[4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool

[Thralen]

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

[Jack of Diamonds]

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

[notawake]

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

That sounds like a terrible idea.

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

Technically speaking, it's not just multiple attackers. If someone like slush went that route, all each attacker has to do is create more attacker identities and keep threatening him until he goes bankrupt/quits.

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

I suppose you could hire an attacker (perhaps also with performance incentives) to attack the other attackers, but there's a huge legal risk there and the attacker makes profits that can be reinvested at a later time into attacking slush, meaning the attacker has a better position against slush over time. Also keep in mind that the attacker is likely stealing resources (i.e. using trojans/malware to steal computer and internet access for a botnet) and slush may not be able to steal, so a successful strategy for slush would probably focus on avoidance/hiding rather than interaction with DDOS attackers.

I think the tor idea is a much better idea. It can probably be extended into giving out an onion address to each user and hiding the pool server's IPs. If there's a DDOS against one onion address and attack packets reach the mining IPs, just nullroute that onion address. Only issues would be the web server IP (or onion address) would probably have to be known to many for signups, beginner info, etc. and reliance on the tor network. Tor does have some DDOS protections built-in, as described here.

[Eveofwar]

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

So if I'm a 100 gbps attacker, and you are a 100 gbps attacker...how do you deter me from destroying slush ?

Do you have my IP ?  Do you have my contact info ?  Do you have anyway of causing any detriment to me ?

Nope.

[Thralen]

What do you think about paying protection money to a hypothetical multi-gbps attacker
at a rate of say -50 - -80% of what a datacenter will take for professional anti-DDoS/mitigation services?

Logical problem here. That might work for the first, but what happens when the second, third, fourth, ad nauseum shows up and wants their cut. Won't work.

thralen

10-100gbps attacker has methods to deter other, smaller parties from conflicting with his financial interests.

And you think that currently and in the future there is only one of that size. You think that he would go out of his way to stop others trying the same? Remember, no honor amongst thieves and someone running a botnet of that size is surely a thief...

Note I didn't even begin to cover the moral issue there. I wouldn't mine at a pool that was paying off attackers. I bet lots of others wouldn't either. I think the Tor option is a much better route to follow as mentioned by Notawake.

[mitchel]

so...is there a problem with payouts?

[Jack of Diamonds]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

[Thralen]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

So obviously, your "solution" which is, in essence, advocating for extortion, is the way to go? *shakes head*

Be careful, next step would be a bitcoin mafia and the next thing you know people will be waking up with the heads of servers in bed with them...

In history, if you look for it, traditionally when you give in to extortion they then try to extort more, and more... and then some more. Until there is nothing left. You can always count on human nature, so long as you know that human nature includes a massive helping of greed.

Thralen

[Jack of Diamonds]

Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime)

Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away.
If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'.

'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower.

[mitchel]

so....is slush aware of the payout issue?

[Thralen]

Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime)

Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away.
If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'.

'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower.

or offender says "hell with them, I'll teach them a lesson" and puts them down repeatedly, potentially driving them out of business. That was the reason they were paying in the first place, to stay online. Then the offender picks up the newer companies springing up to take over from the first and demands a bigger cut saying "Look what I did to them, you can avoid it if..."

It is extortion, plain and simple. Here, let me give you the definition:

extort:verb: to obtain from a person by force, intimidation, or undue or illegal power

and this is what you say is the perfect plan? Perchance, what do you consider the worst plan? Actually standing by your principals and trying to work out a different solution? Just sayin...

And on that note, I think it is time to change to my secondary pool until Slush is back and figures out what is up with payments.

Thralen

[notawake]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

I think you are underestimating the Tor network.

As I mentioned in my previous post, Tor has some DDOS protections built-in, as described here. These will make many forms of DDOS over Tor impossible or very hard to do. Tor only allows TCP connections through the network.

Currently, according to this source, the Tor network is about 8.5 Gb/s. Obviously, this is less than 20 Gbps, but the Tor bandwidth is distributed across more than 2500 servers with multiple ISPs across the world. This arrangement would be cost prohibitive for slush to acquire on his own. Instead of messing with 1-2 ISPs, an attacker has to mess with 100s of them, including Amazon (yes, I saw some EC2 instances in the list) and universities, which tend to have some of the best connections. This will decrease the chance that the attack will work.

If the attacker is using a botnet, there is a higher chance that, for example, compromised machines with SBC Global IPs will be attacking Tor nodes that also have SBC Global IPs. This ISP now has an incentive to investigate and disconnect the compromised machines. Additionally, each ISP has it's own DDOS defense strategy. Some may fail, but some will work.

