Currently Avalanche nodes may require some ports to be made public. E.g. when supporting a subnet. Consequently, there's a DDoS risk. It would be nice if there was some additional DDoS protection against this.