<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40085 >

Somebody had sent me private email bragging about his/her DoS against some
game server, and telling me this was needed.  I didn't bother to reply.

Anyway, per host blocking will adversely affect NATs and VPNs.  The real
DoS problem is TCB saturation -- that this won't fix.

For security, the correct method is to exchange cookies between endpoints,
and rate limit the exchange(s).  As we proved in Photuris, and multiple
papers for *BSD....  The DoS limit is how fast you can refuse and close
connections, not some arbitrary number of concurrent connections per game.

Therefore, I oppose such an option.  The only sensible number will be the
same as the number of players.  It's such a small number already (30)
that it won't make any difference.

I've been working on a complete replacement for login (PR#39957, etc.)

Freeciv-dev mailing list

Reply via email to