Denial of service protection: how to reject connections based on content and frequency (golang as example)

Question

I run a p2p service (so no webserver, no load balancing with DOS functionality, etc.), which receives direct connection requests.

I want to reject connections when the exact same message has been sent too frequently up to a certain threshold.

Let's say var threshold = 10 .

My current approach:

Save each incoming request timestamp up to the threshold
Just allow each request up to threshold
If threshold is reached, check if time.Now() is more than maxAllowFrequency away from the first timestamp. If it is, disconnect the peer, otherwise allow.

Let's leave aside for now the required logic to reset everything (which won't be trivial either).

Is this approach performant? Are there better/more elegant ways to achieve this?

In code:

const (
  threshold = 10
  maxAllowFrequency = 1 * time.Second
)

type connections struct {
   timestamps []time.Time
}

var received = map[string]*connections

//the listener
received[newMsg].timestamps = append(received[newMsg].timestamps, time.Now())
if len(received[newMsg]) > threshold && time.Now().Sub(received[newMsg].timestamp[0]) > maxAllowFrequency {
  // ban this peer
}

Instead of storing the entire message string, maybe store a hash based of the message for better memory usage. — Jishan Shaikh, Jun 10 '23 at 03:23

Denial of service protection: how to reject connections based on content and frequency (golang as example)

0 Answers0