On Fri, Aug 16, 2013 at 6:41 AM, Warren Togami Jr. <wtog...@gmail.com> wrote: > If you disallow the same IP and/or subnet from establishing too many TCP > connections with your node, [...] > has almost zero drawbacks,
There are whole countries who access the internet from single IP addresses. There are major institution with hundreds or even thousands of hosts that could be running Bitcoin who are visible to the public internet as a single IP address (/single subnet). Most tor traffic exits to the internet from a dozen of the largest exits, common local-network configurations have people addnode-ing local hosts from many systems on a subnet, etc. Prioritizing the availability of inbound slots based on source IP is reasonable and prudent, but it does not have almost zero drawbacks. Outright limiting is even worse. As a protective measure its also neigh useless for IPv6 connected hosts and hidden service hosts. It's also ineffective at attacks which exhaust your memory, cpu, IO, or bandwidth without trying to exhaust your sockets. So I am not opposed to prioritizing based on it (e.g. when full pick an inbound connection to drop based on criteria which includes network mask commonality), but I would not want to block completely based on this. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
