在 C# 中使用并行处理测试站点抵御 DDOS 的能力 [英] Using Parallel Processing in C# to test a site's ability to withstand a DDOS
问题描述
我有一个网站,我也在探索 C# 中的并行处理,我认为看看我是否可以编写自己的 DDOS 测试脚本来了解该站点将如何处理 DDOS 攻击是个好主意.但是,当我运行它时,似乎只有 13 个线程在使用,并且它们总是返回 200 个状态代码,从来没有任何迹象表明响应不快速和准确,并且在访问站点并与脚本同时刷新时运行网站加载速度快.
I have a website and I am also exploring Parallel Processing in C# and I thought it would be a good idea to see if I could write my own DDOS test script to see how the site would handle a DDOS attack. However when I run it, there only seems to be 13 threads in use and they always return 200 status codes, never anything to suggest the response wasn't quick and accurate and when going to the site and refreshing at the same time as the script runs the site loads quickly.
我知道有一些用于渗透测试等的工具,但我只是想知道为什么我不能使用并行循环向一个站点发出足够多的并发 HTTP 请求,该请求将难以快速加载并返回响应.似乎我只是通过在推特上发布指向网站上新页面的链接和 100 多个 BOTS 来从 Twitter Rush 中得到更多问题,这些 BOTS 都同时冲向该网站进行翻录、扫描、检查等,而不是我可以扔给它的任何东西使用并行循环.
I know there are tools out there for penetration tests and so on but I was just wondering why I couldn't use a Parallel loop to make enough concurrent HTTP requests to a site that it would struggle to load fast and return a response. It seems I get more problems from a Twitter Rush just by tweeting out a link to a new page on the site and the 100s of BOTS that all rush concurrently to the site to rip, scan, check it etc than anything I can throw at it using a Parallel loop.
是我做错了什么限制了并发线程的数量还是这是我无法控制的.我可以抛出许多冗长的搜索查询,我知道这些查询会扫描整个数据库,在每个请求中返回 0 结果,正如我所看到的那样,并且取决于要扫描的数据的大小和搜索查询的复杂性,它可以导致 CPU 峰值和负载缓慢.
Is there something I am doing wrong that limits the number of concurrent threads or is this something I cannot control. I could just throw numerous long winded search queries that I know would scan the whole DB returning 0 results in each request as I have seen this in action and depending on the size of the data to be scanned and the complexity of the search query it can cause CPU spikes and slow loads.
因此,如果没有关于使用其他工具的讲座,有没有一种方法可以为要加载的页面抛出 100 多个并行请求,而不是它可以完美处理的最多 13 个线程.
So without a lecture on using other tools is there a way to throw a 100+ parallel requests for a page to be loaded rather than a max of 13 threads which it handles perfectly.
这是代码、URL 和要发出的 HTTP 请求数作为命令行参数传入.
Here is the code, the URL and no of HTTP requests to make are passed in as command line parameters.
static void Attack(string url, int limit)
{
Console.WriteLine("IN Attack = {0}, requests = {1}", url, limit);
try
{
Parallel.For(0, limit, i =>
{
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
webRequest.ServicePoint.ConnectionLimit = limit;
HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse;
int statuscode = Convert.ToInt32(webResponse.StatusCode);
Console.WriteLine("iteration {0} on thread {1} Status {2}", i,
Thread.CurrentThread.ManagedThreadId, statuscode);
});
}
catch (AggregateException exc)
{
exc.InnerExceptions.ToList().ForEach(e =>
{
Console.WriteLine(e.Message);
});
}
catch (Exception ex)
{
Console.WriteLine("In Exception: " + ex.Message.ToString());
}
finally
{
Console.WriteLine("All finished");
}
}
推荐答案
Parallel.For 方法使用来自 ThreadPool.池中的初始线程数通常很小(与机器中的逻辑处理器数相当).当池耗尽时,新线程以每 500 毫秒一个的速率注入.解决您的问题的简单方法是使用 SetMinThreads 方法:
The Parallel.For method is using threads from the ThreadPool. The initial number of threads in the pool is usually small (comparable to the number of logical processors in the machine). When the pool is starved, new threads are injected at a rate of one every 500 msec. The easy way to solve your problem is simply to increase the number of the create-immediately-on-demand threads, using the SetMinThreads method:
ThreadPool.SetMinThreads(1000, 10);
但这不是可扩展的,因为每个线程为其堆栈分配 1MB 内存,因此您不能拥有数百万个内存.可扩展的解决方案是采用异步方式,从而最大限度地减少线程的使用.
This is not scalable though, because each thread allocates 1MB of memory for its stack, so you can't have millions of them. The scalable solution is to go async, which makes minimal use of threads.
这篇关于在 C# 中使用并行处理测试站点抵御 DDOS 的能力的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
