Bitcoin Forum

Deepbit: Up
BTCguild: Up
Slush: Up
Ars: Up
Eligius: Up

Miners: Please find another pool or solo mine (if you're feeling lucky)

Alternative pools that are working:

bitclockers (http://bitclockers.com/)
bitcoins.lc (http://www.bitcoins.lc/)
mainframe (http://mining.mainframe.nl/)
bitcoinpool (http://www.bitcoinpool.com/)
abcpool (http://www.abcpool.co/)
btcmine (http://btcmine.com/)
mtred (http://mtred.com/)
polmine (https://polmine.pl/)
mineco (https://mineco.in/)
ozcoin (http://ozco.in/)
eclipse MC (https://eclipsemc.com/)
Master Pool (https://www.masterpool.eu/)
rfc pool (https://www.rfcpool.com/)

http://chart.googleapis.com/chart?chs=350x200&chd=t:92.62,3.08,2.16,1.09,1.04&cht=p&chf=bg,s,00000000&chl=other|bitcoins|mainframe|MtRed|BitcoinPool

who is hitting what now?

reporting is not important but mining:

slush: down
eligius: down
btcguild: ok
ars: ?
deepbit: ?
...

Updated post with more info. All three were taken down less than a week ago. I guess they're back again.

slush: down
eligius: down
btcguild: INTERMITTENT  (Eleuth has a lot of practice at combating DDos and apparently one of the easier to work with upstream providers for filtering) imho...
ars: DOWN
deepbit: DOWN...

I know this. Miner's from each pool will have to report back whether they're still up or not.

  Yes, the chart is certainly not an accurate measure of whether pools are operating or not. I personally mine at some of the ones that show as 'other' but have not added a 'heartbeat' report for the chart. And, why should they?

  But the current DDos situation is very real.......

Yes, but the DDOS from a week ago shows that most people didn't do either of those.

also there are no more big options... this is intense

A friendly reminder, pool-hopper or not, a local proxy such as BitHopper or CherryPicking, configured with multiple backup pools, is a great way to help miners mitigate attacks like this.

I've been busy chugging along at other pools while Deepbit and Eligius remain offline for the duration of this attack.

My miners are BTCGuild are running fine right now

That's odd because mine are down.  Going solo.

https://rfcpool.com/ is up and running smoothly, come check it out - all welcome :)

btcguild works sometimes

masterpool seems to work fine


this is pretty bad

80% of the network or so is offline....   >:(

Not noticing anything hugely unusual @ http://blockchain.info/pools (http://blockchain.info/pools) . The global hash rate is down, but it doesn't look like an attempted 51% attack.

alfalfa please add masterpool.eu and rfcpool.com as working...

my miners switched from deepbit to btcmp.com, and now it works:-)

Last night, I finally got around to setting up a CPU miner with port 8333 forwarded in the wake of last week's attack. It should be caught up to the block-chain within half an hour. The connection is intermittant though: if nobody uses the computer for an hour, it goes to sleep (was originally 20 minutes).

Edit: I decided to go with to go with the most power efficient "family" computer (running win7, bitcoin is running under a limited user) after finding out another computer I was considering using draws 170W at full load and probably runs at a slower speed.

The pool operators should allow miners to provide the pool with an ip address where the pool can dial the miner to establish a connection...with a bit of software running on the miner's machine, it would allow the pool to initiate outbound connections to the members of the pool and operate though a bank of ip addresses that shield the pool from these DDOS attacks.

If the pools don't do something like this, then people will start resorting to setting up their own smaller, private pools if these DDOSes continue.

1. dynamic ip's.
2. If ddos if massive enough ip filters wont help.
3. There is lots and lots of small pools, everything is fine.

Copied from my post on Slush's thread, relevant to this topic:

Better yet, everybody should hop to a small pool.  Everybody jumping to BTC Guild ends up screwing over our regular users.  I've been removing servers from our clusters the last month due to shrinking speeds/profits.  We cannot handle 2+ TH/sec like we used to, because it isn't worth keeping up the hardware at this time.  That's why I'm looking at cancelling signups (private pool) or a major payout structure change:  Get the botnets off and keep our regular users with a stable pool.

