Skip to content

Conversation

AgeManning
Copy link
Member

As we now support IPv6 and it is becomming more prevelant, this PR improves the security posture of Lighthouse by grouping /56 prefix'd IP addresses when counting bans.

What this means is that if a peer gets banned, they cannot just move to a new ipv6 address within their prefix and perform poorly again. We use our IP-colocation ban logic and classify all /56 prefix's as a single IP when counting bans. If the prefix accumulates enough bans we reject the entire prefix.

NOTE: While I was testing I noted a lot of logging and delays in the tests. So while I was there I removed the logging and attempted to improve the test speed for the property based peer pruning test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant