►
From YouTube: DOS Defense - Do’s and Don’ts - Max Inden
Description
This talk was given at IPFS Camp 2022 in Lisbon, Portugal.
A
I
want
to
give
a
very
quick
talk,
and
this
is
really
just
food
for
thought
on
how
to
prevent
dust
attacks,
denial
of
service
attacks,
I'll
phrase
this
as
the
do's
and
don'ts
there's,
really
amazing
awareness
for
the
topic.
I'm,
not
gonna,
give
you
a
solution
to
this
all
right
toss.
What
is
it
denial
of
service
attack,
denalo
service
attack?
A
The
idea
is,
as
an
attacker
I
want
to
attack
someone
for
that
Target
to
no
longer
be
able
to
serve
in
the
purpose
it
was
initially
put
up
for
defending
and
against
denial
of
service
attacks
is
super
hard
if
you
go
on
school
scholar.google.com
or
if
you
just
read
the
gospels
of
paper
or
any
any
of
those
papers
out
there
like
it's.
It's
super
hard
right-
and
this
is
especially
very
hard
in
the
peer-to-peer
world,
as
identities
are
cheap
right.
A
Denial
of
service
attacks,
I
would
say
the
number
one
way
to
do
this
is
to
attack
or
to
exhaust
a
scarce
resource.
Now
the
idea
of
unbounded
CPU,
the
idea
of
unbounded
memory
and
the
idea
of,
for
example,
unbounded
file
descriptors,
that's
all
a
lie
right,
so
we
need
to
somehow
prevent
yeah
those
resources
to
be
exhausted.
I
think
that's
quite
obvious
to
everyone
cool
okay,
so
this
is
obviously
relevant
in
general.
This
is
relevant
in
the
peer-to-peer
world
and
this
is
also
especially
relevant
in
lipidopy
and
I.
A
With
this
talk,
I
just
want
to
raise
awareness
for
this
and
make
you
all
as
post
users
and
implementers
keep
an
eye
out
for
this
all
right.
The
dues
one
single,
easy
rule:
it's
the
solution
to
everything,
I
guess
bound
everything
right.
No,
you
don't
have
unmounted
memory.
No,
you
don't
have
unbounded
amount
of
sockets.
No,
no,
no
right
bound.
Everything.
Everything
that
is
unbounded
is
an
attack
Vector.
Now,
obviously
you
can
this.
A
A
There
are
two
ways
on
once:
we
bounded
everything.
Let's
say
what
we
can
do
once
we
exceed
a
bound
right
once
there
is
an
item
that
exceeds
a
Bound,
for
example,
on
the
number
of
items
you
can
put
in
a
channel
the
the
size
of
a
message,
the
amount
of
buffering
you
want
to
do,
and
so
on
one
item
one
way
is
drop
the
item
right.
If
there's
a
message
coming
in
and
I
currently
can't
handle
it
drop
it.
A
That's
not
good
for
various
reasons,
and
then
the
other
one
is
enforced
pressure.
So
the
idea
of
if
the
consumer
cannot
handle
the
item
right
at
the
moment,
don't
read
from
the
producer
and
thus
slow
down
the
producer.
A
So
you
have
a
whole
slide
on
that
yeah
back
pressure.
The
idea
is,
you
have
a
you,
always
have
a
producer
and
a
consumer.
You
can
basically
boil
down
every
computation
into
those
two.
You
want
the
consumer
in
case
it's
slow
to
slow
down
the
producer.
The
nice
side
effects
is
that
can
improve
resource
utilization.
I'm
saying
can
right.
Quite
often,
batching
is
a
good
idea,
and
this
also
can
improve
latency.
As
you
keep
buffer
small
yeah
as
a
nice
side
effect,
but
this
is
really
on
Dust
prevention
here.
A
A
This
is
hard
to
read
easy
to
read:
okay,
to
read,
okay,
to
read,
yeah,
otherwise,
come
forward.
I
can't
make
this
bigger.
A
Okay,
all
right,
I'll
walk
you
through
it.
We
do
networking
here
right.
This
could
be
in
lipidoe,
but
this
could
also
be
used
using
lipido
B
building
your
own
protocol
on
top
of
Flippy
to
be,
we
have
some
bytes
that
represent
the
message.
Thanks
prefix
you
have.
We
do
a
uvi,
encoding,
anti-invariant
integer,
it's
just
a
message
length.
Then
we
allocate
a
buffer
for
the
length
and
then
we
read
the
message
into
the
buffer.
A
A
A
A
A
This
is
my
go
skills.
It's
probably
something
bad
here,
I
think
we
don't
do
semicolons.
A
A
Yeah,
it's
not
going
to
be
good,
very
good,
cool,
again
no
rocket
science
right,
but
yeah
we've
all
seen
this
so
go
channels.
First
off
awesome:
they
have
back
pressure
right,
they
have
a
limit,
they
are
bounded,
wonderful
and
if
you
read
from
them
and
then
spawn
to
go
routine,
you
just
broke
back
pressure
across
your
system.
Right
because
maybe
go
routines
are
cheap,
but
maybe
me
as
an
attacker
I
can
send
requests
faster
than
you
can
handle
them.
So
eventually,
you'll
run
out
of
memory,
yeah,
yeah,
okay,
cool
same
game
and
rust.
