rustyrussell
commented
7 years ago This is a fundamental issue with running a public node, whether it's a bitcoin node or a lightning node. Proxying creates the same DDoS issues, just internal to the lightning network.
One thing we can do is to add an optional message supplying confirmed peers with alternate address(es) to connect to. This allows a site to have a different address for peers who share channels.
DDoSing lightning network node is very critical attack and mitigation method is needed. For example, node discovery should not rely on ip address, and nodes should be able to relay packets behaving as proxy for other nodes.