dgs

[Anonymous]

asdg

[njloof]

Sure, go for it. Setting up mining pools is the new mining.

[Soros Shorts]

If you want it to be an invite-only pool, consider allowing only access via SSH tunnels. Each indidual user account also authenticates the SSH tunnel.

It would reduce the possibility of DDOS attacks significantly. Further, because you know which user account authenticated each tunnel if garbage traffic starts coming in from any one tunnel you would know who is responsible and deauthorize that user.

The SSH server is still susceptible to DDOS but you can easily put it on a separate box/datacenter from your pool server, e.g. on an small Amazon EC2 cloud instance which could be scaled up to multiple instances during a DDOS attack. That way your pool server is protected and nobody has to know where it is physically located.

[Soros Shorts]

If apache isn't even running on the pool server, is push pool still attack able if say I block all ICMP requests?

Depends on your configuration. If you set up pushpool to listen on a publicly accessible IP/port then it can still be directly attacked by people who know the IP address and port. They might, for example, send a flood of tcp connects that just linger until you run out of available connections for valid miners. This doesn't attack require ICMP.

[Genrobo]

Someone needs to come up with a server script that, when multiple connections are incoming...
The first connection is answered in X time.
The next connection within Y seconds from the first connection is answered in X + (Y-1) seconds.
So if there's an instant connect attempt, the next one will take at least Y seconds to be answered/accepted.

In instances of a DDOS attempt of multiple logins, this would help mitigate the issue greatly.