Tendermint: p2p: prevent bad peer from connecting to us for some time
Suppose a peer sent us poorly formatted data or tried to DDOS us or did something else. What prevents it from connecting to us again after we stop it by calling StopPeerForError? Should we keep it in the address book as bad or refuse to connect for at least some period?
melekes
All 3 comments
Yes I think so. Maybe we can add a badPeers to the AddrBook that tracks peers that have been evicted and refuses to add them back to the address book for ~1 day or something.
ebuchman
on 23 May 2018
I think we should only add IP's to this 'bad peer' section, if we've gotten a response from them that depends on input we gave (either a successful PoW or secret connection). My worry is that otherwise we will get people who will IP spoof to fill up our badPeers addressbook list. (Or even worse, add all the seed nodes / nodes in the network they know info our bad peers list)
ValarDragon
on 17 Jul 2018
Note for reference bitcoin has a banscore and a bantime to determine when to ban a peer and for how long. The default is 1 day: https://bitcoin.org/en/developer-guide#misbehaving-nodes
I think adopting something similar is reasonable - but being banned should depend on erroring at one of the reactors, like sending a bad vote or block part. So it means you have to set up a full secret connection, exchange the node info, and send a bad reactor msg to get banned.
ebuchman
on 4 Jan 2019
Related issues
ddsvetlov
路
3Comments
liamsi
路
3Comments
ethanfrey
路
4Comments
thanethomson
路
3Comments
melekes
路
4Comments