No protection to against DDoS Attack from P2P

axonweb3 / axon

Axon is a Layer 2 framework of CKB with native cross-chain and interoperability.

https://axonweb3.io

MIT License

65 stars 39 forks source link

No protection to against DDoS Attack from P2P #1585

Open yangby-cryptape opened 1 year ago

yangby-cryptape commented 1 year ago

Description

The node won't be punished which keep sending malformed data through P2P.

Flouse commented 1 year ago

I agree that it's better to have the P2P port protection.

Potential solution: whitelist rule

In reality, there are fewer cases where one would actively want to run a sync-node of an app-chain, which are usually maintained by several trusted validators.

If an app-chain is not completely permissionless, then open p2p port with a whitelist rule is accessible IMO.

So I suggest to postpone this optimization plan. Would like to hear @driftluo 's opinion.