Bitcoin Forum
March 19, 2024, 07:12:08 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 [207] 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 ... 1154 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4381779 times)
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
October 23, 2011, 05:52:38 PM
Last edit: October 23, 2011, 06:13:23 PM by Jack of Diamonds
 #4121

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
The block chain is the main innovation of Bitcoin. It is the first distributed timestamping system.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710832328
Hero Member
*
Offline Offline

Posts: 1710832328

View Profile Personal Message (Offline)

Ignore
1710832328
Reply with quote  #2

1710832328
Report to moderator
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 06:12:48 PM
 #4122

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
October 23, 2011, 06:14:18 PM
 #4123

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
notawake
Newbie
*
Offline Offline

Activity: 58
Merit: 0


View Profile
October 23, 2011, 06:17:59 PM
 #4124

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?
That sounds like a terrible idea.


Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

Technically speaking, it's not just multiple attackers. If someone like slush went that route, all each attacker has to do is create more attacker identities and keep threatening him until he goes bankrupt/quits.

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

I suppose you could hire an attacker (perhaps also with performance incentives) to attack the other attackers, but there's a huge legal risk there and the attacker makes profits that can be reinvested at a later time into attacking slush, meaning the attacker has a better position against slush over time. Also keep in mind that the attacker is likely stealing resources (i.e. using trojans/malware to steal computer and internet access for a botnet) and slush may not be able to steal, so a successful strategy for slush would probably focus on avoidance/hiding rather than interaction with DDOS attackers.

I think the tor idea is a much better idea. It can probably be extended into giving out an onion address to each user and hiding the pool server's IPs. If there's a DDOS against one onion address and attack packets reach the mining IPs, just nullroute that onion address. Only issues would be the web server IP (or onion address) would probably have to be known to many for signups, beginner info, etc. and reliance on the tor network. Tor does have some DDOS protections built-in, as described here.
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
October 23, 2011, 06:19:02 PM
 #4125

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

So if I'm a 100 gbps attacker, and you are a 100 gbps attacker...how do you deter me from destroying slush ?

Do you have my IP ?  Do you have my contact info ?  Do you have anyway of causing any detriment to me ?

Nope.
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 06:21:13 PM
 #4126

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

And you think that currently and in the future there is only one of that size. You think that he would go out of his way to stop others trying the same? Remember, no honor amongst thieves and someone running a botnet of that size is surely a thief...

Note I didn't even begin to cover the moral issue there. I wouldn't mine at a pool that was paying off attackers. I bet lots of others wouldn't either. I think the Tor option is a much better route to follow as mentioned by Notawake.

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
mitchel
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
October 23, 2011, 06:36:13 PM
 #4127

so...is there a problem with payouts?
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
October 23, 2011, 06:45:37 PM
 #4128

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 07:20:03 PM
 #4129

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

So obviously, your "solution" which is, in essence, advocating for extortion, is the way to go? *shakes head*

Be careful, next step would be a bitcoin mafia and the next thing you know people will be waking up with the heads of servers in bed with them...

In history, if you look for it, traditionally when you give in to extortion they then try to extort more, and more... and then some more. Until there is nothing left. You can always count on human nature, so long as you know that human nature includes a massive helping of greed.

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
October 23, 2011, 07:27:11 PM
 #4130

Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime)

Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away.
If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'.

'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
mitchel
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
October 23, 2011, 07:30:22 PM
 #4131

so....is slush aware of the payout issue?

Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 07:46:32 PM
 #4132

Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime)

Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away.
If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'.

'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower.

or offender says "hell with them, I'll teach them a lesson" and puts them down repeatedly, potentially driving them out of business. That was the reason they were paying in the first place, to stay online. Then the offender picks up the newer companies springing up to take over from the first and demands a bigger cut saying "Look what I did to them, you can avoid it if..."

It is extortion, plain and simple. Here, let me give you the definition:

extort:verb: to obtain from a person by force, intimidation, or undue or illegal power

and this is what you say is the perfect plan? Perchance, what do you consider the worst plan? Actually standing by your principals and trying to work out a different solution? Just sayin...

And on that note, I think it is time to change to my secondary pool until Slush is back and figures out what is up with payments.

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
notawake
Newbie
*
Offline Offline

Activity: 58
Merit: 0


View Profile
October 23, 2011, 07:52:21 PM
 #4133

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

I think you are underestimating the Tor network.

As I mentioned in my previous post, Tor has some DDOS protections built-in, as described here. These will make many forms of DDOS over Tor impossible or very hard to do. Tor only allows TCP connections through the network.

