Proposal: Add a OnConnectionAttempt callback for Brute Force Detection #640
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
I am propose a modification to the current Config structure to add a callback mechanism that includes the client's address as part of the validation process. This change is crucial for implementing a Brute Force Detection mechanism in our system.
Currently, the DTLS server validation process does not provide any information about the client attempting to connect. This lack of information makes it impossible to detect if a specific IP address is repeatedly trying to guess the correct authorization, a common sign of a brute force attack.
OnConnectionAttempt func(net.Addr) error
Whenever a connection attempt is made, the server or application can call this callback function.
The callback function can then implement logic to handle the connection attempt, such as logging the attempt, checking against a list of blocked IPs, or counting the attempts to prevent brute force attacks.
If the callback function returns an error, the connection attempt will be aborted.
Reference issue
No related issue