WatsonTcp icon indicating copy to clipboard operation
WatsonTcp copied to clipboard

Published 20 hours ago verified publisher icon dotnet

DDoS

Open zsolt777 opened this issue 3 years ago • 5 comments

Dear @jchristn,

please let me share an other idea with you that just came into my mind.

I think it would be another very useful feature to ban IPs automatically for some time when too many requests reach the server in a short period if time. And if it could be put before the SSL handshake, then it would be a really helpful feature.

zsolt777 avatar Jan 19 '21 17:01 zsolt777

Thanks @zsolt777 are you referring to too many messages after a connection has been established, or too many connection attempts? There are facilities to specify allowed IP addresses in Settings.PermittedIPs as well. Cheers

jchristn avatar Jan 19 '21 18:01 jchristn

The allowed IP address feature is very good if you have static IPs on every side.

I was referring to too many connection attempts.

Please don't ask how and why, but some months ago one of our clients' mobile device started to go crazy, and invoked the same function on the server 10-15 times per second. It was some cheap Chinese device, and we were not able to figure it out how the hell it was possible at all. We could not phone the guy that there was some problem, because he was driving a motorbike. Moreover while he was driving, his IP was changing...

......so if someone would crack the app, and check how it send the data and would create a "gift", like: "while(true) { SendToServer(ip); }", then it could cause a serious headache at server side...

I suggested this feature to you, because I really like this project. And as I get familiarized with it I would like to use it in my work, not just for hobby.

Thank you, cheers

zsolt777 avatar Jan 20 '21 14:01 zsolt777

I like the feature request, but I believe this would be fit best as implemented in your own program, that's just my opinion. I don't see a real need for a TCP library to have a DDoS-like feature

developervariety avatar Jan 26 '21 16:01 developervariety

I agree with @developervariety - the core function of the library is to ensure an easy way to communicate over TCP. I'll keep open as an enhancement request in case someone wants to put together a PR around it that isn't intrusive to the base operation of the library.

jchristn avatar Jan 26 '21 17:01 jchristn

I might introduce this into a PR.

My understanding would be to throttle how many messages/conversations a client can send per second. This would actually be a pretty cool feature, but it would not neglect DDOS-like behavior.

Proposal

A client must be connected and must use a pre-shared key to ensure the client is connected to an authentic node. By default, the client will be able to send an unlimited* amount of messages unless MaxMessagesPerSecond is changed.

If the client sends more messages than allowed, the client will be disconnected from the node to avoid future harm.

developervariety avatar Dec 26 '21 20:12 developervariety