Currently, according to this source, the Tor network is about 8.5 Gb/s. Obviously, this is less than 20 Gbps, but the Tor bandwidth is distributed across more than 2500 servers with multiple ISPs across the world. This arrangement would be cost prohibitive for slush to acquire on his own. Instead of messing with 1-2 ISPs, an attacker has to mess with 100s of them, including Amazon (yes, I saw some EC2 instances in the list) and universities, which tend to have some of the best connections. This will decrease the chance that the attack will work.

If the attacker is using a botnet, there is a higher chance that, for example, compromised machines with SBC Global IPs will be attacking Tor nodes that also have SBC Global IPs. This ISP now has an incentive to investigate and disconnect the compromised machines. Additionally, each ISP has it's own DDOS defense strategy. Some may fail, but some will work.

The public directory does not include Tor bridges, which further adds security to the Tor network.

Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime)

Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away.
If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'.

'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower.

I didn't know that Mt. Gox had that strategy, but you also have to consider motive. It appears that a major attacker would want to take down a mining pool so that the difficulty goes down and the attacker makes (or at least expects to make) more money. The attacker may even be aiming for 51% network power. So it may be more profitable for the attacker to continue attacking rather than take a relatively small amount of money from slush. But this is less likely to apply for Mt. Gox since attacks on exchanges would drive down the value of Bitcoin.

I also don't understand how one attacker can keep away other attackers given that attackers usually don't reveal themselves to each other. Also, the attacker isn't "forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower" because they can choose to take the money they earned through extortion and invest it in attacking you. That's usually how extortion works. Once the gravy train starts flowing, it's hard to stop it.
mitchel
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
October 23, 2011, 08:00:40 PM
 #4134

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 08:11:04 PM
 #4135

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?


I'm thinking his botnet must not be being profitable for him. It is the only reason I an see for advocating for pools to contribute to further illegal behavior as well as probably cut profits for miners since the pool owner will have to recoup costs someplace. *shrug*

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
Portnoy
Legendary
*
Offline Offline

Activity: 2030
Merit: 1000

My money; Our Bitcoin.


View Profile
October 23, 2011, 08:15:28 PM
 #4136

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?

If you want I can make him an offer he can't refuse.

Some day, and that day may never come, I may call upon you to do a service for me. But, until that day, accept this, as a gift.

Wink

Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 08:32:06 PM
 #4137

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?

If you want I can make him an offer he can't refuse.

Some day, and that day may never come, I may call upon you to do a service for me. But, until that day, accept this, as a gift.

Wink



Glad someone got the heads of servers reference...  Cheesy

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
October 23, 2011, 08:33:35 PM
 #4138

Is there an issue with payout on BTC right now?

Yes, payouts were not working since yesterday database crash and I didn't noticed that. My apologize, it's fixed now.

Btw it's funny that those people who received their rewards twice (because reward updates in database failed thanks to db issues) aren't complaining here ;-).

Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
October 23, 2011, 09:12:57 PM
 #4139

Is there an issue with payout on BTC right now?

Yes, payouts were not working since yesterday database crash and I didn't noticed that. My apologize, it's fixed now.

Btw it's funny that those people who received their rewards twice (because reward updates in database failed thanks to db issues) aren't complaining here ;-).

Thanks Slush, re: payouts fixed... re:people not mentioning double payout, see my quote from a few messages earlier:

"You can always count on human nature, so long as you know that human nature includes a massive helping of greed."

Thralen...

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
October 23, 2011, 10:37:28 PM
 #4140

because they can choose to take the money they earned through extortion and invest it in attacking you. That's usually how extortion works. Once the gravy train starts flowing, it's hard to stop it.
https://bitcointalk.org/index.php?topic=49038.msg584062#msg584062


They can't. Prolexic itself is impossible to bring down even with the largest available botnet. It has more bandwidth than Google.
Mt. Gox routes all traffic through them in the event of DDoS (such as the recent attack during which they experienced 11gbps attack; medium size)

Routing traffic to a gigantic DDoS mitigator with multi terabit/s capacity is a checkmate against the attacker.
There is nothing more you can do at that point, even if you had 1000gbps attack capacity.

Downside: It costs a lot of money (in the 4-5 figures) per month. If you persuade 'attacker' to voluntarily stop in exchange for a smaller sum than charged by Prolexic, both sides win.
By being forced to pay exorbitant prices to a prevention company both sides lose in the long run.

Of course, it's not an 'orthodox business practice'. But money is money, it has no pride or ego. It's numbers.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
Pages: « 1 ... 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 [207] 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 ... 1154 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!