|
There are plenty of forums which will pay for your GPU time
for cracking high-end mobile phone security codes through brute force OpenCL calculation (iPhone, Nokia, Samsung etc).
ATI/AMD cards excel in that area too, so you can use your existing setup.
Depending on the rules here, that might be legal or illegal so you should use Google if interested.
|
|
|
|
because they can choose to take the money they earned through extortion and invest it in attacking you. That's usually how extortion works. Once the gravy train starts flowing, it's hard to stop it.
https://bitcointalk.org/index.php?topic=49038.msg584062#msg584062 They can't. Prolexic itself is impossible to bring down even with the largest available botnet. It has more bandwidth than Google. Mt. Gox routes all traffic through them in the event of DDoS (such as the recent attack during which they experienced 11gbps attack; medium size) Routing traffic to a gigantic DDoS mitigator with multi terabit/s capacity is a checkmate against the attacker. There is nothing more you can do at that point, even if you had 1000gbps attack capacity. Downside: It costs a lot of money (in the 4-5 figures) per month. If you persuade 'attacker' to voluntarily stop in exchange for a smaller sum than charged by Prolexic, both sides win. By being forced to pay exorbitant prices to a prevention company both sides lose in the long run. Of course, it's not an 'orthodox business practice'. But money is money, it has no pride or ego. It's numbers. |
|
|
|
Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime) Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away. If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'. 'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower. |
|
|
|
|
A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.
All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router
DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.
It only needs to last as long as people switch to other pools, and if they come back, target the network again.
|
|
|
|
Fair enough, that was a very hot-headed post from me because I was, and still am, pretty angry about the situation where we've effectively got an Internet run by people with power but no responsibility. Idiots with the virtual equivalent of major first-world armies at their command, but without the restraint to use them only in times of justified war; it's the equivalent of the USA bombing the hell out of anyone just for teh lulz. Fucking anarchy. The fact is that two pools now have publicly stated that they've appeased the bullies, and done what they've been ordered. These words will sting Anni (sorry, I respect you and I really enjoyed being part of your pool, but this has become a bigger moral debate) and the BTCGuild guy, but it's true. What next? Given that Anni's just said that his paying clients were important and that the size of the DDoS would cripple his datacentre, then the criminals operating these zombie botnets will presumably now be requesting protection money. Some things never change... 'nice datacentre you've got here... would be a shame if it got DDoS'd, my boys can take care of that for a fee'... I don't want to be involved in a world like that. There's giving up, abandoning the enterprise, giving the criminals money, or just letting the whole thing fall apart until everyone gets bored. But there must be *active* preventative measures - not just defence, but offence as well - surely? Defensively - why not run the pool on a P2P basis, with signed code to prevent each pool member *not* distributing the earnings amongst the network (actually, the entire Bitcoin 'reward' system could be rewritten to pay *every* contributing miner a proportional basis of the money supply - eliminating 'luck' and pool-hopping entirely, but it'd also remove the ability of 'being a pool' - that's probably deserving of its own thread, but I'm sure someone has thought of this already)? Offensively - I admit there's little point in attacking zombie machines (though my opinion has *always* been that if you're unskilled enough to secure your own machines / network, and your machines are used as attack vectors, then your machines should be taken off the network for the network's good) but there are only two points where a DDoS can be stopped; either at the zombie bot, or the zombie bot's ISP. If the ISP can't give a damn, then they are just as complicit. Massive traffic identified as a DDoS attack can be stopped by the ISP refusing to forward on the zombie's packets before they end up, along with all the other zombies, filling up someone's pipe. And stopping the attack at the zombie machine itself requires hacking the zombie machine, which is unethical as per responses above. Is there any way to ask the router *upstream* of your datacentre to filter packets on a certain-number-per-originator basis? All source IPs would get through but only at a restricted rate. This wouldn't affect normal operation but would slow down 'flood' type attacks... It's a fucking shame, an absolute fucking shame. I understand why Anni did what he did, and on a business basis it makes sense (unless it leads to threats of financial extortion) but the whole situation could snowball into causing mistrust in the Bitcoin community, the further devaluation of the BTC, and eventual total financial loss for those who have invested in the enterprise. Perhaps I'm being somewhat pessimistic, but right now, with organised crime assaulting the Bitcoin mining infrastructure, I don't see the likelihood of Bitcoin actually *succeeding* being very high any more. I think my investment in hardware will be wasted and mining eventually ending. Organised crime doesn't gain anything from this outcome - maybe the vested interests of established fiat currencies may gain, but I wouldn't expect them to approach the problem *this* way. Again it comes down to power without responsibility - such idiots shouldn't be allowed to have such heavy weapons... I truly hope that something rises from the ashes of MMC... I was proud to be a member of that pool and I'd be back in a heartbeat. I don't have the facilities to offer but will help in any other way - I'm hoping Vladimir has something up his sleeve  Everyone pays for protection from the stronger. Even you pay for protection by taxes. At some point DDoS protection will be an ordinary business expense just as guarding & security services purchased by corporations and stores in the physical world. Tor is not the ideal protection method either as an attacker with relatively low bandwidth can bring down the network very easily (Fake TLS handshakes, attacking directory services and all active routers on the network, consuming the network bandwidth grinding it to a halt) |
|
|
|
What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?
Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work. thralen 10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests. |
|
|
|
|
What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?
|
|
|
|
It will always be profitable for the miners with the cheapest electricity and already owned equipment to mine. The difficulty fluxuation assures that mining will always be profitable by whoever can scrape out the lowest costs to run their rig, and not for anyone else. Since we can assume that there will always be some schleps who mine unprofitably, the profitable mining will be limited to cheap electricity user and botnets and they are all competing to gain that marginal edge.
Hardware does depreciate in value & could break. So unless you both steal electricity & the components (or use a botnet), it's hard to see any profit at $2 per coin unless you run a really, really big operation. |
|
|
|
this hurts my 35 BTC  but now i don't sell for sure, anyway to late. somewhere someone has pushed a shiiiitload of BTC into the market.. Holding onto a depreciating asset just to feed your ego makes no sense. People make bad decisions and mistakes all the time. A winner can see when he made a bad decision & stop his assets from depreciating even further. |
|
|
|
|
It's a natural reaction to the low price. Difficulty is dropping by about 300,000 tomorrow.
When difficulty gets low enough for $4/btc to be profitable again, hash rates will rise.
|
|
|
|
|
You're not running a business mining solo at this point.
You're gambling & paying for it in your electricity bill.
Those people aren't talking "shit", they're right. They have nothing to gain from lying to you.
In fact, if you keep mining solo, the better for them.
Though as you can see, some people actually give out valuable advice instead of trying to screw you over.
|
|
|
|
I'm mining, just not now. Electricity costs must be paid every month.
not to mention the lost investments that will never be recovered! Nobody is responsible though. You, me, and everybody else got into the business by personal decision. We have to bear risks and potential losses alone. The price crash happened roughly at the same time as other financial instruments began losing value rapidly, even stocks and gold. It couldn't possibly be anticipated. Sure, mining hardware will depreciate a bit in value right now, but once difficulty drops, even a $5 btc will be worth mining. |
|
|
|
|
I'm mining, just not now. Electricity costs must be paid every month.
|
|
|
|
Poolserverj pulls getworks from all these nodes in hopes that the random distribution of getworks increases variance and the chance of finding a block.
I thought it doesn't work that way. Every submitted share should have the exactly same probability of solving the current block (1:some septillions, can't remember the exact number) All external variables are irrelevant, like amount of previously submitted shares, when a getwork was obtained etc. (There is probability as in poisson distribution, but there is zero certainty) |
|
|
|
|
I ran ~16 machine clusters per 1 $10 dollar router just fine.
Mining clients use very small amounts of bandwidth, about 20mb per day per machine.
|
|
|
|
I think the major payment web sites such as Paypal, Moneybookers etc are out of reach, they will ban bitcoin transactions, the closest I can find so far is alertpay.
They can't ban something that doesn't exist. If you write 'payment for bitcoin exchange' in the memo field it's your fault if they freeze the account. Just leave out the last three words |
|
|
|
I'm a bit puzzled as Moneybookers did close my account two weeks ago and tells me I can't use their service any longer because I sold bitcoins via bitmarket.eu.
I don't want to blame the victim here, but.. Why do you *openly* deal in BTC? You should always send the money as a 'payment for a service' or 'payment for debt'. Mentioning bitcoin in the message field is asking for trouble. You should never do this. And to be honest, unless you did mention it, there is no way for them to know what you sent/received the payment for. |
|
|
|
Wonderful to see you dont have that issue, but i do. A 100% hold on all transactions for 30 days. Reason they told me, "some people are malicious and will do a chargeback".
Lets just say that my confidence in them went way down. Id rather use paypal, at least i can use my money even if i eventually get scammed.
They might limit customers from high risk countries (Bulgaria, Romania, Russia, Ukraine, Nigeria, Indonesia, Mexico) They keep a close eye on those just as Paypal and other payment processors with common sense. Even if you're from the US, they might do statistical patterning & find indicators of possible fraud (logging in via proxies/TOR, rapidly changing ip's from various ranges during a short timespan etc) |
|
|
|
The way he do phishing so openly is scary, don't they have any laws or respect any laws?
If he's really from India as suggested by the vague WHOIS info above, then probably not. As long as you have money you don't have to respect any laws in India. |
|
|
|
|
Everyone knows "Jessica" is a guy & a phony. Beware of dealing with him, preferably just ignore his posts.
|
|
|
|
|
Show Posts
