In Web3, one of the ways to protect against DoS (not DDoS) and spam attacks is to limit the number of queries from an IP address.
But in IC the IP address of a client is (apparently) not available. So, how do we protect? By limiting access for a single principal? But isn’t it easy for an attacker to create as many principals as he wishes?
So, how to protect from such attacks as draining cycles?
I have often wondered why the up isn’t passed through. I guess the boundary bode could lie. One thing you could do for http is require the client sign their ip as a requirement for the call. But this adds some friction.
How would we verify that the client didn’t sign a fake IP?
I guess the boundary node and client need to play a game with something at stake. Can I somehow prove my ip? Probably somehow.
But again this is a lot of friction if it isn’t transparent to most users.
Maybe another reason we should only have canister based wallets.