|
Title: 2013-10-17 Register: How mystery DDoSers tried to take down Bitcoin exchange Post by: Arvicco on October 17, 2013, 03:06:59 PM http://www.theregister.co.uk/2013/10/17/bitcoin_exchange_ddos_flood/
Title: Re: 2013-10-17 Register: How mystery DDoSers tried to take down Bitcoin exchange Post by: Carlton Banks on October 17, 2013, 07:08:35 PM Is there a TCP/IP alternative that's resistant, or more uneconomic, to use for DOS attacks? This whole progression of having firms that specialise in DOS mitigation looks more and more like a protection racket business model. I understand that the Linux kernel was both designed and improved to negate the use of virus protection on the platform, despite not succeeding in elimintaing Linux viruses altogether. A similar outcome with a TCP/IP usurper would be most welcome.
Title: Re: 2013-10-17 Register: How mystery DDoSers tried to take down Bitcoin exchange Post by: ShadowOfHarbringer on October 17, 2013, 09:05:34 PM Is there a TCP/IP alternative that's resistant, or more uneconomic, to use for DOS attacks? This whole progression of having firms that specialise in DOS mitigation looks more and more like a protection racket business model. I understand that the Linux kernel was both designed and improved to negate the use of virus protection on the platform, despite not succeeding in elimintaing Linux viruses altogether. A similar outcome with a TCP/IP usurper would be most welcome. Nothing except specialized services can protect you from 100Gbps attack if your normal connection is only 1Gbps.It simply overfloods the pipe - it works in the same manner as water. When attackers use up all your bandwidth, nothing is left for the normal traffic. Title: Re: 2013-10-17 Register: How mystery DDoSers tried to take down Bitcoin exchange Post by: Carlton Banks on October 17, 2013, 09:32:55 PM Nothing except specialized services can protect you from 100Gbps attack if your normal connection is only 1Gbps. It simply overfloods the pipe - it works in the same manner as water. When attackers use up all your bandwidth, nothing is left for the normal traffic. Yes, I appreciate the concept of the attack vector for DOS, I'm also aware there are alternative attacks that only require low bandwidths to exploit known timeout intervals on DNS servers to deny legitimate user access. The DOS toolkit is larger than regular bandwidth flooding these days. I have no useful insights as to how it would be done, the technical aspects of data routing at the basest level is not something that I know much about. I just find it surprising that there has been no innovation into how we solve this problem. Hacking servers with high bandwidth connections may never be completely solved, so it's tempting to think about addressing the issue from a more fundamental basis, and not just using expensive mitigation services. It just becomes an arms race then, and there's alot of potential corrupt behaviour that can stem from that. Title: Re: 2013-10-17 Register: How mystery DDoSers tried to take down Bitcoin exchange Post by: LiteCoinGuy on October 18, 2013, 12:13:09 PM "Web security firm Incapsula helped a Chinese Bitcoin trader to weather a ferocious denial-of-service attack last month when the volume of inbound traffic to the site peaked at 100Gbps.
The attack against BTC China, a platform where both Bitcoin and Chinese yuan are traded, lasted nine hours and is one of the fiercest on record. But unlike the even bigger 300Gbps attack against Spamhaus back in March no amplification techniques were used in the assault against BTCChina." The circumstances of the BTC China attack mean that the unknown assailants had a huge amount of bandwidth at their disposal. "This amount of fire power isn't cheap, or readily available, signifying a big step up in resources pulled together to launch this type of attack," according to Incapsula. these bastards ;-) |