[arch-general] [arch-dev-public] pkgstats: second try

Mauro Santos registo.mailling at gmail.com
Fri Sep 10 16:46:07 EDT 2010


On 09/10/2010 09:27 PM, Pierre Schmitz wrote:
> 
> Well, we have discussed all this before. If I don't limit the
> submission by ip it will be too easy for a single person to flood us
> with false data making the whole stats pointless. The ip is the only
> value you cannot easily spoof over internet.

A malicious user could still flood you with false data even with the 1
submission per IP per 24H(1) limit, I don't know how other ISPs work,
but here if I reboot my router I get a new IP, so it would be easy to
continually reboot the router (or somehow disconnect and connect the the
adsl link) and send the stats again with a new IP.

(1) Here the lease seems to be for 36H, I don't know about other ISPs.

-- 
Mauro Santos


More information about the arch-general mailing list