Bitcoin Forum
March 28, 2024, 06:27:02 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 [202] 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 ... 1154 »
  Print  
Author Topic: [4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool  (Read 4381799 times)
cosurgi
Sr. Member
****
Offline Offline

Activity: 298
Merit: 250


View Profile
October 20, 2011, 11:54:25 AM
 #4021

Technical note: Because the downtime of mining.bitcoin.cz will be probably more significant than anytime before, I'll wait until all mined blocks will be matured and then will send all balances of users to their wallets. Don't worry, I'm not running away with your hardly mined coins!

The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711650422
Hero Member
*
Offline Offline

Posts: 1711650422

View Profile Personal Message (Offline)

Ignore
1711650422
Reply with quote  #2

1711650422
Report to moderator
1711650422
Hero Member
*
Offline Offline

Posts: 1711650422

View Profile Personal Message (Offline)

Ignore
1711650422
Reply with quote  #2

1711650422
Report to moderator
1711650422
Hero Member
*
Offline Offline

Posts: 1711650422

View Profile Personal Message (Offline)

Ignore
1711650422
Reply with quote  #2

1711650422
Report to moderator
Graet
VIP
Legendary
*
Offline Offline

Activity: 980
Merit: 1001



View Profile WWW
October 20, 2011, 11:55:19 AM
 #4022

It's sad you got DDOS'd but, are you keeping the coins of your pool(my coins, his coins, etc) or you will distribute them and close?
https://bitcointalk.org/index.php?topic=1976.msg584181#msg584181
would say neither

| Ozcoin Pooled Mining Pty Ltd https://ozcoin.net Double Geometric Reward System https://lc.ozcoin.net for Litecoin mining DGM| https://crowncloud.net VPS and Dedicated Servers for the BTC community
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
October 20, 2011, 12:50:05 PM
 #4023

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

Have a look at the hosting offered by both awknet ( http://www.awknet.com/ ) and blacklotus ( http://www.blacklotus.net/ )
There is no easy way to decipher what traffic should come through and what shouldn't in that situation.

   Which means they suck. Because they could certainly filter at the packet level if they offered that type of service.  Sadly, most that offer such custom filtering are often quite expensive.. :/

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1007



View Profile
October 20, 2011, 01:36:06 PM
 #4024

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

Have a look at the hosting offered by both awknet ( http://www.awknet.com/ ) and blacklotus ( http://www.blacklotus.net/ )
There is no easy way to decipher what traffic should come through and what shouldn't in that situation.

   Which means they suck. Because they could certainly filter at the packet level if they offered that type of service.  Sadly, most that offer such custom filtering are often quite expensive.. :/

The problem is that the way many miners work is very similar to a DDoS if they're targetting your mining port while the server is unresponsive.  It's amazing how many people still use old miners that will reconnect with almost no delay, making it effectively a mini DDoS client when the pool is being attacked and having stability issues.

RIP BTC Guild, April 2011 - June 2015
FoxMURDER
Newbie
*
Offline Offline

Activity: 49
Merit: 0


View Profile
October 20, 2011, 01:53:41 PM
 #4025

The problem is that the way many miners work is very similar to a DDoS if they're targetting your mining port while the server is unresponsive.  It's amazing how many people still use old miners that will reconnect with almost no delay, making it effectively a mini DDoS client when the pool is being attacked and having stability issues.
well, solution to this part is quite easy ... upgrade or get banned ...
I'd even suggest to setup some kind of miner "RFC" saying how many connects per second is still ok. If enough pool admins agree on this and enforce it right away, ppl will force programmers to fix broken miners and users to update.

My guess about the "easiest" solution to this kind of ddos includes linking pool with the DDoS mitigation appliance.

If there was at least one share accepted in last 5 minutes, and accept/reject ratio is higher than 50%, don't screen it.
else screen it for ddos and allow at most 5 connects/minute or 50/10 minutes ... or whatever the RFC says (+10%) ... and of course somehow cache these rules and make a provision for adding manual exceptions to these rules (lot of miners behind nat - those can be solved using proxy though)...

Too bad ISPs/hosters probably won't let you do that and i guess pools aren't making enough at the moment, to buy their own ...


And btw. as the speculation about US banks ddosing pools goes, it might as well be some random joe like you playing with his botnet ... he doesen't need fat pipe, he doesen't need money, all he needs is some programming skill to build the bot ... and if there are botnets mining using infected hardware ... how hard could it be to have these bots updatable ... and once updatable, how hard can it be to update them to ddos while/instead mining Smiley
and if it is true, that there are botnets mining on btcguild, that may as well be the reason slush had a 'strong evidence' linking guild to ddoses ...

anyway just my two bitcents ...

Edit: i shouldn't have forgotten to say - Thanks slush for all the effort, even though it kind of a business for you, I believe you've done it the right way. I hope your're comming back soon in full strength. If you ever needed help with anything linux related, let me(us) know ;-)
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
October 20, 2011, 02:22:42 PM
 #4026

tl;dr Explanation for my yesterday "accusation"

summary: I don't think eleuthria is an attacker, but he may have some indices to trace attacking botnet. If you want to reply to this subject, please do it in that new thread.

m3ta
Sr. Member
****
Offline Offline

Activity: 435
Merit: 250



View Profile WWW
October 20, 2011, 02:27:08 PM
 #4027

using infected hardware

Infected HARDware? That's just... devious.

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
FoxMURDER
Newbie
*
Offline Offline

Activity: 49
Merit: 0


View Profile
October 20, 2011, 02:47:45 PM
 #4028

using infected hardware

Infected HARDware? That's just... devious.
do infected computers sound a little less devious? Smiley
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
October 20, 2011, 02:59:07 PM
 #4029

The problem is that the way many miners work is very similar to a DDoS if they're targetting your mining port while the server is unresponsive.  It's amazing how many people still use old miners that will reconnect with almost no delay, making it effectively a mini DDoS client when the pool is being attacked and having stability issues.
well, solution to this part is quite easy ... upgrade or get banned ...
I'd even suggest to setup some kind of miner "RFC" saying how many connects per second is still ok. If enough pool admins agree on this and enforce it right away, ppl will force programmers to fix broken miners and users to update.

  I like this solution and think some adaption could be used very effectivly.  As stated though, your idea would only burden the botnet OP in having to send out an updated miner to his zombies. Not much hassle really.
  A much stronger solution could be two fold or a combo of one or the other of the following;

  1. Force accounts to email-auth and only allow so many workers per account.
  2. Force a unique ID appended to worker login per worker and only allow so many connections per ID / period of time that works best for your getwork frequency.

  The forced ID would make it impossible for a botnet OP to make one account and use the same ID for all his zombies. The server would allow the first few in and then POOF, connection limit and out he goes. The catch being, at what lvl of your network can you impliment the ID checking so it does not get DDosed? A good filter at upstream side that checked the packets for ID and would /null any packets from marked ID after so many connections per time period would probably be quite effective..  Could even be set in place at server side lvl if you have custom traffic shapping equip in place.

  All I know is something has got to give and I am sadly not in a posistion to offer out more than vague ideas. :/  I have to give mad props to you guys, Slush, Eleuth, etc who are dealing with this crap, as I know there are really only two real solutions to keep operating. Throw lots of time and energy at it or throw lots of money at it. Both of which are rare commodities with such a venture. I for one will back whatever decisions you employ to make it work for you!

  Cheers

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
FoxMURDER
Newbie
*
Offline Offline

Activity: 49
Merit: 0


View Profile
October 20, 2011, 03:14:07 PM
 #4030

sadpanda: This two-line solution was meant as a reaction to eleuth saying that fast reconnecting miners can DoS the pool.
I'm afraid that dealing with zombiemining is way harder ...

Another partial solution to DDoS screening would be pretty much what you suggest - TCP Syncookie like system - which i'm afraid, miners would have to support. This still gets me back to the idea that biggest pool operators should unite (they all seem reasonable guys) and set some kind of standard for miners which they all will enforce. Pretty much the way internet RFCs work - there is no 'legal' enforcing, but if you want to connect to common sites, you have to abide, because that's what most expect ...
DiabloD3
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
October 20, 2011, 03:15:54 PM
 #4031

For all pool users: This attack is worse than attacks before. Actually it's probably a tenth DDoS to pool in it's almost year history (I didn't counted them carefully and you probably even don't know about small attacks which I was able to handle somehow without public attention).