So please:  If you mine on Slush, Deepbit, or BTC Guild, set your backup to a SMALL pool.  Not only is it more reliable (the major pool outages are often related), but it avoids putting unexpected heavier load on an already large pool.  And of course it's safer for the network to have the hash split between a larger number of nodes.

Hmm that is all strange with that pools hope it will resolv quickly.

As for me coinotron.com is working just fine and gaining power, no ddos attempt so far.

I thought DDOS attacks were "only because of the upcoming hashrate change deadline"?
So what's the explanation now?
Unless it really is the banking interests.

Silly talk. I've never heard anyone say DDOS attacks only occur close to a re-target. If the goal was to lower difficulty it doesn't make a difference when to bring down the hashrate, only that you take it down for a significant amount of time. Not even going to touch the "banking interests" line.

I read about 4 posts on these forums saying this last week.

The raptors are testing the fences.

It's no big mystery to me.
I'm just taunting the shills. :)

Last change 149184 14/10/2011 01:44 1'468'844.65 x0.89
Last 120 149797-149917 19/10/2011 19:13 1'345'917.52 x0.92
Last 10 149907-149917 19/10/2011 19:13 839'020.17 x0.57
Next 151200 29/10/2011 12:35 1'330'841.97 x0.91

  The current estimate for Next change is 2 days sooner than it was 34~ hours ago.. An attack lasting any significant time will push that out past the current 10/29. With the already expected drop average of about 200k it would put it at about 17~ days. To repeat, we are currently ahead of that.(likely thanks to some awesome luck at some pools).(And possibly bots successfully solving a few before they broke everything over the past few days). Those shills be dumb..  

  And I noticed someone posted about an attack for the purpose of shifting the time to retarget, stating it would not matter 'when'. This is not entirely true. The 'length' of attack is certainly the heaviest weight in the formula but the 'when' matters also. Crunch the math of an attack dropping 40% of the global hash rate out during the first 500 blocks after retarget and then again on an attack that did the same for the last 500 blocks... In my head it would seem the earlier attack would have the bigger impact on time to next retarget.. My head is old and fuzzy though, so without giving a shit to punch in the numbers it is highly likely I am delusional...

  An ideal attack would be to push the Dif back up as much as possible right before a retarget and then drop the added hash out. This would have the immediate impact of making the first few days of blocks after retarget take unusually long to solve. Variance aside, of course.

  Cheers, Shill Poker, Mageant

TL;DR Rabble Rabble, I like cheese!    :D

Why don't the botnet operators simply run their own pool server?

Or maybe they are already and they're trying to run everyone else off so their pool can take more of the pie.

  Probably because that would require actual work to code and pay for hosting for servers that could handle all the connections. And, it would not allow them to force their agenda on everyone.....


  Edit;  The pie doesn't work that way. Each solution has a chance to be a correct block. Best case scenario they chase off all the lazies and 'EVENTUALLY', very slowly and painfully the difficulty will drop a bit more than it would be otherwise in the long run.. It really only delays the time to retarget if sustained long enough. It wouldn't take more than a few brain cells put to the profibilaty calculations of such a prospect to see they would just extend the 'time to profitability' at what their target difficulty would be to be profitable. If they of course were thinking that. I highly doubt it and am certain their agenda is much more obvious...

Ironically, botnet operators can not easily switch their nodes to solo mining. Even if UPnP is employed for firewall piercing, many users will likely notice 12 hours of disk activity as their node catches up to the block-chain.

 Oh yea, on that note, so will the zombie's internet providers. Atleast if they are with ATT.. I received an interesting email from ATT;


  IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”

Our investigation shows that the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network which is possibly a Botnet.

Date: (UTC) => Your IP:
2011-10-18 04:45:24 => My Business T1 IP
2011-10-17 04:23:13 => My Business T1 IP
2011-10-16 02:47:36 => My Business T1 IP


IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.


IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.

Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to:  http://www.corp.att.com/aup/


   It was certainly news to me that they had a 'policy' against connecting to IRC servers on non default ports.  The times they reference are in direct correlation to my firing up the Bitcoin Client.. ;p
  I made sure to contact them on it none the less, because they do have a history of disabling accounts if they truely do suspect one of being 'zombiefied'.  I did not mention Bitcoin or anything but basicly told them that unless they had something in their policy about what remote IRC ports I am allowed to connect to, to please not send me further messages about it. I'm an asshole when it comes to them people. I pay for a home connection and 2 businesses worth of internet and phone servicve with them. Total about 4 grand a month, so they can kiss my shiny, white ass....

