Protection from DOS attacks for validator nodes.

[nzpr]

Overview

Investigate protection from DOS attacks. Should this be inside node software? Are there complete solutions for gRPC/HTTP endpoints?

Impact

We need to put a shield in front of network layer before CasperPacketHandler.

Design

First we should figure out best practices used in other blockchains to protect validators.

[tgrospic]

Can this issue be merged with #2997?

[nzpr]

@tgrospic I'm not sure - this looks like a broader topic. 2997 should provide some data for this solution. But DoS is not just about spamming deploys, there might be another attack vectors.

[zsluedem]

I think this is a too broad topic which is not rchain trying to solve. I think we can use exist tools or something to solve it.

[tgrospic]

I found some older resources on Jira related to this topic. https://rchain.atlassian.net/wiki/spaces/CORE/pages/353468419/Peer-to-Peer+P2P+Network+Testing

Exploring what tools can be used, as @zsluedem mentioned, can be the first step to find good solutions and to create tests for these kind of attacks.

[zsluedem]

I rethink this question a little bit. DDOS is a very wide topic in every internet service.

As far as I know, DDOS attacks can apply to different layers.

1. Network layer(TCP flood etc.)
2. Protocol layer(GRPC, HTTP)
3. Application layer(Rnode here)

2997 is more like an application layer attack which should be addressed in rnode's code.

The another two layers (network layer and Protocol layer), I believe there are plenty of tools to address that.