This attack is worse because Linode LLC, server provider for pool infrastructure, frozen my account for periodical violation of their ToS. I can access pools servers, but I was asked to not start another balancers with public IP because those attacks are harming datacenter infrastructure.

It means that I cannot start pool at this infrastructure and I need to find another provider. Which is pretty hard once I start asking to their anti DDoS policies. Back in July I was in touch with Rackspace, company providing custom solutions for big enterprises and even they told me that they cannot handle such large scale attack for some reasonable price (we're talking about thousands of US dolars monthly just for anti-DDoS protection). Posts of some users above are really naive, there's NO way how to handle those attacks just by banning some subnets.

Fighting attacks become much worse with falling bitcoin price, because even if I have 1/3 of all network hashrate and 2% fee I simply cannot pay for any real solution which really helps to handle attacks. Last week I tried to use services of one DDoS mitigation company (the same as deepbit is using), but they had pretty high ratio of false positives, so although I paid them big money for a single day protection, almost 40% of users were still unable to mine on the pool. So this isn't the way to go.

Since tomorrow I'll try harder to find any server provider which at least don't shut down pool infrastructure on first DDoS attack, but I cannot promise that I'll succeed. There's no point in running a service which is every week for one day offline thanks to attacks.

So far it's 1:0 for attackers. However I don't want to capitulate too easily; I spent insane amount of time and energy in inventing and running my pool and I don't want to simply disappear, because I really believe in long-term Bitcoin success (small note: people, don't get scared with current panic on market, it's just an oposite of July's insane price peak). I "invented" (maybe it's better to say "realized") first really usable and widely used Bitcoin pool ever and now I feel again that I'm on the track of another innovation of Bitcoin mining, which will be DDoS resistant yet easy to use and with steady payouts like normal share based pools.

Technical note: Because the downtime of mining.bitcoin.cz will be probably more significant than anytime before, I'll wait until all mined blocks will be matured and then will send all balances of users to their wallets. Don't worry, I'm not running away with your hardly mined coins!

Just switch to RapidXen. Rapidxen's specialty is dealing with DDoS magnets, and they're a shitload better than Linode.

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
October 20, 2011, 03:57:00 PM
 #4032

sadpanda: This two-line solution was meant as a reaction to eleuth saying that fast reconnecting miners can DoS the pool.
I'm afraid that dealing with zombiemining is way harder ...

Another partial solution to DDoS screening would be pretty much what you suggest - TCP Syncookie like system - which i'm afraid, miners would have to support. This still gets me back to the idea that biggest pool operators should unite (they all seem reasonable guys) and set some kind of standard for miners which they all will enforce. Pretty much the way internet RFCs work - there is no 'legal' enforcing, but if you want to connect to common sites, you have to abide, because that's what most expect ...

  Definetly agree on the TCP syn system..  But the 2 line solution would be effective for both Zombie mining, and most asuredly zombie port slapping. At the very basics, I would assume the zombies that are straight port dossing would have much differnt packet size, structure, etc than legit getwork responses. I don't see how a forced ID on workers would not solve that. I.e. only packets that came into the port with said ID attached would be allowed. All others would be /nulled.

  Mind you, I have not had to deal with custom built filtering solutions for some years now so am not abreast to how slack that has become with modern upstreams making it harder, or hosting services more complacent with upstreams offering 'pre-built' filtering packages for sale, etc. Back in my day we had much easier access to our upstream sides to deploy custom measures for such things...... Just one more example of 'Big Business Protection' measures screwing over the lil guy with current models, imho....


  Cheers

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
dishwara
Legendary
*
Offline Offline

Activity: 1855
Merit: 1016



View Profile
October 20, 2011, 04:01:47 PM
 #4033

I received my bitcoins from my account with more than 60+ confirmations.
But not name coins.
I hope others too got their bitcoins.
All others namecoins also not received?
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
October 20, 2011, 04:08:28 PM
 #4034

All others namecoins also not received?

