If they are on the same subnet why not prohibit incoming traffic on the TCP port used by the gRPC at the router for the subnet using a simple firewall - the traffic DoS traffic must be hitting the router first (because that is where the TTL reduction would occur anyway)
> On Jul 23, 2020, at 11:51 AM, Matthew Walster <matt...@walster.org> wrote: > > >> On Wed, 22 Jul 2020 at 23:30, Robert Engels <reng...@ix.netcom.com> wrote: >> Your network is setup wrong... if you are relying on a router to enforce ttl >> decrement for security. You can more easily prevent IP spoofing on the local >> net (or at the router) and then just verify the IP network portion is >> correct. Easier with a simple IP table rather than doing it in user space. > > Robert, > > I'm a network engineer by trade, I use TTL security (through GTSM) on a > regular basis with BGP. This code would be running on a white box switch that > would be connected to a central concentrator. > > I'm open to suggestions for alternative ways of preventing that connection > from being DoSed. > > Matthew Walster -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/2AE040E8-8695-4DD5-BD2C-14CDD5A52143%40ix.netcom.com.