  But, it does make me wonder if they have jumped on the security bandwagon that has it in mind to flag Bitcoin related communications as infectious transmissions...?  And, will they decide to block it? They certainly are more than capable with their NAT setup to do so....  The next release of Bitcoin will have to include a built in http proxy just to fuggin work if something like that were to happen. Something to think about.

   And, also something for you agenda pushing Botnet fuckers to think about. I will be extremely pissed if because of your agenda you get 'Bitcoin' traffic in general banned..... Or is that your true goal!?!? hmmm *tinfoil hat feels warm*

I have an idea that could help: instead of accepting bare shares, pools may accept shares over a given small difficulty; say 4, 8, 16... of course accepted shares should count up as 4, 8, 16... "normal" shares. This countermeasure should get down the legal flood and make easier to identify the DDoS flow.

I don't know how much miner software should be amended to avoid alarming high rates of states if such solution is implemented.

Changing difficulty won't affect pool traffic as much as people think.  Your miner will ask for work exactly as often as it already does.  It simply will submit fewer shares.  The vast majority of pool traffic is obtaining new work, not submitting shares.

The biggest issue of pool overhead is in longpoll connection handling.  When you have large numbers of active connections, things start to randomly slow down.

MtGox was hit with ~11Gbps of ddos.

Peak Bits Per Second: 11.67 Gbps
Attack Types: UDP Flood, UDP Fragment
Event Time Start: Oct 19, 2011 15:00:00 UTC

No downtime to report.

it would've great to get one of these hooked up https://en.bitcoin.it/wiki/P2Pool

Are you allowed to report how much you pay per month to Barret Lyon and his friends?

Edit: Oh, noes, it looks like Barret had sold Prolexic.

 Upstream side UDP filter ftw? Or you got mad moxy on your side?


 

All connections are going through prolexic, which protects us from ddos attacks. It's expensive, but considering the loss (in trade fee revenue and image) generated by the website going down, it's worth it.

I'm really interested in hearing people's theories on why this is taking place. Especially the more rationally argued, non-conspiratorial ones.

I've heard that pool operators shut down the botnet operators' account, so they get DDOSed, but I haven't read that directly from a pool operator.

You don't need to d/l the chain in order to run a miner/worker. Actually, I have nothing bitcoin related installed on my rig at all.
.

This thread is about a DDOS. My CPU miner (1800khash/s) is not much use as a worker unless you don't pay for electricity (like a botnet operator). The CPU is, however, powerfull enough to relay valid transactions to other nodes on the network.

A worker using a pool does not make the network more resistant to DDOS attacks: the pools are easy targets because there are so few of them. I'm sure my node is an easy target was well (3Mbps would saturate the connection). But, if the attacker needs to hit 10,000 nodes at once, the "Distributed" part of a DDOS becomes less effective (3Mbps*10,000=30Gbps to take down the (hypothetical) network).

The chart was changed recently to only show the "Top 10" pools..... I guess "other" would be smaller if this hadn't happened
This isn't the only place its happened, these sites also help centralize the bitcoin miners by not showing more than top 10..

Ozcoin is doing fine so far :)

  Aye, and has definetly helped to show that too much centralization can be frustrating, to say the least.

  I think the trick will be for more pools to adopt the 'anonymous' reporting of their solved blocks. I.e., through not having the reporting bitcoin daemon on the same IP as the pool servers or front end. I did like the other chart someone posted, in the fact that there were so many reported blocks that did not have a owning pool assigned to them. Here it is, check out 'Unknown' blocks for 4 day span. http://blockchain.info/pools?timespan=4days   
 
  I would love to see the number of blocks reported by unknowns increase a LOT.  I guess the question in all that would be that if we did break the chart down and show EVERY reporting pool and who they were, would it just be a small bit more work for a DDoser to split his botnet up accordingly? Or, would it end up being so many smaller pools that it would prove enough of a deterrent? Some adaptation of the p2pool and even a good sifting through the longpolling protocol could go a long way to sure up the hashing part of the network.

  Oh, and grats on your pools massive luck recently. I knew I smelled it earlier, that most of the reported higher hash rate was from smaller pools having good luck. I only looked at 6 or so to draw such a conclusion. Yours makes number 7 and further verifies my spidey senses. ;p

   Cheers

lol'd
your looking for a reason that does not involve somebody secretly planning this mass action against bitcoin.

that would be easy then we just look for who is openly talking about ddos'n all the major pools and exchanges.

oh.. surely it's someone who is very *pro* bitcoin.  They're worried that if the network isn't perceived to be at risk, too many miners will switch off their rigs due to the low exchange rates. By attacking the pools like this they're hoping that more people will keep a proportion of their mining power running to protect the blockchain.
The last thing bitcoin needs while the price has tanked, is a successful 51% attack.

Ok - so I just plucked that theory from the ether, but it works for me better than assuming it's some nefarious bank/paypal type operation.
(I really don't think they're that concerned with bitcoin at the moment)

Either that - or it's just 'for the lulz'

The only ways this can be a non-conspiracy is if either a group publicly declaring that they are doing this or it is an individual.

Here is the definition:
Conspiracy (civil), an agreement between persons to deceive, mislead, or defraud others of their legal rights, or to gain an unfair advantage
Conspiracy (crime), an agreement between persons to break the law in the future, in some cases having committed an act to further that agreement

Probably the one of the strongest hypotheses.  A lot of geeks are probably somewhat PO'd that they missed their chance to get in as early adopters (I know I am) and a bit of lulzing could go a long way toward easing that pain.

Bitminter still working smooth as always:
https://bitminter.com

Perhaps a good time to cash in the 150 free BTC promotion before it runs out.

P4Man Ssssttt do not attract more miners the bigger our bonus :D
Mining without a hitch at bitminter :)

As far as I know, a conspiracy is between two or more persons or groups. That is what strikes me as improbable. I just don't think Bitcoin is important enough right now for two or more parties to meet and construct some grand plan on how to take Bitcoin down. No offense, I just don't think Bitcoin is that much of a threat to anyone (yet).

I would say the most probable scenario is the botnet operators themselves (as someone else suggested), and not a third party renting a botnet. I've seen prices for renting a 10GB/s botnet for a week to allegedly be $200-$400 (http://www.symantec.com/connect/blogs/bitcoin-botnet-mining). Can anyone think of a way that one could make over $400 a week by bringing down these pools? Could the decrease in difficulty resulting from the DDoS attacks increase mining profits by more than $400/week? I doubt it.

Perhaps we shouldn't even look at it as necessarily arising from evil intent. I mean, if these botnets were able to mount a successful attack against Bitcoin, it would teach us a lot about how to mitigate these sort of attacks. It's much better that an attack like this happen now, and not 5 years into the future, when people are using Bitcoin for more serious stuff. Maybe someone is just playing around to see how well Bitcoin stands up? I don't think this is necessarily bad for Bitcoin itself. Of course, one could present other moral objections to doing so.

the geek conspiracy.

The Man is getting "worried", so he is to quote a previous poster, testing the fences !!

Mt Red appears to be down (not sure if it's related to the DDOS).

Not so fuzzy after all.  An earlier attack DOES have an advantage!

When you attack, you usually don't know how long you can sustain the attack.  So, if you attack early and sustain as long as you possibly can, you will enjoy 100% of the attacks' fruits.

On the other hand, if you arbitrarily decide to attack just 48h before difficulty change, then you can enjoy AT MOST 48h of decreased hashing power.

There's no advantage in doing it late.  But there IS the risk that you underestimate your chances of success.

So much for the myths..

Pools are not bitcoin!

In fact, they are the quite the contrary.  The bitcoin spirit is to decentralise, while pools centralise.  Ironically, this makes pools attackable (as we're witnessing), which is a problem bitcoin tried to solve (by decentralisation).

Consequently the pools fall while the bitcoin network stands. During the next DDoS attack, check the "other" share for evidence, on your favourite stats site or on http://bitcoinwatch.com

  If that is true it certainly would speak more to the motives of said Botnet OP.  It would need verification, but if I recall correctly the last two big attacks were shortly after difficulty change. I.e., a start point within the first 48 hours. If correct this would indicate a motive that is much more profit driven and diliberate than an attack that was just intended to disrupt the network for *insert reasons here*.

  *ponders*

  Cheers