DDOS Payback

[epetroel]

99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).

Gox said 4 hours ago on their twitter feed that this was a DDOS.  Or are you suspecting that Gox is lying about that?  If so, the only people with access to this "proof" you want would be Gox, SoftLayer, Prolexic, or the person actually doing the attack.

[1713554922]

1713554922

[glitch003]

99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).

Pray tell, how would you tell the difference between DDoS data and real data?  The only people who have access to the information needed to make that distinction are the website operators who are being DDoSed.  Without their server logs, you're not going to accomplish much.

traceroute and ping em and their uplinks during attacks, look at packet loss this will tell you all you need to know. Look whether it is 0%, 100% or something closer 20-05%.

Packet loss due to a ton of legitimate traffic would look identical to a DDoS though.

[acoindr]

Let me explain about DDoS (I know many here know).

The problem is it's like standing in the middle of a clear field against an unseen army in the forest. You have to stand in the field so people can find you, but you're completely exposed to attack. You just have to be able to take everything that comes your way.

Translated to Web technology this means most sites exposed to significant DDoS attack are effectively disabled. There are mitigation techniques/software to reduce the effectiveness of attacks, but as the link provided above, which gives good information, points out even spending thousands of dollars on expert defenses is not always enough. The only real answer, like standing in that field, is to be big enough and bad enough to take it, having loads of bandwidth, servers, software etc. to ride the attack out. Cloudflare is something that helps the issue greatly, because they take the expensive problem many have independently and address it with consolidated resources. Still, it's an underdog fight to start with.

So how to effectively address DDoS? You might try finding the attacker(s) using social means as mentioned. The problem there is you'll never find everyone if anyone. Pooling resources, money, brain power, etc. in the style of Cloudflare in more organized ways might help.

The problem is more systemic. For example, there are DDoS extortion cases where it's less costly for a victim site, like a profitable gambling one, to pay a ransom then suffer extended downtime.

I'd say you really have to take away the main weapon which is botnets. To do that you have to provided better security against computer sheeple allowing their computers to be used unwittingly. I actually had a business idea which was a computer that was virus proof (it basically stored files in a compartmentalized way, and clean re-installed the OS with a click or on automated schedule) but never developed it.

[yona]

speaking of,
i can't get access to https://blockchain.info for the past 40min...

[pinger]

speaking of,
i can't get access to https://blockchain.info for the past 40min...

This page (https://blockchain.info/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by CloudFlare | Hide this Alert

[Stephen Gornick]

Is this a real attack or just exponential traffic growth?

Related:


 - http://news.netcraft.com/archives/2013/04/11/mt-gox-victim-of-own-success-as-bitcoins-fall-in-value.html

[ChristianK]

Ripple enthusiasts are too smart for that, and Litecoin users are too stupid.

Don't forget that Litecoin is essentially a coin that's build to be easily mineable with botnets.

Yeah, what system does Slashdot use? Or CNN.com? (any major news website, most are immune to DDOS).

They aren't immune. They are just big and therefore expensive to attack.
Even banks can be attacked : http://www.informationweek.com/security/attacks/bank-ddos-attacks-resume-wells-fargo-con/240151825
The folks that attacked those banks weren't even all that powerful. Just one random group of angry hackers.

The problem is more systemic. For example, there are DDoS extortion cases where it's less costly for a victim site, like a profitable gambling one, to pay a ransom then suffer extended downtime.

MtGox is effectively a profitable gambling site.

[Elwar]

The irony is that the anonymity of Bitcoin would likely keep us from tracking the source.

The most likely scenario is that someone who wants to buy a bunch of bitcoins or has a bunch and wants to play the market just hops onto Silk Road, finds someone with 1000 bots for rent. They pay them a couple hundred bucks in bitcoins, they get temporary control over them and start hitting MtGox. They sell their BTC as the value starts to drop and they put a buy order in at a lower price. Once they hit their buy they pull the bots and the price starts to climb back up. Easy money.

So, to track this person down you would find the source of the bots. This is likely a bunch of random computers with a virus. Even if you could track down the person who created the virus, the actual person who started the DDOS paid in bitcoins.

Or you could use the transparency of Bitcoin to find out what the cost of a DDOS would be, look for a transaction on the blockchain within a day of the DDOS that is close to that price. Then try to track the source address to see who it is.

[Elwar]

MtGox could also check the logs to see who consistently sells before or early into a DDOS attack and buys near the end of the attack.

They may be able to discover a pattern.

[paraipan]

Is this a real attack or just exponential traffic growth?

Related:


 - http://news.netcraft.com/archives/2013/04/11/mt-gox-victim-of-own-success-as-bitcoins-fall-in-value.html

This is true. I've seen all bitcoin related service suffer the same fate in the last few days, including Rugatu, and I don't seem to understand what is the purpose of this sustained attack.

[acoindr]

If most of the IP's used in DDoS's are infected PC's then wouldn't that mean most of these PC's are vulnerable to attacks?

ALL computers are vulnerable to attack, though some more so than others.

I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

lol if only it were that simple.

[Elwar]

I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

That is funny. A virus fighting virus attack.

Maybe reset their background to a picture of the lone ranger with a message "Your system is now free from bad guys"

[Anon136]

if we actually knew who was doing it what would be the point of ddosing him back? just post up a bounty for his broken knee caps. say 100btc per cap?

[paraipan]

I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

That is funny. A virus fighting virus attack.

Maybe reset their background to a picture of the lone ranger with a message "Your system is now free from bad guys"

Could be a good idea and here is why:

Most vaccines contain a little bit of a disease germ that is weak or dead.

http://www.phac-aspc.gc.ca/im/vs-sv/vs-faq01-eng.php

[Peleus]

As someone with a fair bit of security experience in both the white and blackhat aspects of network security - You're not finding anyone I assure you.

[pinger]

It can't be so difficult to do, just make a cleaning site with a browser exploit kit, and put it on some free bitcoins sites and start the advisory.

[meowmeowbrowncow]

I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

That is funny. A virus fighting virus attack.

Maybe reset their background to a picture of the lone ranger with a message "Your system is now free from bad guys"

..while running a DDoS on the whole of Wales in the background mwahahah!!

LOL

[agaumoney]

banks can't legally do it. at least not here in the US.

What difference does that make?

[mobile4ever]

This needs to stop... These "DDOS" attacks are just killing BTC. When the price routinely drives down, people will start to cut their losses and move on.

Dont worry, help is on the way.

[Mylon]

0. Reward for proving that there is a real attacker

in case you also followed the news outside of bitcoin, it kinda looks like the Russians are still mad about Cyprus or something... Almost any big financial institute is getting hit or has been hit over the past two weeks...

The only way to counter DDoS is setting up a fully decentralized system, which I do not believe possible with FIAT currency involved. (you would still see a couple of big hitters, taking 80% of the load, and those go down during a DDoS, you get the picture)