Bitcoin Forum
August 17, 2018, 10:08:20 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 [202] 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 ... 1145 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4339995 times)
sd
Hero Member
*****
Offline Offline

Activity: 730
Merit: 500



View Profile
October 20, 2011, 04:51:30 AM
 #4021


There are three ways I know of to beat a DDOS:

1. Buy a bigger pipe - not viable.

2. Change IP so often they can't keep up - maybe viable, likely not.

3. Peer to peer infrastructure so they have no target - should work.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534500500
Hero Member
*
Offline Offline

Posts: 1534500500

View Profile Personal Message (Offline)

Ignore
1534500500
Reply with quote  #2

1534500500
Report to moderator
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1001



View Profile
October 20, 2011, 04:55:08 AM
 #4022

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

Have a look at the hosting offered by both awknet ( http://www.awknet.com/ ) and blacklotus ( http://www.blacklotus.net/ )

There's an issue with Awknet (I used them).  Their DDoS protection is okay, but the problem is their filtering kicks in based on high volume packet situations.  BTC Guild started at Awknet, and we had to request they turn the DDoS filters off back when we were much smaller because if the pool went down for even a few minutes, the PPS rates due to miner reconnect spam would kick in the DDoS filter, making the server practically impossible to connect to.  I'm sure it would work fine for some traditional DDoS tactics, but all the DDoSer has to do is spam connections to port 8332 as if it were a bunch of miners.  There is no easy way to decipher what traffic should come through and what shouldn't in that situation.

RIP BTC Guild, April 2011 - June 2015
sd
Hero Member
*****
Offline Offline

Activity: 730
Merit: 500



View Profile
October 20, 2011, 05:01:41 AM
 #4023

What if it is the banking industry backed by the US government?  While I don't really wonder about this it would be the people who hate bitcoin the most.

That's ludicrous and I'll tell you why. If the banking industry and/or the US government wanted to take down BitCoin pools they would buy time on all the big botnets and we would be seeing a much bigger attack for an extended period. They would hit us so hard we would have no pools left.

This looks more like the hit them hard for a short period attack botnet herders use to extract protection money from on-line casinos.

finway
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
October 20, 2011, 05:10:53 AM
 #4024

WTF!  Cry

c_k
Donator
Full Member
*
Offline Offline

Activity: 242
Merit: 100



View Profile
October 20, 2011, 05:18:55 AM
 #4025

https://twitter.com/slushcz/status/126850058195976193

Sad to see, hosting at blacklotus could probably have handled the problems

[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
October 20, 2011, 05:59:11 AM
 #4026

Sad to see, hosting at blacklotus could probably have handled the problems
Well, may be after some REALLY deep tuning.
I already tried them and it was somewhat not suiting my needs.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
cosurgi
Sr. Member
****
Offline Offline

Activity: 298
Merit: 250


View Profile
October 20, 2011, 11:54:25 AM
 #4027

Technical note: Because the downtime of mining.bitcoin.cz will be probably more significant than anytime before, I'll wait until all mined blocks will be matured and then will send all balances of users to their wallets. Don't worry, I'm not running away with your hardly mined coins!

Graet
VIP
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile WWW
October 20, 2011, 11:55:19 AM
 #4028

It's sad you got DDOS'd but, are you keeping the coins of your pool(my coins, his coins, etc) or you will distribute them and close?
https://bitcointalk.org/index.php?topic=1976.msg584181#msg584181
would say neither

| Ozcoin Pooled Mining Pty Ltd https://ozcoin.net Double Geometric Reward System https://lc.ozcoin.net for Litecoin mining DGM| https://crowncloud.net VPS and Dedicated Servers for the BTC community
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
October 20, 2011, 12:50:05 PM
 #4029

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

Have a look at the hosting offered by both awknet ( http://www.awknet.com/ ) and blacklotus ( http://www.blacklotus.net/ )
There is no easy way to decipher what traffic should come through and what shouldn't in that situation.

   Which means they suck. Because they could certainly filter at the packet level if they offered that type of service.  Sadly, most that offer such custom filtering are often quite expensive.. :/

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1001



View Profile
October 20, 2011, 01:36:06 PM
 #4030

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

Have a look at the hosting offered by both awknet ( http://www.awknet.com/ ) and blacklotus ( http://www.blacklotus.net/ )
There is no easy way to decipher what traffic should come through and what shouldn't in that situation.

   Which means they suck. Because they could certainly filter at the packet level if they offered that type of service.  Sadly, most that offer such custom filtering are often quite expensive.. :/

The problem is that the way many miners work is very similar to a DDoS if they're targetting your mining port while the server is unresponsive.  It's amazing how many people still use old miners that will reconnect with almost no delay, making it effectively a mini DDoS client when the pool is being attacked and having stability issues.

