cross-publish top X most abusive IPs to peer every Y seconds #2

New issue

Open

opened 2025-01-11 11:05:12 +00:00 by unusualevent · 0 comments

unusualevent commented 2025-01-11 11:05:12 +00:00

Owner

Copy link

• peer can request threat intel peering (asks for specific rate, and type of abuse)

• need to avoid sending data they already know about - either by literally tracking it or knowing intuitively (e.g. sending the same batch to everyone, or knowing they told us something)

• configurable: firsthand or send data from trusted peers?

• map(bad IP)->info, map(peer)->(told-ips) - empty struct (peer:ip->{})? (memory limitation, could use sqlite + caching)

• if memory becomes a concern, btrees maybe? https://github.com/google/btree

- peer can request threat intel peering (asks for specific rate, and type of abuse) - need to avoid sending data they already know about - either by literally tracking it or knowing intuitively (e.g. sending the same batch to everyone, or knowing they told us something) - configurable: firsthand or send data from trusted peers? - map(bad IP)->info, map(peer)->(told-ips) - empty struct (peer:ip->{})? (memory limitation, could use sqlite + caching) - if memory becomes a concern, btrees maybe? https://github.com/google/btree

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: misc/mycellia#2

No description provided.