DoS attack mitigation

[mfrankovi]

Node could send valid data like valid blocks/transactions/votes in huge quantity to slow down or kill the processing and communication with other nodes. There are several approaches we could do to mitigate such an attack but Miho would prefer to go with the simpler and more generic ones than more detailed ones. So starting from simpler to more complex:

• All of the packets processing currently is done within the packet handlers and packets are queued in the packets queue. Any delay in queue processing would result with queue growing uncontrollably. This should be a trigger that we cannot process the incoming data and we should start disconnecting nodes with highest traffic. Actual criteria for disconnecting/malicious could be the combination of how much data a particular connected node sent/received in time frame and/or time it took for the processing of packets per node.
• Globally try to define a limit of how much incoming/outgoing data per node per time is too much and it can be labeled as malicious or disconnected.
• More individual per packet implementation to have more complex rules on what data we receive. For instance if a node is sending too much repetitive data, same transactions/blocks/votes multiple times or if it is gossiping old data mark node as malicious