Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN][DRK] DarkCoin | First Anonymous Coin | First X11 | First DGW | RC4 Testing
by
chaeplin
on 31/07/2014, 15:24:50 UTC
Quote from: illodin on July 31, 2014, 03:00:20 PM
Quote from: illodin on July 31, 2014, 02:50:31 PM
Quote from: rethink-your-strategy on July 31, 2014, 02:38:13 PM
The "monitoring the state of the network" thing is then a huge security risk AND a massive drain. This means that every single one of the (potentially tens or hundreds of thousands) have to reach out every single one of the (potentially several hundred) masternodes. This is a massive traffic burden, but it also means that a bad actor can setup (or compromise) just a single masternode in order to identify the IP address of every single node.

I don't have deep enough understanding so I'm just throwing ideas around here. But there must be a way to distribute the count of the running nodes in trustless manner (similar to how the blockchain is distributed) without every wallet having to go and ping every masternode. This would obviously mean that the implementation wouldn't be so straightforward anymore. Smiley And, the count is needed only before doing the denomination, which could be once a day, or once a week for most users.

Masternode status is broadcasted to peer.
It's like a transaction msg but has a different identifier.

If a node has a single peer connection, the node can get whole list of masternodes.

Node list of http://drk.poolhash.org/masternode.html?srch is extracted without connecting each NM.
(masternode list)

ddos ?

Evan's reply
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/#post-2074
Quote
Quote
ebubar said: ↑
Hi,
Did you know how to DDOS protect with linux?
Or closing all port execpt 9999 is enough?
I think closing everything but port 9999 should be enough.

My guide has this.
permit up to 2 connection per ip, up to 8 per c class.
Code:
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT