warlordluke
Newbie
Offline
Activity: 44
Merit: 0
|
|
April 17, 2013, 01:40:45 PM |
|
Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.
Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done. The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy. Then there is the fact of where 99% of the traffic is coming from. You start doing whois's and reverse lookups on things and get responses like this: netname: CHINANET-HB descr: CHINANET Hubei province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 netname: SPECTRA descr: Spectra ISP Networks Private Limited descr: 42, Okhla Industrial Estate descr: Phase III .in-addr.arpa. not found: 3(NXDOMAIN) and so on... and IF you happen to get a response on that, it will generally be a end user (cable modem or some such) In short there isn't much that _can_ be done about it. The numbers favor the attacker. If you have the IP what about doing a tracert to see where exactly it comes from? Though I'm guessing that may also give you roughly the same information as doing the whois and reverse lookups.
|
|
|
|
|
|
"I'm sure that in 20 years there will either be very large transaction volume or no volume." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
April 17, 2013, 01:41:59 PM |
|
i dont blame the bot commanders. i blame the idiots that let their computers turn into virus laden festering bots.
|
|
|
|
centove
|
|
April 17, 2013, 01:52:42 PM |
|
|
|
|
|
RoboCoder
|
|
April 17, 2013, 01:53:38 PM |
|
I will be willing to bet that the DDOS attack(s) are for one of the following reasons:
. Manipulate BTC price . Manipulate Difficulty . Destabilize BTC and crypto-currency in general.
Slush, we are all here for you man!
Is there anything I (we) can do, if so let us know. Would server resources help you in any way? Or financial?
Please PM me if there is anything I can do to assist.
RoboCoder
|
|
|
|
BitcoinOxygen
|
|
April 17, 2013, 01:54:21 PM |
|
I will be willing to bet that the DDOS attack(s) are for one of the following reasons:
. Manipulate BTC price . Manipulate Difficulty . Destabilize BTC and crypto-currency in general.
Slush, we are all here for you man!
Is there anything I (we) can do, if so let us know. Would server resources help you in any way? Or financial?
Please PM me if there is anything I can do to assist.
RoboCoder
+1
|
|
|
|
Xenotron
Newbie
Offline
Activity: 31
Merit: 0
|
|
April 17, 2013, 01:56:20 PM |
|
I start to think that probably it's not a bad idea to have decentralized pool.
|
|
|
|
centove
|
|
April 17, 2013, 02:02:00 PM |
|
If you have the IP what about doing a tracert to see where exactly it comes from? Though I'm guessing that may also give you roughly the same information as doing the whois and reverse lookups.
Not really it will give you the path and some hints on who owns it, whois will tell you who the space was assigned to by the registrar, so that's who is ultimately responsible for the ip in question. Whois also lists contact information to get in touch with someone (hopefully). So for instance, lets talk bitcointalk.org.. -- 109.201.133.65 traceroute tells us thus: 18 30-239-159-85.rtr1.b06-s02-az16.gsa.nl.nforce.com (85.159.239.30) 106.420 ms 109.760 ms 109.593 ms 19 5-239-159-85.rtr1.dbn.nl.nforce.com (85.159.239.5) 120.049 ms 118.963 ms 119.622 ms 20 * * * (probably filtered at this point) whois however tells us this: netname: NFORCE_ENTERTAINMENT descr: Serverhosting admin-c: NFAR (...) person: NFOrce Entertainment BV - Administrative role account address: Gewenten 8 address: 4704RD address: Roosendaal address: The Netherlands phone: +31 (0)206919299 fax-no: +31 (0)206919409 abuse-mailbox: abuse@nforce.comnic-hdl: NFAR mnt-by: MNT-NFORCE source: RIPE # Filtered (...)
|
|
|
|
|
scouzi
Newbie
Offline
Activity: 45
Merit: 0
|
|
April 17, 2013, 02:05:34 PM |
|
I start to think that probably it's not a bad idea to have decentralized pool.
Seems that slush miners have gravitated towards 50BTC - not BTC Guild. Amazing that there is a collective ecosystem balancing at work. http://blockchain.info/pools
|
|
|
|
jerethdaminer
Member
Offline
Activity: 84
Merit: 10
|
|
April 17, 2013, 02:13:50 PM |
|
seem to be getting loads more stales atm ideas
|
|
|
|
|
ewitte
Member
Offline
Activity: 98
Merit: 10
|
|
April 17, 2013, 02:31:19 PM |
|
Irritating have 1771 shares off the current round but since I can't get reconnected going to get barely any BTC
|
Donations BTC - 13Lgy6fb4d3nSYEf2nkgBgyBkkhPw8zkPd LTC - LegzRwyc2Xhu8cqvaW2jwRrqSnhyaYU6gZ
|
|
|
klotzenhotz
|
|
April 17, 2013, 02:35:33 PM |
|
Hi, are there problems again? Can't connect again for about 2 hours.
|
|
|
|
Camello_AR
Newbie
Offline
Activity: 43
Merit: 0
|
|
April 17, 2013, 02:37:14 PM |
|
Is up a little time and down again.
Someone has anything personal with slush as I see
|
|
|
|
salty
|
|
April 17, 2013, 02:43:59 PM |
|
i dont blame the bot commanders. i blame the idiots that let their computers turn into virus laden festering bots.
What, like your grandma? (not a personal attack, but you get the idea) It's not their fault they go into some big store and are sold a pup that runs windows in admin mode with Java, flash enabled, by some grinning salesperson that assures them their 'Norton' will keep them safe. My opinion is that the people who make the computer distros, and the people who sell them, should be providing more secure devices. But where's the incentive? That's where the blame and pressure should be going. Things have been getting better on this front and I suspect once all the windows XP and Vista computers have been retired this problem will seriously diminish. Your argument suggests that if you don't have a CS degree you shouldn't be using a computer though.
|
|
|
|
solitude
|
|
April 17, 2013, 02:59:01 PM |
|
Down at 11:00 AM Eastern
|
Hardly anyone speaks English on this forum.
|
|
|
Turok
Newbie
Offline
Activity: 38
Merit: 0
|
|
April 17, 2013, 03:07:30 PM |
|
appears to be down again. Another DDoS?
|
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 17, 2013, 03:11:29 PM |
|
Guys at OVH datacentre failed. They're even bigger idiots than Linode admins.
I'm migrating stratum backends to another datacentre. Please be patient, I'm working on it hard.
|
|
|
|
digital
|
|
April 17, 2013, 03:13:23 PM |
|
appears to be down again. Another DDoS?
Likely the same one. -Edit after slush's response. DDoS aren't a static thing. It's a flood of traffic to a specific IP or server in order to overload the target so it's inaccessible to other users. By it's very nature the site will go up and down as the DDoS traffic fluctuates. DDoS attacks can last for days.
|
If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3 References (bitcointalk.org/index.php?topic=): 50051.20 50051.100 53668.0 53788.0 53571.0 53571.0 52212.0 50729.0 114804.0 115468 78106 69061 58572 54747
|
|
|
roukkie
Newbie
Offline
Activity: 29
Merit: 0
|
|
April 17, 2013, 03:15:33 PM |
|
ddos gonna escalate in my opinion,we must implement some countermeasures,like udp and icmp filtering or engress filtering...
|
|
|
|
|