DDOS mitigation/prevention


#1

Hi POA Network team,

From what I know, Ethereum testnets based on PoA, like Kovan, are susceptible to DDOS attacks. This can severely delay genuine transactions, which Kovan has experienced sometimes.

How does the POA Network prevent or mitigate this? Since the IP addresses of authorities are public, and there are not more than 15-20 authorities, it is susceptible. So what are your methods to solve this?

Thank you!


#2

Hi Rohit,
thank you for raising an important question. I can not disclose all measures we have to prevent DDoS but let’s summarize:

You can get validator’s IP from p2p protocol but it doesn’t mean that you can connect to his node.
Some validators have p2p disabled https://github.com/poanetwork/deployment-playbooks/blob/df2aaf44de818ae81d67973961a0d29ca5e6801f/group_vars/all.example#L91 They initialize connections from their node to an array of bootnodes listed here https://github.com/poanetwork/poa-chain-spec/blob/core/bootnodes.txt and not listed in the file (to reduce attack surface).

We did a DDOS audit before the network launch and tested under different load both structured (tx, contracts) and unstructured load.