I also recommend limiting the number of connections from one ip per port. As a result of DDOS testing (5000 connections on port 3001), 5 pools from 20 random pools were disabled for a certain time. I also apologize for this operation, this will not happen again from us. This was done to test and provide useful experience for pool owners. Pools were selected with a very low Live Stake.
So @Vadimus you selected the pools for your “test” as the ones who would have been most hurt by losing their rare opportunities to make a block during that period? Incredible. Did you think about the unavailability of their relays causing their own topology peers to drop them, which would have affected them longer than your “testing” period?
I don’t think your “apology” can be accepted since it doesn’t sound like you understand either the technical or ethical implications of what you have done.
It looks like I was misunderstood due to the brevity of the information I provided. I have not tested DDOS on pools without the permission of their owners.
I selected 20 small pools without delegates and contacted their owners through their communication channels. We agreed on the time and method of testing. During testing, we isolated our pools from the main network. During testing, we checked the quality of the network security of our pools and eliminated network gaps. Thanks to these pools in our joint work. @COSDpool you have nothing to blame me for, no one was hurt by my actions. I ask you to correct the text on github and remove the accusatory tone.
@Vadimus of course I am relieved to hear that you had the cooperation of the pool owners: the difference is like night and day. Nobody would have guessed this from your original statement, because then there would have been nothing to “apologise” for.
The way the original statement was worded I’m honestly surprised 10 other people didn’t jump in in the meantime to demand to know what was going on. Thanks for leaving up your first statement unedited so readers can at least see how this misunderstanding came about. It’s not so much a matter of “brevity” but completeness about the conditions that would very grave otherwise, and I’m glad you submitted your qualifying statement promptly.
I’ve edited the presentation of this matter on Github and I hope you will comment there if it fails to address either the practical results or the spirit of your test.
Yes, the value I think SPOs should take from this is to understand whether they could benefit from implementing some of the suggested security recommendations. Many SPO’s lack proper education tools in this area so dialogue on best practices could be helpful
Prior to testing, the servers did not have any network restrictions that we were aware of. Of course, in some cases, the hoster itself provides protection against DDOS. But this is not the case. The problem on the tested servers was RAM overflow and node hang. As a result, we came to the conclusion: that the number of connections from one ip must be limited, RAM less than 4 GB is bad. Unfortunately, I was not able to conduct serious testing as I received a warning from my hoster. But I think this little information is already useful.
P.S.: The experiment was carried out on version 1.18.0. Since then, 2 updates have been released that have significantly improved node performance. Perhaps load testing would give a different result now.
Something along these lines would be a discussion/lecture/youtube as how to operate an offline node. Signing and bringing forth all manor of transactions,
There’s been some attention to this issue from developers on the IOHK Github. Nobody has come forward to say that it’s a good idea to limit the number of incoming connections to a relay port from the same IP. On the other hand, they say it might be harmful in 2 cases:
when you have more than one node on a server - which we’re not supposed to do anyway.
when the node is behind a Carrier-grade NAT - which generally means a home-based connection, not a data centre NAT for sure, which wouldn’t be the ideal place for your relays.
This suggests the conclusion so far regarding “limiting the number of incoming connections” from a single IP is that there’s no compelling reason to do it in the recommended stake pool setup.