Author Topic: Protection from denial-of-service attacks for delegates  (Read 7287 times)

0 Members and 1 Guest are viewing this topic.


Offline wackou

I'd like to offer a 1000 BTS bounty for a member of the chinese community to translate this post in chinese and post it to the relevant subforum.

No one?

Bump! Is the 1,000 BTS still up for grabs?

yep, still up for grabs! No google translate, though, this is for a native chinese translation, of course :)
Please vote for witness wackou! More info at http://digitalgaia.io

Offline roadscape

I'd like to offer a 1000 BTS bounty for a member of the chinese community to translate this post in chinese and post it to the relevant subforum.

No one?

Bump! Is the 1,000 BTS still up for grabs?
http://cryptofresh.com  |  witness: roadscape

Offline wackou

I'd like to offer a 1000 BTS bounty for a member of the chinese community to translate this post in chinese and post it to the relevant subforum.

No one?
Please vote for witness wackou! More info at http://digitalgaia.io

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
Would we be able to access via a dns passed thru say cloudflare so the ip is not known? I want to see if delegates can run webservices from the wallet allowing things like social login and sso via mobile apps
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline Samupaha

  • Sr. Member
  • ****
  • Posts: 479
    • View Profile
  • BitShares: samupaha

Offline cusknee

  • Full Member
  • ***
  • Posts: 174
    • View Profile
  • BitShares: cusknee
The security of our system should be a top priority.  +5%

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
 +5%  from me and will definitely vote for you today! Anything relating to security is extremely important!

Offline merlin0113

  • Sr. Member
  • ****
  • Posts: 286
    • View Profile
I'd like to offer a 1000 BTS bounty for a member of the chinese community to translate this post in chinese and post it to the relevant subforum. I believe security is an important issue and would like to see if the chinese community thinks I should be voted as a delegate to work on those issues.

c.c. to wildpig

来自我的 M040 上的 Tapatalk


Offline wackou

I'd like to offer a 1000 BTS bounty for a member of the chinese community to translate this post in chinese and post it to the relevant subforum. I believe security is an important issue and would like to see if the chinese community thinks I should be voted as a delegate to work on those issues.
Please vote for witness wackou! More info at http://digitalgaia.io

Offline onceuponatime

I'd recommend every delegate to have at least 1 "relay" node in standby mode (or a manually activated backup delegate) that can be activated in case of an attack.

As the cost of setting up a relay node is minimal and its configuration trivial I do not consider this an issue.

A simple and effective solution.  +5%

I fully agree, hence one of the by-products of setting up the backbone is for me to expand the functionality of the bts_tools package to easily manage multiple nodes, of possibly different types (eg: 1 delegate, 2 relays, etc...) from the same panel. This is already somehow possible, but the implementation under the hood is not really up to snuff.

I would like also to be very careful to not give a false sense of security to other delegates, by having them rely on the backbone and then decide they're safe. I believe that laziness and self-contentment is probably the worst problem one can face security-wise, and good security can only come with delegates being proactive and taking all measures possible to secure their servers. I do not claim that the backbone is the ultimate solution, just one more tool in a toolbox that each delegate should build for himself (along with firewalls, relay nodes, thoughtful arguments on the command-line, etc.)

I don't know why you haven't been voted in yet. Security matters!!!!

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BitShares: bitcube
I'd recommend every delegate to have at least 1 "relay" node in standby mode (or a manually activated backup delegate) that can be activated in case of an attack.

As the cost of setting up a relay node is minimal and its configuration trivial I do not consider this an issue.

A simple and effective solution.  +5%

I fully agree, hence one of the by-products of setting up the backbone is for me to expand the functionality of the bts_tools package to easily manage multiple nodes, of possibly different types (eg: 1 delegate, 2 relays, etc...) from the same panel. This is already somehow possible, but the implementation under the hood is not really up to snuff.

I would like also to be very careful to not give a false sense of security to other delegates, by having them rely on the backbone and then decide they're safe. I believe that laziness and self-contentment is probably the worst problem one can face security-wise, and good security can only come with delegates being proactive and taking all measures possible to secure their servers. I do not claim that the backbone is the ultimate solution, just one more tool in a toolbox that each delegate should build for himself (along with firewalls, relay nodes, thoughtful arguments on the command-line, etc.)

Yes, having a backbone for redundancy would help.  But the delegates cannot be complacent.  They have to do their part too.
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
Should work fine, especially after tuning torrc to consider bitshares-related connections long-lived (it'll then choose only reliable [high uptime] relays).

I mean, you can do VoIP over tor with hidden services and get <1000ms latency, and that's with hidden services which tend to be slower.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
delegates are time sensitive .. they have a window of less than 10 secs to transmit the block to the next delegate .. not sure if that will work reliably over tor ..

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
How about running the delegate through a proxy, namely, Tor?

Proxy support at the moment appears to be nonexistant, transparent proxying might be possible though ..