Question

我如何防止某人泛滥（向TcpServer发送许多请购单）？我相信他们会观察从客户端到服务器的send <->接收，并向服务器发送大量特定的数据包，例如，他们多次发送cmdScreenShotData命令，并在计算机上创建大量文件。

这是我的OnExecute方法：

procedure TForm1.IdTCPServer1Execute(AContext: TIdContext);
type
  PTBytes   = ^TBytes;
  PTIdBytes = ^TIdBytes;
var
  LBuffer     : TIdBytes;
  LProtocol   : TProtocol;
  FTempBuffer : TIdBytes;

  Enviar    : TBytes;
  Protocolo : TProtocol;

  Conexao   : TClientContext;

  procedure AddToMemo(const AStr: string);
  begin
    TThread.Synchronize(nil,
      procedure
      begin
        Memo1.Lines.Add(AStr);
      end
    );
  end;
begin
  Conexao := TClientContext(AContext);

  AContext.Connection.IOHandler.ReadBytes(LBuffer, szProtocol, False);

  LProtocol := BytesToProtocol(PTBytes(@LBuffer)^);

  case LProtocol.Command of
    cmdConnect: begin
      Conexao.Client := LProtocol.Sender;

      if Conexao.Client.HWID = '' then begin
        InitProtocol(Protocolo);
        Protocolo.Command     := cmdHWID;
        Protocolo.Sender.HWID := GeraHWID(40);
        Enviar                := ProtocolToBytes(Protocolo);
        Conexao.Connection.IOHandler.Write(PTIdBytes(@Enviar)^);
        ClearBuffer(Enviar);

        { Seta HWID na conexão }

        Conexao.FClient.HWID := Protocolo.Sender.HWID;

        AddToMemo(Format('[%s] : [%s][%s]', ['Connect', AContext.Connection.Socket.Binding.PeerIP, Protocolo.Sender.HWID]));
      end
      else
      begin
        AddToMemo(Format('[%s] : [%s][%s]', ['Connect', AContext.Connection.Socket.Binding.PeerIP, LProtocol.Sender.HWID]));
      end;
    end;

    cmdDisconnect: begin
      AddToMemo(Format('[%s] : [%s][%s]', ['Disconnect', AContext.Connection.Socket.Binding.PeerIP, Conexao.Client.HWID]));
    end;

    cmdScreenShotData: begin
      AddToMemo(Format('[%s] : [%s][%s]', ['ScreenShotData', AContext.Connection.Socket.Binding.PeerIP, Conexao.Client.HWID]));

      TThread.Synchronize(nil,
        procedure
        var
          LStream : TMemoryStream;
          LPngImage : TPngImage;
        begin
          try
            AContext.Connection.IOHandler.ReadBytes(FTempBuffer, LProtocol.DataSize);

            LStream   := TMemoryStream.Create;
            LPngImage := TPngImage.Create;
            try
              LStream.Write(FTempBuffer[0], Length(FTempBuffer));

              LStream.Position := 0;

              LPngImage.LoadFromStream(LStream);
            finally
              LPngImage.SaveToFile(Format('Screen_%d_%s.png', [GetTickCount, Conexao.Client.HWID]));

              FreeAndNil(LStream);
              FreeAndNil(LPngImage);
              ClearBufferId(FTempBuffer);

              Memo1.Lines.Add('Received screenshot');
              Memo1.Lines.Add(Format('[%s] Pos Screen : [%s][%s]', ['Disconnect', AContext.Connection.Socket.Binding.PeerIP, Conexao.Client.HWID]));
            end;
          except
            FreeAndNil(LStream);
            FreeAndNil(LPngImage);
            ClearBufferId(FTempBuffer);

            Memo1.Lines.Add('Error on Receive ScreenShot');
          end;
        end
      );
    end;
  end;
end;

但是它们发送相同的数据包，我想也许是使用我不知道的WPE Pro或其他泛洪程序到TcpServer。

它正在计算机上使用大量CPU。

防止TcpServer中的洪水

0 个答案: