§13.1.

Subscription Amplification

A malicious subscriber could attempt to overwhelm a publisher or relay by requesting subscriptions to many tracks simultaneously. Relays SHOULD implement rate limiting on subscription requests and MAY reject excessive subscriptions with REQUEST_ERROR using the EXCESSIVE_LOAD error code. Publishers SHOULD monitor the number of active subscriptions and enforce limits to prevent resource exhaustion from a single subscriber or session.

TODO: Describe Cache Poisoning attacks

This is one section of the MoQT specification, rendered per-section for quick reference and citation. The authoritative text is draft-ietf-moq-transport-19 at the IETF.