from completely blocking all message traffic; the cost would be a
whole lot of join/leave spam due to connection churn.
-We also use greenlets (Python coroutines imitating system threads)
-when they are available. This reduces memory overhead due to
-threading substantially, making a thread-flooding DoS more dfficult.
-
== Authentication/Integrity ==
One way to help prevent DoS attacks would be in-band authentication -
The deployment advice in the installation instructions assumes that
irkerd submitters are "authenticated" by being inside a firewall - that is,
mesages are issued from an intranet and it can be trusted that anyone
-issuing messages from within a given intrenet is authorized to do so.
+issuing messages from within a given intranet is authorized to do so.
This fits the assumption that irker instances will run on forge sites
receiving requests from instances of irkerhook.py.