From: Peter Todd <pete@petertodd•org>
To: "Warren Togami Jr." <wtogami@gmail•com>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Gavin's post-0.9 TODO list...
Date: Fri, 16 Aug 2013 10:06:35 -0400 [thread overview]
Message-ID: <20130816140635.GC16201@petertodd.org> (raw)
In-Reply-To: <CAEz79PqpQ0NG3WHHo7gqoZJVWqAQ4GwUaqSD_7LzWSvSQCHHig@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1215 bytes --]
On Fri, Aug 16, 2013 at 03:41:54AM -1000, Warren Togami Jr. wrote:
> https://togami.com/~warren/archive/2013/example-bitcoind-dos-mitigation-via-iptables.txt
> *Anti-DoS Low Hanging Fruit: source IP or subnet connection limits*
> If you disallow the same IP and/or subnet from establishing too many TCP
> connections with your node, it becomes more expensive for attackers to use
> a single host exhaust a target node's resources. This iptables firewall
> based example has almost zero drawbacks, but it is too complicated for most
> people to deploy. Yes, there is a small chance that you will block
> legitimate connections, but there are plenty of other nodes for random
> connections to choose from. Configurable per source IP and source subnet
> limits with sane defaults enforced by bitcoind itself would be a big
> improvement over the current situation where one host address can consume
> limited resources of many target nodes.
Have you looked into what it would take to just apply the IP diversity
tests for outgoing connections to incoming connections? The code's
already there...
--
'peter'[:-1]@petertodd.org
0000000000000018dcf5bcc3f018a05517ba1c479b432ba422015d4506496e55
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2013-08-16 14:06 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-16 1:00 Gavin Andresen
2013-08-16 4:06 ` Melvin Carvalho
2013-08-16 12:11 ` Mike Hearn
2013-08-16 12:24 ` Mike Hearn
2013-08-16 13:41 ` Warren Togami Jr.
2013-08-16 13:46 ` Mike Hearn
2013-08-16 13:53 ` Warren Togami Jr.
2013-08-16 14:06 ` Peter Todd [this message]
2013-08-16 14:56 ` Gregory Maxwell
2013-08-16 14:01 ` Peter Todd
2013-08-16 14:15 ` Peter Todd
2013-08-16 14:27 ` Warren Togami Jr.
2013-08-16 14:36 ` Mike Hearn
2013-08-16 14:59 ` Peter Todd
2013-08-16 15:06 ` Warren Togami Jr.
2013-08-16 15:11 ` Mike Hearn
2013-08-16 15:13 ` Mike Hearn
2013-08-16 15:59 ` Peter Todd
2013-08-17 0:08 ` Warren Togami Jr.
2013-08-17 12:35 ` Mike Hearn
2013-08-17 13:41 ` Jeff Garzik
2013-08-19 3:09 ` John Dillon
2013-08-19 3:17 ` Peter Todd
2013-08-19 5:00 ` John Dillon
2013-08-19 5:34 ` John Dillon
2013-08-19 5:11 ` Mark Friedenbach
2013-08-19 9:16 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130816140635.GC16201@petertodd.org \
--to=pete@petertodd$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=wtogami@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox