Bitcoin Forum
March 28, 2024, 04:11:57 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: POOLS under DDOS ATTACKS  (Read 5426 times)
wolftaur
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 07, 2011, 05:56:43 PM
 #21

25k bots is a hell of a lot, do you have any figures for this or are you making it up?

The number was just an example. Even a thousand on home cable is a lot in terms of targetable bandwidth. If each can do 100KiB/sec outbound that's nearly 100MiB/sec pointed somewhere.

"MOOOOOOOM! SOME MYTHICAL WOLFBEAST GUY IS MAKING FUN OF ME ON THE INTERNET!!!!"
1711642317
Hero Member
*
Offline Offline

Posts: 1711642317

View Profile Personal Message (Offline)

Ignore
1711642317
Reply with quote  #2

1711642317
Report to moderator
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711642317
Hero Member
*
Offline Offline

Posts: 1711642317

View Profile Personal Message (Offline)

Ignore
1711642317
Reply with quote  #2

1711642317
Report to moderator
1711642317
Hero Member
*
Offline Offline

Posts: 1711642317

View Profile Personal Message (Offline)

Ignore
1711642317
Reply with quote  #2

1711642317
Report to moderator
TraderTimm
Legendary
*
Offline Offline

Activity: 2408
Merit: 1121



View Profile
July 07, 2011, 06:36:10 PM
 #22

The pool operators could get another ingress to their 'head end' servers and be protected by another provisioned path, or split up their pools to sub-pools operating on different providers. Just a strategy to provide numerous smaller targets than one big one. Or everyone could go to solo-mining, but I doubt that would happen.


fortitudinem multis - catenum regit omnia
swusc2
Sr. Member
****
Offline Offline

Activity: 304
Merit: 250


Do your part for Bitcoin!


View Profile
July 07, 2011, 06:53:05 PM
 #23

The pool operators could get another ingress to their 'head end' servers and be protected by another provisioned path, or split up their pools to sub-pools operating on different providers. Just a strategy to provide numerous smaller targets than one big one. Or everyone could go to solo-mining, but I doubt that would happen.



Even if you distribute server pools to smaller servers, it's not hard for a bot herder to just direct their DDOS to 4 smaller server as opposed to 1 big server. BTC Guild was split up into 5 independent providers and still got successfully DDOS attacked. Also you can't protect servers from DDOS by using ingress servers. If all traffic has to go through the ingress server, the bot herder just points at the ingress and everyone gets locked out. If you are trying to ban at the server level you are already fucked. One of the biggest issues associated with Bitcoin Pools is that Mining itself looks like a DDOS so it is very hard to distinguish between the two.

The only answers to DDOS prevention:
A) Have huge pipes

or

B) GET THE CRAP OFF OF GRANDMAS SHITTY COMP.

Impress your friends! Buy a bitcoin keychain!
http://forum.bitcoin.org/index.php?topic=30799.0
bitrebel
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
July 07, 2011, 07:02:29 PM
 #24

HYIPs always get DDos'd when they start up. Now, why on earth would the people attack HYIPs?

Obviously, the government does not want people making money or getting ahead. Not necessarily the government but operatives within the gov, working for the CIA or bankers, but mostly just working to keep the rich, rich, and the poor, poor.

When Bitcoin mining gets DDos'd, it tells me, personally, that the people who do not wish others to make money in this way, are the ones who are attacking. I doubt that it's frustrated people. I think it's collaborative among gov agencies, working privately.

Of course it's just a guess and i'm paranoid and always offer up the conspiracy-ended possibility, but you have to look at "where is the motive"? and "who benefits"?

People overlook the fact that central bankers control a whole lot of computers, people and corporations, as well as governments themselves. And then they overlook the fact that doing this would definitely be in their interest.

Just saying, I don't think it's random hackers.

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
grndzero
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
July 07, 2011, 08:31:03 PM
 #25

HYIPs always get DDos'd when they start up. Now, why on earth would the people attack HYIPs?

Obviously, the government does not want people making money or getting ahead. Not necessarily the government but operatives within the gov, working for the CIA or bankers, but mostly just working to keep the rich, rich, and the poor, poor.

When Bitcoin mining gets DDos'd, it tells me, personally, that the people who do not wish others to make money in this way, are the ones who are attacking. I doubt that it's frustrated people. I think it's collaborative among gov agencies, working privately.

Of course it's just a guess and i'm paranoid and always offer up the conspiracy-ended possibility, but you have to look at "where is the motive"? and "who benefits"?

People overlook the fact that central bankers control a whole lot of computers, people and corporations, as well as governments themselves. And then they overlook the fact that doing this would definitely be in their interest.

Just saying, I don't think it's random hackers.

Occam's Razor says it's a botnet hearder that's pissed because they got locked out of the 4 largest polls (and probably more) and is DDOS'ing the pools instead.

Ubuntu Desktop x64 -  HD5850 Reference - 400Mh/s w/ cgminer  @ 975C/325M/1.175V - 11.6/2.1 SDK
Donate if you find this helpful: 1NimouHg2acbXNfMt5waJ7ohKs2TtYHePy
n0m4d
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 07, 2011, 08:37:25 PM
 #26

Perhaps the affected pool owners could post a bounty for the botnet owner's identity...
Bitcoin Swami
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
July 07, 2011, 08:45:05 PM
 #27

Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?
de_bert
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
July 07, 2011, 08:56:12 PM
 #28

Slush makes 1500 BTC daily with a 2% fee, that's about $13,000 a month. That could buy some serious bandwidth

So Slush's pool is solving 1500 blocks daily? That's why difficulty keeps increasing every two days....
And I'm glad I'm part of it, i get about 0.02 BTC out of every block, giving me a profit of 1500*0.02=30BTC per day! Not.

But you probably meant 1500 BTC per month, which would fit the rest of your message :-)
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
July 07, 2011, 08:58:00 PM
 #29

Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Botnets are indestructible!!! http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

jon_smark
Member
**
Offline Offline

Activity: 90
Merit: 10


View Profile
July 07, 2011, 08:58:41 PM
 #30

Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Not from within.  Modern malware can be so devious that you cannot really trust a negative report from an antivirus program that is running from inside a compromised system.  The solution is to either boot from a live-CD and perform a scan of your hard-drive from there, or to just nuke the system completely and reinstall everything fresh from a trusted source.

Statistically speaking, if you are running Windows and you are posing such beginner questions (no offense!), it is very well possible that your system may indeed be compromised and part of a botnet.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
July 07, 2011, 09:03:55 PM
 #31

HYIPs always get DDos'd when they start up. Now, why on earth would the people attack HYIPs?

Obviously, the government does not want people making money or getting ahead.

Your logic is funny at best.
Online HYIPs are without exception ponzi schemes. Every single one of them. In the end only the few people joining at the beginning make money and the rest lose.

The government has only to benefit if you make money or get ahead. Ever head of capital tax? They *encourage* you to earn money so that they can get a cut of it.

Only people in the world with a motivation to DDoS HYIPs are other HYIP admins who want to drive suckers to their own site by discrediting the other site with constant downtime.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
X68N
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
July 08, 2011, 02:48:18 AM
 #32

I have an idea,
isnt it possible to fight botnets to reroute the traffic back to its own pcs?
But,Only 1 PC of this Botnet at a time gets all the traffic for a limited time.
If this PC hangsup, next PC of the Botnet gets the traffic.

does anybody think this could work?

(maybe send the Traffic at the Command & Controll port? )

YOBIT IS SCAM , YOBIT IS SCAM , YOBIT IS SCAM meine Steuerdatei:
https://bitcointalk.org/index.php?topic=612741.msg19244732#msg19244732
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
July 08, 2011, 08:58:53 AM
 #33

I have an idea,
isnt it possible to fight botnets to reroute the traffic back to its own pcs?
But,Only 1 PC of this Botnet at a time gets all the traffic for a limited time.
If this PC hangsup, next PC of the Botnet gets the traffic.

does anybody think this could work?

(maybe send the Traffic at the Command & Controll port? )
There are several issues with this:
1. When successful you will be taking out internet connections of people that have nothing to do with it (whose computer is infected with a bot).
2. Your bandwidth is already getting raped, so it'll be hard to send anything of significance the other way Smiley
3. You typically can't just find the C&C server... you only have the IP addresses of the infected computers/rooted servers that are attacking you. It would take a considerable amount of cracking (into a compromised server or computer) to figure out where the C&C is.
4. You will only be able to attack 1 or a few IPs at the same time... botnets often rely on numbers rather than individual capacity, rendering your attack useless. When you stop attacking a machine, it just comes back as if nothing happened.
5. It's blatantly illegal to do all of the above, and will most likely not only get your server shutdown by your hosting provider, but will also get you into legal issues.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
July 08, 2011, 11:08:26 AM
 #34

Slush makes 1500 BTC daily with a 2% fee, that's about $13,000 a month. That could buy some serious bandwidth

So Slush's pool is solving 1500 blocks daily? That's why difficulty keeps increasing every two days....
And I'm glad I'm part of it, i get about 0.02 BTC out of every block, giving me a profit of 1500*0.02=30BTC per day! Not.

But you probably meant 1500 BTC per month, which would fit the rest of your message :-)

1500 BTC daily is 30 blocks per day.

http://mining.bitcoin.cz/stats/graphs/

X68N
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
July 08, 2011, 01:24:23 PM
 #35

There are several issues with this:
1. When successful you will be taking out internet connections of people that have nothing to do with it (whose computer is infected with a bot).
2. Your bandwidth is already getting raped, so it'll be hard to send anything of significance the other way Smiley
3. You typically can't just find the C&C server... you only have the IP addresses of the infected computers/rooted servers that are attacking you. It would take a considerable amount of cracking (into a compromised server or computer) to figure out where the C&C is.
4. You will only be able to attack 1 or a few IPs at the same time... botnets often rely on numbers rather than individual capacity, rendering your attack useless. When you stop attacking a machine, it just comes back as if nothing happened.
5. It's blatantly illegal to do all of the above, and will most likely not only get your server shutdown by your hosting provider, but will also get you into legal issues.

1. They have a lot to do with it.
When you have a car accident and it was your fault, the police didn't take the "excuse me it was my car, i did nothing to do with it" ;-)

2.just droping ALL incoming pacets and requests doesnt work? and just remember the IPs to send back?

3.that was not my intension , because i know it doesnt work.
4. maybe then an anti-botnet-trojan/worm is needed xD
5.ah and why the providers dont take the infected machines down, and send to the owners letters with rembering to the terms&conditions of the ISP?!? just reroute traffic isnt illegal.

YOBIT IS SCAM , YOBIT IS SCAM , YOBIT IS SCAM meine Steuerdatei:
https://bitcointalk.org/index.php?topic=612741.msg19244732#msg19244732
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
July 08, 2011, 01:29:32 PM
 #36


5.ah and why the providers dont take the infected machines down, and send to the owners letters with rembering to the terms&conditions of the ISP?!? just reroute traffic isnt illegal.

Pretend you're a cable provider.

Investigating what your clients are doing and whether or not their PCs are infected costs you >0.  Doing nothing costs 0.
Shutting down a paying customer costs you 39.95 a month.  Leaving them on earns you 39.95 a month.

Ask the question again.