RIP BTC Guild, April 2011 - June 2015
FoxMURDER
Jr. Member
*
Offline Offline

Activity: 49
Merit: 0


View Profile
October 20, 2011, 01:53:41 PM
 #4031

The problem is that the way many miners work is very similar to a DDoS if they're targetting your mining port while the server is unresponsive.  It's amazing how many people still use old miners that will reconnect with almost no delay, making it effectively a mini DDoS client when the pool is being attacked and having stability issues.
well, solution to this part is quite easy ... upgrade or get banned ...
I'd even suggest to setup some kind of miner "RFC" saying how many connects per second is still ok. If enough pool admins agree on this and enforce it right away, ppl will force programmers to fix broken miners and users to update.

My guess about the "easiest" solution to this kind of ddos includes linking pool with the DDoS mitigation appliance.

If there was at least one share accepted in last 5 minutes, and accept/reject ratio is higher than 50%, don't screen it.
else screen it for ddos and allow at most 5 connects/minute or 50/10 minutes ... or whatever the RFC says (+10%) ... and of course somehow cache these rules and make a provision for adding manual exceptions to these rules (lot of miners behind nat - those can be solved using proxy though)...

Too bad ISPs/hosters probably won't let you do that and i guess pools aren't making enough at the moment, to buy their own ...


And btw. as the speculation about US banks ddosing pools goes, it might as well be some random joe like you playing with his botnet ... he doesen't need fat pipe, he doesen't need money, all he needs is some programming skill to build the bot ... and if there are botnets mining using infected hardware ... how hard could it be to have these bots updatable ... and once updatable, how hard can it be to update them to ddos while/instead mining Smiley
and if it is true, that there are botnets mining on btcguild, that may as well be the reason slush had a 'strong evidence' linking guild to ddoses ...

anyway just my two bitcents ...

Edit: i shouldn't have forgotten to say - Thanks slush for all the effort, even though it kind of a business for you, I believe you've done it the right way. I hope your're comming back soon in full strength. If you ever needed help with anything linux related, let me(us) know ;-)
slush
Legendary
*
Offline Offline

Activity: 1372
Merit: 1019



View Profile WWW
October 20, 2011, 02:22:42 PM
 #4032

tl;dr Explanation for my yesterday "accusation"

summary: I don't think eleuthria is an attacker, but he may have some indices to trace attacking botnet. If you want to reply to this subject, please do it in that new thread.

m3ta
Sr. Member
****
Offline Offline

Activity: 436
Merit: 250



View Profile WWW
October 20, 2011, 02:27:08 PM
 #4033

using infected hardware

Infected HARDware? That's just... devious.

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
FoxMURDER
Jr. Member
*
Offline Offline

Activity: 49
Merit: 0


View Profile
October 20, 2011, 02:47:45 PM
 #4034

using infected hardware

Infected HARDware? That's just... devious.
do infected computers sound a little less devious? Smiley
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
October 20, 2011, 02:59:07 PM
 #4035

The problem is that the way many miners work is very similar to a DDoS if they're targetting your mining port while the server is unresponsive.  It's amazing how many people still use old miners that will reconnect with almost no delay, making it effectively a mini DDoS client when the pool is being attacked and having stability issues.
well, solution to this part is quite easy ... upgrade or get banned ...
I'd even suggest to setup some kind of miner "RFC" saying how many connects per second is still ok. If enough pool admins agree on this and enforce it right away, ppl will force programmers to fix broken miners and users to update.

  I like this solution and think some adaption could be used very effectivly.  As stated though, your idea would only burden the botnet OP in having to send out an updated miner to his zombies. Not much hassle really.
  A much stronger solution could be two fold or a combo of one or the other of the following;

  1. Force accounts to email-auth and only allow so many workers per account.
  2. Force a unique ID appended to worker login per worker and only allow so many connections per ID / period of time that works best for your getwork frequency.

  The forced ID would make it impossible for a botnet OP to make one account and use the same ID for all his zombies. The server would allow the first few in and then POOF, connection limit and out he goes. The catch being, at what lvl of your network can you impliment the ID checking so it does not get DDosed? A good filter at upstream side that checked the packets for ID and would /null any packets from marked ID after so many connections per time period would probably be quite effective..  Could even be set in place at server side lvl if you have custom traffic shapping equip in place.

  All I know is something has got to give and I am sadly not in a posistion to offer out more than vague ideas. :/  I have to give mad props to you guys, Slush, Eleuth, etc who are dealing with this crap, as I know there are really only two real solutions to keep operating. Throw lots of time and energy at it or throw lots of money at it. Both of which are rare commodities with such a venture. I for one will back whatever decisions you employ to make it work for you!

  Cheers

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
FoxMURDER
Jr. Member
*
Offline Offline

Activity: 49
Merit: 0


View Profile
October 20, 2011, 03:14:07 PM
 #4036

sadpanda: This two-line solution was meant as a reaction to eleuth saying that fast reconnecting miners can DoS the pool.
I'm afraid that dealing with zombiemining is way harder ...

