3. Limit the number of requests that can be queued by source IP address.
This might be worth doing; it would stymie a single-source DoS attack through
-a publicly-exposed irkerd, though not a DDoS by a bitnet. But there isn't
+a publicly-exposed irkerd, though not a DDoS by a botnet. But there isn't
a lot of win here for a properly installed irker (e.g. behind a firewall),
which is typically going to get all its requests from a single repo host
anyway.
from completely blocking all message traffic; the cost would be a
whole lot of join/leave spam due to connection churn.
-We also use greenlets (Python coroutines imitating system threads)
-when they are available. This reduces memory overhead due to
-threading substantially, making a thread-flooding DoS more dfficult.
-
== Authentication/Integrity ==
One way to help prevent DoS attacks would be in-band authentication -