You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering if this is vulnerable to the same failure modes as irc. In irc without any logins to a central server the adversary can create a million accounts and have them all pump out garbage as a denial of service. Some of that was documented in the Snowden leaks.
i answered:
not really, flooding is hard to disambiguate for p2p distributed systems
what's the diff between someone flooding and someone coming online after a lengthy (but message-producing) internet absence
the resistance would be moderation actions as applied to flooders
other approaches could also temporarily restrict connections to only known ids (to prevent e.g. raids)
The text was updated successfully, but these errors were encountered:
The way this is handled in irc is only allowing registered users to connect until the attack subsides. We could do something similar with the network patches in #96 / cabal-club/cabal-client#61
Basically: Invite-only channels, invite links, and keeping records of who invited who.
what's the diff between someone flooding and someone coming online after a lengthy (but message-producing) internet absence
I guess it would be the timestamps on the messages, right? The messages wont be annoying (they wont be seen) unless they're all recent.
temporarily restrict connections to only known ids (to prevent e.g. raids)
Will it be possible to add new ids manually while in lockdown? Wouldn't that constitute an invite system? Once started, when would you expect one of these attacks to end? The attacks would be especially cheap to automate, given that all they need to do to be annoying is send enough messages to shout over the humans.
I don't know much about the transport protocol you're using, presumably you can start IP-banning if it gets that bad, but it would be preferable to not be reliant on a transport protocol with a limited, identifying addresses, wouldn't it?
from bashrc in the public cabal:
i answered:
The text was updated successfully, but these errors were encountered: