Bitcoin Forum
December 06, 2016, 02:07:05 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Protecting Pools from DDoS Attacks  (Read 1069 times)
Rob P.
Member
**
Offline Offline

Activity: 84



View Profile WWW
July 05, 2011, 03:10:43 PM
 #1

Just curious...

I know a lot of pools deal with DDoS attacks.  Do folks know about/use CloudFlare?
http://www.cloudflare.com/

According to the site there's even a free version:
http://www.cloudflare.com/plans.html

I'm not affiliated in any way with them, just wondering about their ability to service the Bitcoin mining community with protection from DDoS.

Apparently BTCGuild is down right now on 4 pools because of  DDoS attack.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
1481033225
Hero Member
*
Offline Offline

Posts: 1481033225

View Profile Personal Message (Offline)

Ignore
1481033225
Reply with quote  #2

1481033225
Report to moderator
1481033225
Hero Member
*
Offline Offline

Posts: 1481033225

View Profile Personal Message (Offline)

Ignore
1481033225
Reply with quote  #2

1481033225
Report to moderator
1481033225
Hero Member
*
Offline Offline

Posts: 1481033225

View Profile Personal Message (Offline)

Ignore
1481033225
Reply with quote  #2

1481033225
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481033225
Hero Member
*
Offline Offline

Posts: 1481033225

View Profile Personal Message (Offline)

Ignore
1481033225
Reply with quote  #2

1481033225
Report to moderator
lebuen
Member
**
Offline Offline

Activity: 106


View Profile
July 05, 2011, 03:15:45 PM
 #2

Like I said...  it's a content distribution network which helps you by distributing static content across multiple servers. Won't help with the getwork-queries which have to be real-time. Unfortunately.
Rob P.
Member
**
Offline Offline

Activity: 84



View Profile WWW
July 05, 2011, 03:24:12 PM
 #3

Like I said...  it's a content distribution network which helps you by distributing static content across multiple servers. Won't help with the getwork-queries which have to be real-time. Unfortunately.

Yep, that answers it and makes sense.

Though I guess the operators could at least run their member website through CloudFlare to communicate to their end users.
Since they tossed the botnet out of the system, a news page behind the login page, could allow for notifying miners of a new pool address/port.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
josephholsten
Newbie
*
Offline Offline

Activity: 18


yep, I'm with bitp.it


View Profile WWW
July 05, 2011, 03:28:50 PM
 #4

By the time an attacker can make getwork requests (or worse: submit shares), they have the ability to hose any weakness in your entire stack, from router to database query. If you haven't filtered them by then, you may as well actually provide them a real response.

You should focus on logging any suspicious activity and put systems in place to ban access to repeat violators. denyhosts is a great example of how to do this for a single host on a single service. IDS systems are your friend, but you'll need more than that.

You should also keep a whitelist around for when you're really getting hosed. Let known good miners and api users have access, but keep the rest of the world at bay until the storm subsides.

Mine @  <http://pool.bitp.it>
Chat with us @ irc://irc.freenode.net/#bitp.it
Learn more about our pool @ <http://forum.bitcoin.org/index.php?topic=12181.0>
hugolp
Hero Member
*****
Offline Offline

Activity: 742



View Profile
July 05, 2011, 03:37:51 PM
 #5

You should also keep a whitelist around for when you're really getting hosed. Let known good miners and api users have access, but keep the rest of the world at bay until the storm subsides.

Whitelist sounds like the perfect solution for pools. Webs can not use it because everybody visits them, but miners have to register and you know their ip beforehand.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252



View Profile
July 05, 2011, 04:00:36 PM
 #6

Slush and Tycho got rid of their DDoS attacks back a month ago with the use of blacklisting/whitelisting IP's based on 'suspicious', 'normal' and 'repeat' traffic,
so that's one "simple" solution you don't need to pay hundreds of thousands of dollars for.

For example, slush's pool was initially only allowing people to connect that were actively submitting shares to the pool lately.
Pretty fool-proof if you ask me.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!