Bitcoin Forum
December 13, 2024, 08:31:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What are we gonna do about the DDOSing?  (Read 1492 times)
KedP (OP)
Newbie
*
Offline Offline

Activity: 45
Merit: 0


View Profile WWW
June 03, 2011, 06:00:23 PM
 #1

DDOSing is extremely hard to circumvent event for the top security experts in the world.

The status quo is tremendously easy to exploit by these Russian botnet operators. They seem to be doing it regularly now.

1. DDOSing all the pools.
2. They increase their bitcoin profits for awhile.

I don't see how this is going to stop in the long run.

What is the countermeasure? Pool hopping is not a great solution because they can just DDOS all the pools.

no_alone
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 03, 2011, 06:03:24 PM
 #2

make it that the all miner will have a option that if a pool is not responsive for X second do solo mining...

Mine only when pc is IDLE totally indivisible...
http://forum.bitcoin.org/index.php?topic=9851.0
Mine on family computer without disturbing them

Donation : 1GjpJnLU8zdfEHW7FoCx2UUosJgc9prXN4
TheSeven
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


FPGA Mining LLC


View Profile WWW
June 03, 2011, 06:10:01 PM
 #3

DDOSing is extremely hard to circumvent event for the top security experts in the world.

The status quo is tremendously easy to exploit by these Russian botnet operators. They seem to be doing it regularly now.

1. DDOSing all the pools.
2. They increase their bitcoin profits for awhile.

Do those few DDoS attacks really have a noticable impact on the difficulty? How many percent of the total hashing power were down for how many percent of the time? I don't think it's really that much.

I don't see how this is going to stop in the long run.

What is the countermeasure? Pool hopping is not a great solution because they can just DDOS all the pools.
DDoSing all pools would require even more lots of (expensive) botnet members. I'm not sure if this pays off.

My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
njloof
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
June 03, 2011, 06:19:24 PM
 #4

Possible remedies:

- Many more pools
- More private/hidden pools
- Back to solo mining
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442
Merit: 1005



View Profile
June 03, 2011, 07:30:13 PM
 #5

DDoSing all pools would require even more lots of (expensive) botnet members. I'm not sure if this pays off.

Cost to prevent bitcoin mining < Cost to mine bitcoins
supa
Copper Member
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 03, 2011, 07:33:39 PM
 #6


Take the opportunity to study and understand the impact on a project like BitCoin? Smiley

The purpose of a decentralized authority is to prevent control (including destroying) that centralized authority.

If you all want to create a synthetic centralized authority in BitCoin - keep your priority in mining pools and profit rather than the fundamentals of the project.  It's an easy target for DDoS. Smiley

KnuttyD
Member
**
Offline Offline

Activity: 109
Merit: 11



View Profile
June 03, 2011, 07:41:03 PM
 #7

DDoSing all pools would require even more lots of (expensive) botnet members. I'm not sure if this pays off.

Cost to prevent bitcoin mining < Cost to mine bitcoins

Expensive botnet members?
I can buy 1000 bots for 100$ or less, and have em DDoS for me.
Even cheaper if I write my own bot, which is not very difficult (even a FUD one).

If a botnet owner w/ around 15000 zombies (not very uncommon) wanted to mine coins, by golly he could. Set 7500 of em to CPU mining, the other 7500 to DDoS'ing the pools with bad packets.

If I helped you in some way, and you feel obligated to do so, you can tip me some coin!
1KVadqbELY3KuJhkm9rDtcwxZknhRsfPHY
KedP (OP)
Newbie
*
Offline Offline

Activity: 45
Merit: 0


View Profile WWW
June 03, 2011, 10:33:02 PM
 #8

This is happening all the time too.
bcpokey
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500



View Profile
June 03, 2011, 10:42:06 PM
 #9

We should do about DDoSing what everyone should do about DDoSing.

If I upload/download a britney spears song via a torrent I can potentially be liable for tens of thousands of dollars in "potential lost revenue" after my ISP surrenders all my information, but if a real functioning entity is actually prevented from having an online presence on the internet because my connection is part of a collective effort to bombard it off the internet, that's no problem?

Should start a lobby to get ISPs to knock zombie machines off the network until they can pass a scan showing they are no longer infected. Yes I know there's lots of international stuff too, doesn't seem a difficult program to institute worldwide.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
June 03, 2011, 10:49:31 PM
 #10

If a botnet owner w/ around 15000 zombies (not very uncommon) wanted to mine coins, by golly he could. Set 7500 of em to CPU mining, the other 7500 to DDoS'ing the pools with bad packets.

That's still a relatively pathetic payout, given that most computers in botnets are compromised windows XP machines running old amd semprons and celerons/p4's or worse. They will output maybe 100-200khash per second or less with the average skewing up a bit by infected machines that run modern processors capable of mhash performance.

Even in an optimistic scenario the owner is wasting his botnet capacity and risking detection due to high CPU usage by end users, who despite being technically limited, will notice their computer coming down to a crawl.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1462



View Profile
June 03, 2011, 10:52:00 PM
 #11

If a botnet owner w/ around 15000 zombies (not very uncommon) wanted to mine coins, by golly he could. Set 7500 of em to CPU mining, the other 7500 to DDoS'ing the pools with bad packets.

That's still a relatively pathetic payout, given that most computers in botnets are compromised windows XP machines running old amd semprons and celerons/p4's or worse. They will output maybe 100-200khash per second or less with the average skewing up a bit by infected machines that run modern processors capable of mhash performance.

Even in an optimistic scenario the owner is wasting his botnet capacity and risking detection due to high CPU usage by end users, who despite being technically limited, will notice their computer coming down to a crawl.
botnetserver.exe to low priority Tongue

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
jasonk
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
June 03, 2011, 10:52:46 PM
 #12

I think the best solution is having multiple pool fail overs.

We've seen DDOS's happen to a couple pools at once, but rarely more than that.

I'm not sure how you'd set up your miners, but there has to be a good solution to have 3 pools set up so if pool A goes down, goes to pool B, then to pool C.

Quite unlikely that all 3 pools would be down at the same time...
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!