How to prevent DoS through Ping/Pong protocol #954
Description
I am currently designing Tyrus-based WebSocket server. As part of the task, I am trying to make sure that single malicious (or buggy) client won't be able to saturate my server bandwidth.
For regular string or binary frames, I am able to decide upon each received frame whether the particular WebSocket consumption meets the policy I have defined and when I see too much data on particular session, I am able to close it.
Does Tyrus WebSocket API allow me to prevent a "ping flooding" attack? If my understanding is correct, Tyrus will automatically respond to Ping with corresponding Pong frame. While the maximum size of ping message is relatively small (125 bytes), the client might be able to transmit these with sufficiently high frequency. Since there is no "PingMessage" handler possible with Tyrus, I won't be able to ever see this ping-pong traffic when evaluating the fair-use policy for this particular client session.
Is there anything I can do to prevent such unexpected Ping behaviour when using Tyrus on the server-side?