I didn't process all payments yet; I was waiting untill all blocks mature, which happen before few hours. I'll pay out also namecoins, of course.

thehairymob
Full Member
***
Offline Offline

Activity: 152
Merit: 102


View Profile WWW
October 20, 2011, 04:23:40 PM
 #4035

I hope you find a way to come back from this Slush as I did like mining withat your pool. I've move over to Ars for now but it will take some to get used too. I keep tabs on this thread to see when your back up and running. Smiley
digital
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
October 20, 2011, 04:48:58 PM
 #4036

I keep tabs on this thread to see when your back up and running. Smiley

+1

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
dishwara
Legendary
*
Offline Offline

Activity: 1855
Merit: 1016



View Profile
October 20, 2011, 04:55:40 PM
 #4037

I keep tabs on this thread to see when your back up and running. Smiley

+1

+100's
Sargasm
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
October 20, 2011, 05:18:28 PM
Last edit: October 20, 2011, 05:34:43 PM by Sargasm
 #4038

Slush... I have an idea...

Soooo...

Basically, you have a problem with public addresses for your pool.

If only you could ensure that no one knew how to find your pool unless they had trust... you could just use a static IP and have people mine there.

Here is one REALLY good litmus to determine whether or not a user should have trust... hashing.

If you pull from your DB of users, those who have hashed over a certain amount in the last couple weeks for instance... you could tell with a degree of certainty that these are all trusted people.

So... then you email all those users (I would be one of these people)...

Just email a private ip for the server to those users... or perhaps a domain name whatever... just something you don't post on here.

Sure, you'll lose a lot of hashing power, but it would let you continue to operate.  I liked mining with your pool, I was doing quite well.

That way maybe you can operate in the short term as a private pool using trusted participants.

The reason I do not suggest that you allow ALL miners that have been working to get the address is that quite likely, your attackers have been mining the pools somewhat to ensure they were functionally down.
CyberPhunk
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
October 20, 2011, 05:53:13 PM
 #4039

Slush... I have an idea...

Soooo...

Basically, you have a problem with public addresses for your pool.

If only you could ensure that no one knew how to find your pool unless they had trust... you could just use a static IP and have people mine there.

Here is one REALLY good litmus to determine whether or not a user should have trust... hashing.

If you pull from your DB of users, those who have hashed over a certain amount in the last couple weeks for instance... you could tell with a degree of certainty that these are all trusted people.

So... then you email all those users (I would be one of these people)...

Just email a private ip for the server to those users... or perhaps a domain name whatever... just something you don't post on here.

Sure, you'll lose a lot of hashing power, but it would let you continue to operate.  I liked mining with your pool, I was doing quite well.

That way maybe you can operate in the short term as a private pool using trusted participants.

The reason I do not suggest that you allow ALL miners that have been working to get the address is that quite likely, your attackers have been mining the pools somewhat to ensure they were functionally down.

And, if the bot net owner has an actual miner or two of their own? What then?

List of client download mirrors / Older Catalyst drivers/SDK
13dRbbqBpfZEmZiXXdLM4NKNoJYsgHbuFJ  <- might as well, in case someone feels generous. Wink
m3ta
Sr. Member
****
Offline Offline

Activity: 435
Merit: 250



View Profile WWW
October 20, 2011, 06:24:53 PM
 #4040

Slush... I have an idea...

Soooo...

Basically, you have a problem with public addresses for your pool.

If only you could ensure that no one knew how to find your pool unless they had trust... you could just use a static IP and have people mine there.

Here is one REALLY good litmus to determine whether or not a user should have trust... hashing.

If you pull from your DB of users, those who have hashed over a certain amount in the last couple weeks for instance... you could tell with a degree of certainty that these are all trusted people.

So... then you email all those users (I would be one of these people)...

Just email a private ip for the server to those users... or perhaps a domain name whatever... just something you don't post on here.

Sure, you'll lose a lot of hashing power, but it would let you continue to operate.  I liked mining with your pool, I was doing quite well.

That way maybe you can operate in the short term as a private pool using trusted participants.

The reason I do not suggest that you allow ALL miners that have been working to get the address is that quite likely, your attackers have been mining the pools somewhat to ensure they were functionally down.

And, if the bot net owner has an actual miner or two of their own? What then?

^ This.
Also, the internet's reputation for keeping secrets is "not too good". *snicker*

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
Pages: « 1 ... 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 [202] 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 ... 1154 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!