<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40085 >
Somebody had sent me private email bragging about his/her DoS against some game server, and telling me this was needed. I didn't bother to reply. Anyway, per host blocking will adversely affect NATs and VPNs. The real DoS problem is TCB saturation -- that this won't fix. For security, the correct method is to exchange cookies between endpoints, and rate limit the exchange(s). As we proved in Photuris, and multiple papers for *BSD.... The DoS limit is how fast you can refuse and close connections, not some arbitrary number of concurrent connections per game. Therefore, I oppose such an option. The only sensible number will be the same as the number of players. It's such a small number already (30) that it won't make any difference. I've been working on a complete replacement for login (PR#39957, etc.) _______________________________________________ Freeciv-dev mailing list [email protected] https://mail.gna.org/listinfo/freeciv-dev
