On Wed, Oct 30, 2002 at 05:16:12PM -0500, Michael Wiktowy wrote: > > > From: Gianni Johansson <giannijohansson at attbi.com> > > To: devl at freenetproject.org > > Subject: Re: [freenet-dev] Growing pains -- Better transport level DOS > > resistance > > Date: 30 Oct 2002 10:33:05 -0500 > > > > On Wednesday 30 October 2002 07:24, you wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > On Tue, 29 Oct 2002 11:23:07 -0800 Michael Wiktowy <mwiktowy at gmx.net> > > > wrote: > > > >Never discount the possiblity of sabotage. I hate to sound paranoid > > > >but > > > >the load on Freenet came on a little too high a little too fast > > > >to be a > > > > > > You may have a point, i was pegged to the wall yesterday with > > > connections, and there were quite a few telenet discordian type > > > connections on the inbound FNP port and only on that port,, > > > > > > Sorry i already deleted yesterdays log or i could show you, but > > > it was rejection of connection of text of type "sally loved her moose > > > fred",,,kinda discordian rambling. > > > > > > From seednodes and routing tables it'd be easy to get a list of ip's > > > and ports to attack. > > > > Maybe we need a "Turkey trap" filter that keeps track of hosts that > > repeatedly make connections that fail with authorization errors and blocks > > them at the transport level. > > > I would say that would be prudent. It might not have to block them > permenently (it could just ignore them for a while) just in case a node > is temporarily misbehaving due to bugs. The turkey trap could also keep > track of the number of threads that are generated by a node and limit > per IP. In theory, a node should just make one connection to another > node and multiplex the communication across the one line. There is no There is no multiplexing in the current code. It will go in, eventually. > good reason for one node to be responsible for lots of threads on the > recipient. I don't know the details of the new load balancing code so > maybe that concept is actually incorporated already. > > Mike >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02. http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021031/7d83cea0/attachment.pgp>
