Peers that propagate an invalid transaction are disconnected.
Immediately after the first invalid transaction? What if they are disconnected but then immediately attempt to re-connect? How long of a memory does it have? Does it block based on IP or some other identifier?
I think there are plenty of ways to prevent network wide DOS attacks. There could still be targeted attacks against specific nodes, but anyone who is in the business of making money on active trading would always act through proxies and keep their true server location hidden.
Of course, but if their proxies are knocked off somehow, then it could take a block or two before they establish new proxies and re-connect to the network. I am suggesting a quick, targeted attack: DOS selected nodes, immediately slam the market, and have everything over within a couple of blocks. (Block times are what, 1 or 2 minutes, IIRC?) The attack ends, but the blockchain is a couple blocks larger and filled with undesirable transactions.
DOS attacks are readily addressed.
So have they already been addressed, or is it on the to-do list? Or on the "to think about later" list?
Is there a peer limit? Is there a peer request rate limiter? Does the peering mechanism have a counter to the old SYN flood attack? (whether actually based on actual TCP SYN, or the higher-level peering equivalents; I imagine there is a typical handshake "Hey I wanna peer!" "Ok let's do it" .... wait for acknowledgement.... wait some more.... wait how long? Wait for how many new peers at one time?)