Another partial solution to DDoS screening would be pretty much what you suggest - TCP Syncookie like system - which i'm afraid, miners would have to support. This still gets me back to the idea that biggest pool operators should unite (they all seem reasonable guys) and set some kind of standard for miners which they all will enforce. Pretty much the way internet RFCs work - there is no 'legal' enforcing, but if you want to connect to common sites, you have to abide, because that's what most expect ...
DiabloD3
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
October 20, 2011, 03:15:54 PM
 #4037

For all pool users: This attack is worse than attacks before. Actually it's probably a tenth DDoS to pool in it's almost year history (I didn't counted them carefully and you probably even don't know about small attacks which I was able to handle somehow without public attention).

This attack is worse because Linode LLC, server provider for pool infrastructure, frozen my account for periodical violation of their ToS. I can access pools servers, but I was asked to not start another balancers with public IP because those attacks are harming datacenter infrastructure.

It means that I cannot start pool at this infrastructure and I need to find another provider. Which is pretty hard once I start asking to their anti DDoS policies. Back in July I was in touch with Rackspace, company providing custom solutions for big enterprises and even they told me that they cannot handle such large scale attack for some reasonable price (we're talking about thousands of US dolars monthly just for anti-DDoS protection). Posts of some users above are really naive, there's NO way how to handle those attacks just by banning some subnets.

Fighting attacks become much worse with falling bitcoin price, because even if I have 1/3 of all network hashrate and 2% fee I simply cannot pay for any real solution which really helps to handle attacks. Last week I tried to use services of one DDoS mitigation company (the same as deepbit is using), but they had pretty high ratio of false positives, so although I paid them big money for a single day protection, almost 40% of users were still unable to mine on the pool. So this isn't the way to go.

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

So far it's 1:0 for attackers. However I don't want to capitulate too easily; I spent insane amount of time and energy in inventing and running my pool and I don't want to simply disappear, because I really believe in long-term Bitcoin success (small note: people, don't get scared with current panic on market, it's just an oposite of July's insane price peak). I "invented" (maybe it's better to say "realized") first really usable and widely used Bitcoin pool ever and now I feel again that I'm on the track of another innovation of Bitcoin mining, which will be DDoS resistant yet easy to use and with steady payouts like normal share based pools.

Technical note: Because the downtime of mining.bitcoin.cz will be probably more significant than anytime before, I'll wait until all mined blocks will be matured and then will send all balances of users to their wallets. Don't worry, I'm not running away with your hardly mined coins!

Just switch to RapidXen. Rapidxen's specialty is dealing with DDoS magnets, and they're a shitload better than Linode.

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
October 20, 2011, 03:57:00 PM
 #4038

sadpanda: This two-line solution was meant as a reaction to eleuth saying that fast reconnecting miners can DoS the pool.
I'm afraid that dealing with zombiemining is way harder ...

Another partial solution to DDoS screening would be pretty much what you suggest - TCP Syncookie like system - which i'm afraid, miners would have to support. This still gets me back to the idea that biggest pool operators should unite (they all seem reasonable guys) and set some kind of standard for miners which they all will enforce. Pretty much the way internet RFCs work - there is no 'legal' enforcing, but if you want to connect to common sites, you have to abide, because that's what most expect ...

  Definetly agree on the TCP syn system..  But the 2 line solution would be effective for both Zombie mining, and most asuredly zombie port slapping. At the very basics, I would assume the zombies that are straight port dossing would have much differnt packet size, structure, etc than legit getwork responses. I don't see how a forced ID on workers would not solve that. I.e. only packets that came into the port with said ID attached would be allowed. All others would be /nulled.

  Mind you, I have not had to deal with custom built filtering solutions for some years now so am not abreast to how slack that has become with modern upstreams making it harder, or hosting services more complacent with upstreams offering 'pre-built' filtering packages for sale, etc. Back in my day we had much easier access to our upstream sides to deploy custom measures for such things...... Just one more example of 'Big Business Protection' measures screwing over the lil guy with current models, imho....


  Cheers

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
dishwara
Legendary
*
Offline Offline

Activity: 1778
Merit: 1013



View Profile
October 20, 2011, 04:01:47 PM
 #4039

I received my bitcoins from my account with more than 60+ confirmations.
But not name coins.
I hope others too got their bitcoins.
All others namecoins also not received?

Open Altcoin Github
Limxtec Telegram












Bitsend BSD
The ultimate longterm rollout!
The first Masternodecoin with Segwit

Web: www.bitsend.info












Bitcore BTX
Are you ready for the future?!
The first hybrid fork from BTC

Web: www.bitcore.cc












Github.com/Limxtec
classic bitcoin core
electrum core
insight core
 












Developers
Plattform for
over 19 peoples!
no ico - no p&d
 












Diamond DMD
Bitcloud BTDX
Megacoin MEC
Europecoin ERC

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
[/center]
slush
Legendary
*
Offline Offline

Activity: 1372
Merit: 1019



View Profile WWW
October 20, 2011, 04:08:28 PM
 #4040

All others namecoins also not received?

I didn't process all payments yet; I was waiting untill all blocks mature, which happen before few hours. I'll pay out also namecoins, of course.

Pages: « 1 ... 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 [202] 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 ... 1145 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!