CC attack & TCP and UDP correct opening posture

introduction:

1: CC attack is normal business logic, large concurrency makes you unable to handle it, processing XP SP2, the above systems are sealed RAW format protocol packet customization, in addition to changing the protocol based on the application layer, all other simulations or requests are used to test the transport layer

2: UDP will not stick packets or lose packets unless the buffer is full

3: The main features of TCP are:

1. 3-way handshake connection
2. 4 waves to disconnect
3. Congestion Control
4. Retransmission Control
5. In streaming mode, the server needs to analyze the following aspects: protocol sticky packets, protocol missing packets, protocol packet loss, abnormal protocol response, normal protocol response

[[262564]]

The main features of UDP are:

1. Packet transmission mode
2. No sticky packing
3. And there is no connection, no congestion control, and no retransmission mechanism

4: The main features of TCP are:

1.3-way handshake connection:

A test case: The press machine is shut down quickly after requesting a large number of handshake connections, requiring large concurrent operations

1. Test logic point: Test whether the server's underlying logic handles a new socket connection request while the server's underlying logic closes the socket.

The bug in the project I tested: After creating a socket port with ID 5000, the server reclaimed the SOCKET with ID 5000 because the press closed the socket. The new TCP connection request used this SOCEKT again because 5000 was released. At this time, the server reported an error: The new SOCKET cannot be used

Test case 2: The press is requesting a large number of handshake links, requiring large concurrent operations

Second test logic point: Test the number of SOCKETs connected to the server to ensure that the server has available SOCKET resources to allocate.

The project I tested had a bug: the server could not create 5,000 SOCKETs successfully because the configured JAVA memory was insufficient and the number of ports opened by the system was insufficient.

The test tools for the above two points are as follows: Only IOCP and AIO bottom-level test verification is the most effective, and the test simultaneously observes the bottleneck inflection point at N concurrency/second

5:4 wave disconnection:

Test case: Pressurized setting of SOCKET options, rapid closing after requesting a large number of handshake connections, requiring large concurrent operations

 //Quickly close the socket
 ::setsockopt(pUsoc, SOL_SOCKET, SO_REUSEADDR, (const char *)& on , sizeof(bool));//Reuse port
 ::setsockopt(pUsoc, SOL_SOCKET, SO_DONTLINGER, (const char *)& off , sizeof(bool));//Open LINGER
 ::setsockopt(pUsoc, SOL_SOCKET, SO_LINGER, (const char *)&m_sLinger, sizeof(linger)); //Set to force close SOCKET

Test logic point: The test is that due to the pressure robot modifying the Socket configuration, the client actively disconnects, and the server cannot receive the notification package of 4 waves, resulting in N time nodes to close the Socket/not close the Socket

Project test BUG: Because it is impossible to get 4 wave packets, there are a large number of abnormally long connections on the server, resulting in a denial of service

6: Congestion control - Simply put, block the exhaust vents of the car and step on the accelerator at the same time

Test case: The client of the press machine sets a 1-byte acceptance protocol or a 1-byte buffer and requests large data that needs a response: for example, a leaderboard

Test logic point: Due to the particularity of congestion control, TCP will open up memory to cache this part of the data. Simply put, the server generates many protocols, but few are effectively sent. The system caches more and more remaining protocols, and the hardware monitoring server memory surges.

Project test bug: Same as above. After setting the SOCKET parameters, requesting the ranking data, the server memory surges and crashes directly

7: Retransmission Control

Test case: Build a test proxy tool to configure parameters for packet transmission order/packet loss

Test logic point: Since the retransmission is controlled by the transport layer, packet loss and out-of-order requests are simulated at the application layer.

The commonly used kugou music APP uses tools to simulate retransmission control. When listening to music, it performs packet loss and disorder tests, causing the APP to crash.

8: Streaming mode, more content, watch slowly

Test case: Protocol sticky packet - automatically *N times through the proxy tool, that is, 123 becomes 123123123123123123123

Test logic points:

1) Test the upper limit of the data packets that can be split by the server,

2) Test whether the server executes the protocol concurrently, such as receiving tasks, purchasing items, creating characters, etc.

Project BUG: Create N 123 roles in the database, and the upper limit of the complete protocol split is 4, which will be adjusted to 20 copies/Max cache area later

Test case: Protocol packet shortage - 1 byte sent by tool

• 1) High speed
• 2) Slow

Test logic points:

1) Send 1 byte at high speed, and the server reads and processes the protocol to consume CPU resources.

2) Occupy the server cache for a long time and consume resources. The above two points test the robustness of the server to the protocol reading.

Test case: Server-side private protocol - construct abnormal data and valid data for testing

Test logic points:

1) Valid data

• Package body - The valid data used here is a very large package body, such as variable protocols such as shouting, which exceeds the upper limit of the server cache
• Protocol interface - traverse the known server protocol response interface to test whether there are unopened or frequently called ones
• Protocol parameters - A uses B's parameters such as user ID, numerical values: 0 Negative boundary value Positive overflow

2) Abnormal data

• Package body - Modify the package body boundary value or custom data, that is, the package body is too short or too long
• Protocol interface - traverse the server interface, and automatically modify the non-existent interface with +N
• Protocol parameters - traverse the bytes and the protocol automatically + N changes
• Special protocol - and sending abnormal protocols such as 1 byte 00 11 22 33 - FF

Project BUG:

1) Protocol package: The mobile protocol modifies the package data. The package is modified to 8 bytes. There are no parameters for the protocol interface. The server reports an error and crashes.

2) Protocol parameters:

1. User A logs in using user B's ID and forces B to log off the line.
2. The purchase quantity*amount exceeds the upper limit of the server variable, and the value overflows and the player is compensated.
3. Negative numbers are self-explanatory, selling items is -1, giving one more item to the player,
4. The server crashes when a value of 0 is used in a division calculation

3) Protocol interface:

1. The copy calls the monster self-destruct protocol, killing all monsters instantly.
2. The character calls the transmission interface in the prison to escape
3. Attacks: concurrent N/second requests for large data protocol interfaces, server memory and CPU surge, and request frequency is limited in the future

10: The main features of UDP are: packet transmission, no sticky packets, error packets, no connection, no congestion control, no retransmission mechanism

Test cases:

Application Layer

1) Protocol test is the same as TCP

2) Large concurrent requests (performance test is the same as TCP)

Test logic points:

1) Since there is no special processing at the transport layer, the transport layer only has three items in the protocol test: packet loss, disorder, and delay. The test plan is the same as the TCP test case

2) The application layer solution continues to use the test cases in TCP:

1. Valid data
2. Abnormal data

1) Valid data

Package body - The valid data used here is a very large package body, such as variable protocols such as shouting, which exceeds the upper limit of the server cache

2) Abnormal data

Package body - Modify the package body boundary value or custom data, that is, the package body is too short or too long