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
July 08, 2011, 01:30:08 PM
 #37

There are several issues with this:
1. When successful you will be taking out internet connections of people that have nothing to do with it (whose computer is infected with a bot).
2. Your bandwidth is already getting raped, so it'll be hard to send anything of significance the other way Smiley
3. You typically can't just find the C&C server... you only have the IP addresses of the infected computers/rooted servers that are attacking you. It would take a considerable amount of cracking (into a compromised server or computer) to figure out where the C&C is.
4. You will only be able to attack 1 or a few IPs at the same time... botnets often rely on numbers rather than individual capacity, rendering your attack useless. When you stop attacking a machine, it just comes back as if nothing happened.
5. It's blatantly illegal to do all of the above, and will most likely not only get your server shutdown by your hosting provider, but will also get you into legal issues.

1. They have a lot to do with it.
When you have a car accident and it was your fault, the police didn't take the "excuse me it was my car, i did nothing to do with it" ;-)

2.just droping ALL incoming pacets and requests doesnt work? and just remember the IPs to send back?

3.that was not my intension , because i know it doesnt work.
4. maybe then an anti-botnet-trojan/worm is needed xD
5.ah and why the providers dont take the infected machines down, and send to the owners letters with rembering to the terms&conditions of the ISP?!? just reroute traffic isnt illegal.

Do you know how a botnet works at all?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
SlipperySlope
Hero Member
*****
Offline Offline

Activity: 686
Merit: 501

Stephen Reed


View Profile
July 08, 2011, 01:49:12 PM
Last edit: July 08, 2011, 04:07:43 PM by SlipperySlope
 #38

Distributed denial of service attacks - DDoS can be defeated and prevented - but the victim may need to change their internet service provider.

Briefly, a DDoS stems from a multitude of controlled client computers - the botnet - in which the botnet operator causes them to flood a particular victim web service with connection requests or other useless messages that may consume all the input bandwidth allowed the victim, leaving none for legitimate customers.

DDoS attack traffic can be detected and removed by a cooperative internet service provider.  The ISP generally has very high capacity bandwidth with the internet backbone network, and at the point of connection to the backbone DDoS filtering can be performed on behalf of the victim's servers hosted by the ISP.  This DDoS mitigation and prevention service is promoted by certain ISPs - for example those now hosting Mt Gox and BTC Guild.  Other ISPs may not be as cooperative or may not have the network devices to effectively prevent DDoS attacks.

Most small websites using low-cost ISPs are thus unable to withstand DDoS attacks with their present ISP and must migrate their servers to a more secure ISP when attacked.
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463
Merit: 252


View Profile
July 08, 2011, 02:58:38 PM
 #39

Distributed denial of service attacks - DDoS can be defeated and prevented - but the victim may need to change their internet service provider.

Briefly, a DDoS stems from a multitude of controlled client computers - the botnet - in which the botnet operator causes them to flood a particular victim web service with connection requests or other useless messages that may consume all the input bandwidth allowed the victim, leaving none for legitimate customers.

DDoS attack traffic can be detected and removed by a cooperative internet service provider.  The ISP generally has very high capacity bandwidth with the internet backbone network, and the point of connection to the backbone DDoS filtering can be performed on behalf of the victim's servers hosted by the ISP.  This DDoS mitigation and prevention service is promoted by certain ISPs - for example those now hosting Mt Gox and BTC Guild.  Other ISPs may not be as cooperative or may not have the network devices to effectively prevent DDoS attacks.

Most small websites using low-cost ISPs are thus unable to withstand DDoS attacks with their present ISP and must migrate their servers to a more secure ISP when attacked.

DDoS resistant hosting which can actually withstand a sustained attack is very expensive.  You basically end up having to pay for the bandwidth either way.

The best strategy for stopping a DDoS is to already have protection and thus not go down in the first place.  Only the most dedicated attacker is going to redouble their efforts and try again.  However if you move to DDoS hosting they know it's costing you more money and will continue.
KMBTC11
Newbie
*
Offline Offline

Activity: 57
Merit: 0



View Profile WWW
July 08, 2011, 02:58:55 PM
 #40

Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

QFT
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!