<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40085 >
Somebody had sent me private email bragging about his/her DoS against some
game server, and telling me this was needed. I didn't bother to reply.
Anyway, per host blocking will adversely affect NATs and VPNs. The real
DoS problem is TCB saturation -- that this won't fix.
For security, the correct method is to exchange cookies between endpoints,
and rate limit the exchange(s). As we proved in Photuris, and multiple
papers for *BSD.... The DoS limit is how fast you can refuse and close
connections, not some arbitrary number of concurrent connections per game.
Therefore, I oppose such an option. The only sensible number will be the
same as the number of players. It's such a small number already (30)
that it won't make any difference.
I've been working on a complete replacement for login (PR#39957, etc.)
Freeciv-dev mailing list