A
Rust
does
have
unbounded
channels,
so
that's
even
more
fun,
but
we'll
we'll
not
have
them.
Here.
We
require
read
a
request
from
a
channel
right
and
then
we
spawn
a
task,
but
this
also
applies.
If
we
spawn
a
thread
right
or
we
spawn
something
to
a
remote
note
like
it's
all
the
same
right,
we
break
back
pressure
and
that
will
eventually
be
an
attack
vector,
okay,
cool
any
comments
to
this
one
again,
quite
obvious.
A
The
unbounded
channel
so
I
want
to
plan
something
especially
into
rust,
Engineers
here.
If
you
use
an
unbounded
Channel,
you
need
to
somehow
externally
have
a
mechanism
to
bound
what's
happening
in
their
channel
right
or
you
run
a
small
CLI
tool
that
no
one
cares
about
in
terms
of
back
pressure.
Fine
use
an
unbounded
Channel,
but
in
all
other
cases
you
probably
don't
want
this
cool
on
go
yeah.
You
have
bounded
channels,
really
cool,
oh
no,
in
the
JS
ecosystem
channels,
and
are
they
bounded
by
default?
Okay,
so
I'll
explain
this
one.
A
We
have
a
vector
of
request.
We
want
to
handle
later
on
right.
We
can't
handle
them
right
now
we
have
a
vector.
We
have
an
incoming
request
again
coming
from
the
channel,
and
then
we
push
the
request
into
the
vector
I'll
not
put
this
up
as
a
quiz
like
I.
Think
it's
obvious
right,
yeah,
an
unbounded
channel
is
the
same
like
an
unbounded,
vector
or
anything.
A
You
need
something
that
watches
out
that
that
Vector,
sorry
Vector
array,
collection,
whatever
language
you
use,
is
not
running
out
of
bounds
right,
okay,
cool
I
think
those
are
all
my
examples.
Not
very
sophisticated
yeah,
I
hope
I
planted
that
thought
into
your
brains.
The
next
time
you
program
in
general,
the
next
time
you
program
on
anything
lipid
be
related
or
on
top
of
wwp
and
yeah.
At
some
point,
I'll
get
a
tattoo
which
says,
which
will
say
back
pressure,
but
until
then
please
do
back
pressure.
It's
super
important
cool.
D
Okay,
so
for
us
the
P2P,
does
it
do
all
these
things
correctly
or
is
it?
Are
there
still
some
things
to
be.
A
C
Cdn
providers
have
tools
for
statistically
detecting
DDOS
attacks
and
I'm
wondering
if
there's
been
any
infrastructure
developed
for
live
P2P
nodes
that
allow
them
the
similar
level
of
functionality,
maybe
not
as
powerful,
but
something
that
allows
them
to
preemptively,
reject
certain
requests
before
processing
them.
A
A
Couple
this
is
actually
a
good
point,
so
on
I'll
mention
this
right
now
on
our
docs
page
docs.liby.dale,
we
have
a
bigger
section
on
in
general
dos
prevention
and
there
are
a
bunch
of
mechanisms
again,
no
Silver
Bullet,
like
it's
just
engineering
work
and
then,
for
example,
on
Rust
specific
things
we
have
on
Rust
Liberty.
We
have
a
coding
guideline
on
like
how
we
think
we
can
best
enforce
back
pressure
throughout
a
rust
code
base.
This
is
very
opinionated
I'm
happy
to
talk
about
it.
I'm
not
saying
this
is
the
Silver
Bullet?
F
Getting
back
to
the
rust
spawning
a
task
yeah
the
risk
version-
I,
don't
I,
don't
know
about
go,
but
if
this
couldn't
back
pair
should
be
implemented
in
a
schedule
so
that
you
have
a
finite
amount
of
threads,
whereas
if
you
have
all
them
busy,
you
don't
spawn
another
and
you
make
it
so
that
the
scheduler
doesn't
pick
and
launches
another
task.
Yeah.
A
F
A
Could
do
that,
but
the
scheduler
doesn't
know
the
scale
of
your
system
like
okay
tasks
are
cheap
right,
not
not
full
stack
frames
right,
that's
fine
cool,
but
maybe
I'm
moving
each
time,
I'm
moving
a
one
gigabyte
buffer
into
there.
So
does
the
scheduler
know
whether
like
I
it
can
spawn
a
hundred
or
a
thousand
or
a
million
tasks?
It
doesn't
know
right,
so
it
doesn't
know
the
scale
of
how
much
memory
I'm
moving
into
the
task.
This
is
not
only
about
memory
right.
A
E
B
A
So,
for
example,
invest
Liberty.
What
we
do
is
we
spawn
one
task
per
connection,
but
the
amount
of
task
connections
is
limited.
You
can
limit
the
amount
of
inbound
and
outbound
connections,
but
we
only
we
don't
spawn
tasks
per
stream,
for
example,.
G
A
Yeah,
for
example,
in
class,
it's
up
I
think
one
of
the
parameters
is
either
autonomous
system
numbers
or
IPS
that
need
to
be
diverse,
but
then
once
this
is
a
step
forward
right,
but
it
shouldn't
be
the
only
measure,
as
we
have
like
once
we're
in
the
IPv6
space
yeah,
you
get
the
slash
64.,
so
yeah
cool.
Okay.
Thank
you.
Please
do
back
pressure.