Hacker News new | past | comments | ask | show | jobs | submit login

How does one force exponential backoff of clients without taking in any load on themselves?

Is it some sort of TCP window congestion control futzing? But even that wouldn't work since the client can do whatever the heck it wants.




Hi, I’m the author of the article and I’m horrified by how many spelling mistakes I made. I must have written this in a rage.

To answer your question, since we had control of the clients (since its a game) we used a proof of work challenge on TLS handshake which increased in complexity the more failed attempts you gave us.

Very cheap on the server, very expensive on the client, which effectively rate limited connection attempts.


I see. But still after the initial TLS handshake. So clients can still connect over and over and force your server to do TLS handshakes all day long.


Drop incoming SYNs when the CPU hits thresholds. More specifically, every second the cpu is at or above the 'bad times' threshold, increase the probability that you'll drop a SYN; every second the cpu is at or below the 'good times' threshold, decrease the probability that you'll drop a SYN.


I dont think its possible to do it without "any load" The hardware grabbing the packet, putting it into the socket buffers, analysing if its valid, requires some work.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: