Protect against DOS attacks that spam new connections

[adamstallard]

1. rate limit ip addresses that are creating many new accounts
2. rate limit connections where neither user is verified
3. rate limit connections per user (no one needs to create 10,000 connections a day)

[adamstallard]

From @alfhg on May 10, 2018 21:56

Re captcha should be required to prove being a human. Each time when someone adds new member, both parties must complete re captcha. This way it's more costly and slower to add fake members. (But someone can still spend all day creating fake connections, and there will be incentive for it if there is UBI)

[adamstallard]

C. Adam Stallard, [28.09.18 21:40] Also, what I said above 👆. If at least one of the two users has to have a preexisting score—even if it's really small like 5 out of a possible 100. At least the attacker can't use newly created keys to connect to more keys. Limit each "user" to say 50 connections a day or something.

C. Adam Stallard, [28.09.18 21:41] I think that'd make it really hard to spam us with thousands of connections per second.

C. Adam Stallard, [28.09.18 21:43] thousands a day for sure, but not enough to bring down the network so its unresponsive, just enough to add a bunch of garbage to the graph. I fully expect 10% of the graph to be people doing garbage stuff like this. We could also find ways to automatically clean it.

C. Adam Stallard, [28.09.18 21:49] I also think that if a node isn't experiencing high load, it could let two new users connect to each other. We only need to enforce that restriction if the load starts to get high.

C. Adam Stallard, [28.09.18 21:50] And then IP addresses that are sending the low quality requests would get automatically blacklisted or throttled.

C. Adam Stallard, [28.09.18 21:50] That should wear down a DDOS attack quickly

Titusz, [28.09.18 21:51] new request could come in from peer nodes...

C. Adam Stallard, [28.09.18 21:51] Sure, but each node would be equipped with the same defenses

C. Adam Stallard, [28.09.18 21:55] I guess if there's a malicious peer node doing the spamming, that peer node could also be blacklisted

C. Adam Stallard, [28.09.18 21:56] "good" nodes would know not to forward that many low quality requests to other nodes, so they wouldn't risk being blacklisted

[abramsymons]

Re captcha should be required to prove being a human. Each time when someone adds new member, both parties must complete re captcha. This way it's more costly and slower to add fake members. (But someone can still spend all day creating fake connections, and there will be incentive for it if there is UBI)

I have worked with anti-captcha services before. Their service cost $0.002 for solving each google recaptcha. https://anti-captcha.com/ Also it's not good approach to rely on centralized services.