1

I have written a signalling server for a webcam chat platform that also functions as a chat server. Now I want to implement anti-flooding measures.

My plan is to implement this in the server application first, then try to somehow add the banned IPs to the Windows Firewall - I haven't thought it to the end yet but this is my start. Please warn me if that's stupid.

So I'm thinking of applying a protocol like "if the user sends 100 messages within 50 seconds, he's flooding and gets banned" (the javascript on the client side normally prevents this, but I don't trust the user not to alter it).

However the user also sends ICE Candidates to the server to establish an RTCPeerConnection, and he has no control over their frequency or total number. This is an unknown factor in my equatation. I don't want to accidently ban people with 100 ICE Candidates for their RTCPeerConnection.

I've tested my webcam chat a bit and got about 40 ICE Candidates before, but how many should I expect for other users so I can adjust my anti-flooding condition?

spacecoyote
  • 1,909
  • 3
  • 19
  • 24
  • If you are truly curious about your comment, go ahead and make another question. This particular question is good and I too am curious about the answer :) – Benjamin Trent May 18 '14 at 23:35
  • Can't you check wether the message is an ICE candidate or just a "normal" message ? My guess is it's difficult to predict how many ICE candidates a peer will send, it depends on how many local/public connections they have etc, so... – Jb Drucker May 20 '14 at 14:28
  • I can check that, but then if someone wanted to flood my server, he could simply send ICE candidates non-stop. – spacecoyote May 20 '14 at 21:18

0 Answers0