[Dxspider-support] Queues and classes against flood attack

[IZ2LSC]

Hi,
I think that that we cannot simply discard spots that are failing the
senderverify check because of the very different flavors of cluster on the
net.

And it's not just a matter of good or fake spots. The other important topic
we have to deal with is the flooding itself. Consider that a single IP
PC61packet (with a standard MTU of 1500 Bytes) can contain at least 20
spots (it depends which info are in the spot itself) or more.
So
a rate of 10KByte/s (80Kbit/s) generates 133 spots per second (10/1,5*20)
a rate of 125KByte/s (1Mbit/s) generates 1666 spots per second

Considering internet speed availability nowadays....... 1Mb/s is nothing in
terms of bandwidth, but the effect on the cluster is huge.

At this point I would suggest a different approach.
We need to classify spots in different classes. Let's say gold and silver
class.
In the gold class we move all the spots that are verified. In the silver
the rest.
In case of a flooding attack we have to drop spots from the silver class
first.

Usually queues are used to achieve this. Queues with different length and
different "serving" speed.

Example:
Gold queue is 100 spots long and we serve 5 spots per second.
Silver queue is 50 spots long and we serve 2 spots per second.
When queues are full, spots are discarded.

I know that this is the theory....and implementation is not easy, but
considering what happened last weekend, I cannot imagine another solution.

73s
Andrea iz2lsc


-->
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250218/e558551e/attachment.htm>