The public directory does not include Tor bridges, which further adds security to the Tor network.

Mt. Gox's strategy with a few alterations would be perfect from a financial standpoint (maximum profit, lowest expenses, and highest uptime)

Pay ~30% of Prolexic's charged rates to the biggest attacker, with an agreement of keeping other attackers away.
If 'offender' breaks the deal by demanding a bigger cut or by not being hostile towards other attackers, you siphon the extra to Prolexic and give nothing to the 'offender'.

'Offender' is forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower.

I didn't know that Mt. Gox had that strategy, but you also have to consider motive. It appears that a major attacker would want to take down a mining pool so that the difficulty goes down and the attacker makes (or at least expects to make) more money. The attacker may even be aiming for 51% network power. So it may be more profitable for the attacker to continue attacking rather than take a relatively small amount of money from slush. But this is less likely to apply for Mt. Gox since attacks on exchanges would drive down the value of Bitcoin.

I also don't understand how one attacker can keep away other attackers given that attackers usually don't reveal themselves to each other. Also, the attacker isn't "forced to choose between earning $0 per month or convincing you to accept back the earlier rate, maybe lower" because they can choose to take the money they earned through extortion and invest it in attacking you. That's usually how extortion works. Once the gravy train starts flowing, it's hard to stop it.

[mitchel]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?

[Thralen]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?

I'm thinking his botnet must not be being profitable for him. It is the only reason I an see for advocating for pools to contribute to further illegal behavior as well as probably cut profits for miners since the pool owner will have to recoup costs someplace. *shrug*

Thralen

[Portnoy]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?

If you want I can make him an offer he can't refuse.

Some day, and that day may never come, I may call upon you to do a service for me. But, until that day, accept this, as a gift.

[Thralen]

A malicious attacker needs not to target the pool or hidden service;
since TOR is a relatively low bandwidth network it takes very few resources to grind all active onion routers to a halt.

All active router info is publicly available at directory server.
Every router merely knows the last and next hop, the origin of attack cannot be traced and it only shows up as large amounts of traffic & appears as a normal router

DoS against the entire TOR network is also cheaper than a well hosted single site with high bandwidth.
Even a 20gbps attack would render the network unusably slow. It is a brute force method but it will achieve the goal & make a pool unreachable.

It only needs to last as long as people switch to other pools, and if they come back, target the network again.

Are you an attacker Jack of Diamonds?

If you want I can make him an offer he can't refuse.

Some day, and that day may never come, I may call upon you to do a service for me. But, until that day, accept this, as a gift.

Glad someone got the heads of servers reference... 

[slush]

Is there an issue with payout on BTC right now?

Yes, payouts were not working since yesterday database crash and I didn't noticed that. My apologize, it's fixed now.

Btw it's funny that those people who received their rewards twice (because reward updates in database failed thanks to db issues) aren't complaining here ;-).

[Thralen]

Is there an issue with payout on BTC right now?

Yes, payouts were not working since yesterday database crash and I didn't noticed that. My apologize, it's fixed now.

Btw it's funny that those people who received their rewards twice (because reward updates in database failed thanks to db issues) aren't complaining here ;-).

Thanks Slush, re: payouts fixed... re:people not mentioning double payout, see my quote from a few messages earlier:

"You can always count on human nature, so long as you know that human nature includes a massive helping of greed."

Thralen...

[Jack of Diamonds]

because they can choose to take the money they earned through extortion and invest it in attacking you. That's usually how extortion works. Once the gravy train starts flowing, it's hard to stop it.

https://bitcointalk.org/index.php?topic=49038.msg584062#msg584062


They can't. Prolexic itself is impossible to bring down even with the largest available botnet. It has more bandwidth than Google.
Mt. Gox routes all traffic through them in the event of DDoS (such as the recent attack during which they experienced 11gbps attack; medium size)

Routing traffic to a gigantic DDoS mitigator with multi terabit/s capacity is a checkmate against the attacker.
There is nothing more you can do at that point, even if you had 1000gbps attack capacity.

Downside: It costs a lot of money (in the 4-5 figures) per month. If you persuade 'attacker' to voluntarily stop in exchange for a smaller sum than charged by Prolexic, both sides win.
By being forced to pay exorbitant prices to a prevention company both sides lose in the long run.

Of course, it's not an 'orthodox business practice'. But money is money, it has no pride or ego. It's numbers.

[Crypt_Current]

If you persuade 'attacker' to voluntarily stop in exchange for a smaller sum than charged by Prolexic, both sides win.

The problem with that scenario is the attacker has all the power to choose when to start again... so what if the attacker was paid?  The attacker could be having a particularly bad day and need to take it out on someone...