Get spam (No registered account required):
- Malicious client can do valid gets of large chunks (largest for a datatype allowed by the network). Can do via unregistered accounts.
- Can do invalid gets - will not be as catastrophic as the previous one but still can flood with many get requests sent out.
Mutation spam (Requires an Account):
- The motivation here is that failed mutations are not charged. So malicious client can keep sending inserts of MAX capacity chunks to an address space he knows will be rejected due to say data-already-exists etc. With MutData paradigm this will cause the request to be worked upon by MaidManagers, goto DataManagers, failure response to MaidManagers and finally back to clients - so lot of work from the Network. So without spending account-balance, he will have flooded the network with huge mutations.
- Even after the account balance is spent he can still flood the MaidManagers with PUTs (this time he can choose ImmutableData or MutableData, doesn’t matter as he has run out of account balance anyway). This is not as catastrophic as the previous one as it will be rejected at the MM stage, but still can be disruptive.
Solutions:
- Proxy node is the SPOC (single point of contact) for client and since only we are running vaults in the next few test networks, it might be the best way to prevent DOSing the network by letting the proxy bear the brunt of checks and filters.
- Proxy node has struct
SpamCheck { di: LruCache<DataIdentifier>, failures: LruCache<()> }
- This is used as clients:
HashMap<ClientPubKey, SpamCheck>
-
LruCache<DI>
hascapacity=C0
,expiry=E0 min
and accounts for GETs only. So you cannot do a get for the same DataIdentifier beforeE0
min and you cannot do a total of more thanC0
GETs within any givenE0
min interval. -
LruCache<()>
is basically a Leaky-bucket withcap=C1, expiry=E1min.
and accounts for failures in both GETs and Mutations. If that is filled the connection is severed to the client.
Other thoughts
We need to test and finalise the values for variables (C0
, C1
, E0
etc.), ofcourse. We also need to see how we can ban such clients from joining again and/or levy other more aggressive penalties.