POOLS under DDOS ATTACKS

[joepie91]

Distributed denial of service attacks - DDoS can be defeated and prevented - but the victim may need to change their internet service provider.

Briefly, a DDoS stems from a multitude of controlled client computers - the botnet - in which the botnet operator causes them to flood a particular victim web service with connection requests or other useless messages that may consume all the input bandwidth allowed the victim, leaving none for legitimate customers.

DDoS attack traffic can be detected and removed by a cooperative internet service provider.  The ISP generally has very high capacity bandwidth with the internet backbone network, and the point of connection to the backbone DDoS filtering can be performed on behalf of the victim's servers hosted by the ISP.  This DDoS mitigation and prevention service is promoted by certain ISPs - for example those now hosting Mt Gox and BTC Guild.  Other ISPs may not be as cooperative or may not have the network devices to effectively prevent DDoS attacks.

Most small websites using low-cost ISPs are thus unable to withstand DDoS attacks with their present ISP and must migrate their servers to a more secure ISP when attacked.

DDoS resistant hosting which can actually withstand a sustained attack is very expensive.  You basically end up having to pay for the bandwidth either way.

The best strategy for stopping a DDoS is to already have protection and thus not go down in the first place.  Only the most dedicated attacker is going to redouble their efforts and try again.  However if you move to DDoS hosting they know it's costing you more money and will continue.

Before people start screaming "but here you can get DDoS protected hosting for only $20 a month!", let me also mention that 99% of the providers offering 'DDoS protection' choke on anything more than a gigabit. They typically have one Cisco Guard or similar hardware, and then claim it's 'DDoS protected'. Any serious attack will still go through. The same goes for providers with a fixed 'filtering capacity' or 'cleaned bandwidth limit'. They will just suspend your plan after you get too much DDoS.

The cheapest DDoS protection you can find that will actually achieve something starts at ~$300 (at hosts who are located in Dragonara, for example), and even then the costs will probably rack up if you need more filtering capacity.

[1713454568]

1713454568

[1713454568]

1713454568

[1713454568]

1713454568

[ThiagoCMC]

Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

Well, I have another idea... Don't know if can work by the way...

c) Make mining pool inaccessible from the outside, from the Internet (no route for it, no DNS), making the pool at some intranet, so, every single miner, like you and me, should authenticate itself in some Internet point and then, it will be able start a VPN with some hidden Internet VPN server and voiala, we will have access to the Mining Pool intranet network.

c.1) The login system at the Internet is just a "login"... Should be hosted everywhere... It should be simple and not browser dependent...

c.2) The VPN servers will be accessible only after the login, only for that session, otherwise, they will remain closed by firewalls and/or border gateways...

c.3) The VPN servers will be hosted everywhere too, the behind them, there is a Mining Pool...

 I'm thinking in OpenVPN or IPSec to achieve this...

 We will be able to identify and close any irregular traffic, not affecting the regular users / miners...

 To the miners, this should be totaly transparent, they just need to setup one more user/pass somewhere, that will be used before miner starts...

Well, this is just an idea that come to mind as I was sleeping...  \o/

[phantomcircuit]

Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

Well, I have another idea... Don't know if can work by the way...

c) Make mining pool inaccessible from the outside, from the Internet (no route for it, no DNS), making the pool at some intranet, so, every single miner, like you and me, should authenticate itself in some Internet point and then, it will be able start a VPN with some hidden Internet VPN server and voiala, we will have access to the Mining Pool intranet network.

c.1) The login system at the Internet is just a "login"... Should be hosted everywhere... It should be simple and not browser dependent...

c.2) The VPN servers will be accessible only after the login, only for that session, otherwise, they will remain closed by firewalls and/or border gateways...

c.3) The VPN servers will be hosted everywhere too, the behind them, there is a Mining Pool...

 I'm thinking in OpenVPN or IPSec to achieve this...

 We will be able to identify and close any irregular traffic, not affecting the regular users / miners...

 To the miners, this should be totaly transparent, they just need to setup one more user/pass somewhere, that will be used before miner starts...

Well, this is just an idea that come to mind as I was sleeping...  \o/

This is a simple bandwidth exhaustion attack.  What you suggestion would actually make this attack much easier.

[ThiagoCMC]

Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Botnets are indestructible!!! http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

How many infected PC (aka botnets zoombies) are Windows? 99% of it!
How many infected computers (aka botnet zoombies are Linux? 0,000001% of it?! Probably...

So, just use Linux (like Ubuntu or Debian) to end these botnets...

It is MUCH more difficulty to make a virus to Linux... I'm honestly do not believe that somebody can make a Linux Virus capable of infecting all Linux variants across the globe.. It is near impossible to do that.

[ThiagoCMC]

Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

Well, I have another idea... Don't know if can work by the way...

c) Make mining pool inaccessible from the outside, from the Internet (no route for it, no DNS), making the pool at some intranet, so, every single miner, like you and me, should authenticate itself in some Internet point and then, it will be able start a VPN with some hidden Internet VPN server and voiala, we will have access to the Mining Pool intranet network.

c.1) The login system at the Internet is just a "login"... Should be hosted everywhere... It should be simple and not browser dependent...

c.2) The VPN servers will be accessible only after the login, only for that session, otherwise, they will remain closed by firewalls and/or border gateways...

c.3) The VPN servers will be hosted everywhere too, the behind them, there is a Mining Pool...

 I'm thinking in OpenVPN or IPSec to achieve this...

 We will be able to identify and close any irregular traffic, not affecting the regular users / miners...

 To the miners, this should be totaly transparent, they just need to setup one more user/pass somewhere, that will be used before miner starts...

Well, this is just an idea that come to mind as I was sleeping...  \o/

This is a simple bandwidth exhaustion attack.  What you suggestion would actually make this attack much easier.

Well, never mind...   :-P

[joepie91]

Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Botnets are indestructible!!! http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

How many infected PC (aka botnets zoombies) are Windows? 99% of it!
How many infected computers (aka botnet zoombies are Linux? 0,000001% of it?! Probably...

So, just use Linux (like Ubuntu or Debian) to end these botnets...

It is MUCH more difficulty to make a virus to Linux... I'm honestly do not believe that somebody can make a Linux Virus capable of infecting all Linux variants across the globe.. It is near impossible to do that.

Actually it would be possible to make something that runs on every Linux distro (it's all still just Linux), but it's a lot harder to make something that doesn't go away after you restart/relogin.

[bitcoinminer]

It is MUCH more difficulty to make a virus to Linux... I'm honestly do not believe that somebody can make a Linux Virus capable of infecting all Linux variants across the globe.. It is near impossible to do that.

http://en.wikipedia.org/wiki/Morris_worm

Aside from the first internet worm, of course

[X68N]

Do you really know how a botnet works?

muaaahhaha? harder please ;-)