Re: [Freeciv-Dev] (PR#40085) add maxconnectionsperhost option
URL: http://bugs.freeciv.org/Ticket/Display.html?id=40085 Somebody had sent me private email bragging about his/her DoS against some game server, and telling me this was needed. I didn't bother to reply. Anyway, per host blocking will adversely affect NATs and VPNs. The real DoS problem is TCB saturation -- that this won't fix. For security, the correct method is to exchange cookies between endpoints, and rate limit the exchange(s). As we proved in Photuris, and multiple papers for *BSD The DoS limit is how fast you can refuse and close connections, not some arbitrary number of concurrent connections per game. Therefore, I oppose such an option. The only sensible number will be the same as the number of players. It's such a small number already (30) that it won't make any difference. I've been working on a complete replacement for login (PR#39957, etc.) ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
Re: [Freeciv-Dev] (PR#40085) add maxconnectionsperhost option
URL: http://bugs.freeciv.org/Ticket/Display.html?id=40085 On Feb 6, 2008 11:09 AM, William Allen Simpson [EMAIL PROTECTED] wrote: URL: http://bugs.freeciv.org/Ticket/Display.html?id=40085 Somebody had sent me private email bragging about his/her DoS against some game server, and telling me this was needed. I didn't bother to reply. Anyway, per host blocking will adversely affect NATs and VPNs. The real DoS problem is TCB saturation -- that this won't fix. I doubt anyone will be adversely affected under reasonable conditions. However you're right about the second point; all this would block is kiddies wanting to run 64 invocations of freeciv to block some server. Therefore, I oppose such an option. The only sensible number will be the same as the number of players. It's such a small number already (30) that it won't make any difference. Even with a value of 30 the option could prevent some simplistic attacks. I've been working on a complete replacement for login (PR#39957, etc.) Okay. -jason ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
