLIFICATION"),
/**
* The Portmapper amplification.
*/
PORTMAPPER_AMPLIFICATION ( 32, "PORTMAPPER_AMPLIFICATION"),
/**
* The Sentinel amplification.
*/
SENTINEL_AMPLIFICATION ( 33, "SENTINEL_AMPLIFICATION"),
/**
* The Fraggle.
*/
FRAGGLE_FLOOD ( 34, "FRAGGLE_FLOOD"),
/**
* The Udp flood.
*/
UDP_FLOOD ( 35, "UDP_FLOOD"),
/**
* The Smurf.
*/
SMURF ( 36, "SMURF"),
/**
* The Icmp fragment.
*/
ICMP_FRAGMENT ( 37, "ICMP_FRAGMENT"),
/**
* The Icmp flood.
*/
ICMP_FLOOD ( 38, "ICMP_FLOOD"),
/**
* The Ipv 4 protocol 0.
*/
IPV4_PROTOCOL0 ( 39, "IPV4_PROTOCOL0"),
/**
* The Ip private.
*/
IP_PRIVATE ( 40, "IP_PRIVATE"),
/**
* The Land flood.
*/
LAND_FLOOD ( 41, "LAND_FLOOD"),
/**
* The Igmp flood.
*/
IGMP_FLOOD ( 42, "IGMP_FLOOD");
/** /**

105
src/main/java/com/dispose/common/DpTechAttackType.java
View File

@ -1,5 +1,9 @@
package com.dispose.common; package com.dispose.common;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Stream;
/** /**
* The enum Dp tech attack type. * The enum Dp tech attack type.
* *
@ -75,6 +79,97 @@ public enum DpTechAttackType implements BaseEnum {
this.readme = readme; this.readme = readme;
} }
/**
* From ddos attack type value stream.
*
* @param type the type
* @return the stream
*/
public static Stream<DpTechAttackType> fromDdosAttackTypeValue(DDoSAttackType type) {
List<DpTechAttackType> attackList = new ArrayList<>();
switch (type) {
case HOST_TOTAL_TRAFFIC:
attackList.add(HOST_TOTAL_TRAFFIC);
break;
case RST_FLOOD:
case FIN_FLOOD:
case SIP_FLOOD:
attackList.add(TCP_FIN_FLOOD);
break;
case SYN_FLOOD:
attackList.add(TCP_SYN_FLOOD);
break;
case ACK_FLOOD:
attackList.add(TCP_ACK_FLOOD);
break;
case TCP_NULL:
case SYN_ACK_AMPLIFICATION:
case TCP_MISUSE:
attackList.add(TCP_SYN_ACK_FLOOD);
break;
case TCP_FRAGMENT:
case WIN_NUKE:
case UDP_FRAGMENT:
case ICMP_FRAGMENT:
case IPV4_PROTOCOL0:
case IP_PRIVATE:
case LAND_FLOOD:
attackList.add(IP_FRAGMENT_FLOOD);
break;
case HTTP_FLOOD:
case HTTPS_FLOOD:
attackList.add(HTTP_FLOOD);
break;
case DNS_FLOOD:
attackList.add(DNS_REPLY_FLOOD);
attackList.add(DNS_QUERY_FLOOD);
break;
case CHARGED_AMPLIFICATION:
case L2TP_AMPLIFICATION:
case MDNS_AMPLIFICATION:
case MS_SQL_RS_AMPLIFICATION:
case NET_BIOS_AMPLIFICATION:
case NTP_AMPLIFICATION:
case RIPV1_AMPLIFICATION:
case RPCBIND_AMPLIFICATION:
case SNMP_AMPLIFICATION:
case SSDP_AMPLIFICATION:
case DNS_AMPLIFICATION:
case QOTD_AMPLIFICATION:
case QUAKE3_AMPLIFICATION:
case STEAM_AMPLIFICATION:
case CLDAP_AMPLIFICATION:
case MEMCACHE_AMPLIFICATION:
case TFTP_AMPLIFICATION:
case PORTMAPPER_AMPLIFICATION:
case SENTINEL_AMPLIFICATION:
case FRAGGLE_FLOOD:
case UDP_FLOOD:
case IGMP_FLOOD:
attackList.add(UDP_FLOOD);
break;
case SMURF:
case ICMP_FLOOD:
attackList.add(ICMP_FLOOD);
break;
default:
return attackList.stream();
}
return attackList.stream();
}
/** /**
* Gets value. * Gets value.
* *
@ -85,16 +180,6 @@ public enum DpTechAttackType implements BaseEnum {
return this.code; return this.code;
} }
/**
* From ddos attack type value integer.
*
* @param type the type
* @return the integer
*/
public static Integer fromDdosAttackTypeValue(DDoSAttackType type) {
return type.getValue();
}
/** /**
* Gets description. * Gets description.
* *