Proof of work rate limiting for NAT signalling and relaying

MatrixAI / Polykey

Polykey Core Library

https://polykey.com

GNU General Public License v3.0

29 stars 4 forks source link

Proof of work rate limiting for NAT signalling and relaying #556

Open tegefaulkes opened 1 year ago

tegefaulkes commented 1 year ago

Specification

As per #148 we applied some rate limiting mechanisms for preventing amplification attacks. But to truly protect against this we need to implement a simple proof of work for making signalling requests.

Additional context

Related #555
Related #148
Related https://github.com/MatrixAI/Polykey/issues/148#issuecomment-1676599952
Related https://github.com/MatrixAI/Polykey/issues/148#issuecomment-1676640517

Tasks

Implement a simple proof of work algorithm for limiting signalling and punch requests
...
...

CMCDragonkai commented 10 months ago

The rate limiter is still quite basic atm, I had an upgraded design here https://github.com/MatrixAI/Polykey/issues/148#issuecomment-1676640517.

Rate limiting wise, it's not guaranteed to prevent DOS. Only proof of work can do so. But it's a quick way of rate limiting based on certain identifiers. So it can be expanded further. Could combine proof of work along with some bucketing mechanism as a general "resource governor". It sort of reminds me of the resource-counter library that we have.