On Wed, Oct 30, 2002 at 05:16:12PM -0500, Michael Wiktowy wrote: > > > From: Gianni Johansson <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Re: [freenet-dev] Growing pains -- Better transport level DOS resistance > > Date: 30 Oct 2002 10:33:05 -0500 > > > > On Wednesday 30 October 2002 07:24, you wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > On Tue, 29 Oct 2002 11:23:07 -0800 Michael Wiktowy <[EMAIL PROTECTED]> wrote: > > > >Never discount the possiblity of sabotage. I hate to sound paranoid > > > >but > > > >the load on Freenet came on a little too high a little too fast > > > >to be a > > > > > > You may have a point, i was pegged to the wall yesterday with > > > connections, and there were quite a few telenet discordian type > > > connections on the inbound FNP port and only on that port,, > > > > > > Sorry i already deleted yesterdays log or i could show you, but > > > it was rejection of connection of text of type "sally loved her moose > > > fred",,,kinda discordian rambling. > > > > > > From seednodes and routing tables it'd be easy to get a list of ip's > > > and ports to attack. > > > > Maybe we need a "Turkey trap" filter that keeps track of hosts that > > repeatedly make connections that fail with authorization errors and blocks > > them at the transport level. > > > I would say that would be prudent. It might not have to block them > permenently (it could just ignore them for a while) just in case a node > is temporarily misbehaving due to bugs. The turkey trap could also keep > track of the number of threads that are generated by a node and limit > per IP. In theory, a node should just make one connection to another > node and multiplex the communication across the one line. There is no There is no multiplexing in the current code. It will go in, eventually. > good reason for one node to be responsible for lots of threads on the > recipient. I don't know the details of the new load balancing code so > maybe that concept is actually incorporated already. > > Mike >
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02. http://freenetproject.org/
msg05087/pgp00000.pgp
Description: PGP signature
