...
https://discourse.criticalengineering.org/t/howto-crafting-arbitrary-network-packets-with-socat/51
Notes from conversation with Mike on 4/2
- Hardening happens on a variety of levels
- Setting up firewalls or hardware in front of the main node (defense)
- Packet inspection: intrusion mitigation
- If people are sending malformed packets, then we need to know and deflect
- Reject packets that are not signed by the key
- Either build your packets correctly or get slashed
- Load balancing on the valid traffic
- Tools for hardening
- Generating valid protocol buffers to through at the Casper implementation
- Fuzzing
- Way of generating valid or invalid protobufs at random to see how the software reacts
- Can be done when the node and firewall is ready
External service blockin
Firewalls on each node
Ports that are open will validate packages with correct signature. Even if it's signed and well-formed, we need a way to through at Casper to prove that it's not malformed.
In April
- RChain get IP range for bootstrap nodes
- Decision on where to test - Cost risk to hammer AWS with node testing
- Either buy time on Amazon
- Or buy some hardware, upfront cost of hardware
- Choose a fuzzer tool
- Look at planned protobufs to choose a tool
- Pawel may have insight
- Have conversation with Pawel and Nash to determine broader testing
- When do we need horizontal scaling on the node?