Question
What are good programming practices in regards to blocking DoS attacks on a UDP client/server? The only thing that comes to mind at the moment is ignoring packets with the wrong sources, as such (using WinSock2):
https://stackoverflow.com/questions/19672584
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianif (oSourceAddr.sa_family == AF_INET) {
uSourceAddr = inet_addr(oSourceAddr.sa_data);
if (uSourceAddr == oCorrectDestAddr.sin_addr.S_un.S_addr) {
queueBuffer.push(std::string(aBuffer));
}
}
Attacks that are fast enough might cause this to block in a loop - especially if the packet size is small. Is there a way I can prevent packets from arriving from a certain source, or any source besides the correct one? What other things should I look out for? An explanation in code form would be especially helpful if the solutions are already built into the API.
La solution
Is there a way I can prevent packets from arriving from a certain source, or any source besides the correct one?
Yes. Just connect() the socket to that correct source. Then UDP will filter out all datagrams from other addresses. See man 2 connect, the paragraph about SOCK_DGRAM sockets.
