Bitcoin Forum
December 06, 2016, 07:51:23 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Pool "DDoS" is not really a DDoS "attack"!  (Read 3744 times)
Jine
Sr. Member
****
Offline Offline

Activity: 405


View Profile
July 21, 2011, 01:25:06 AM
 #1

Hi!

I just wanted to please tell all my fellow pool op's stop saying that xxx pool is under attack by a "DDoS".
The only pools that I really know of that have been attacked from a botnet are ours, deepbit and btcguild. (Those attacks have completely make the site and pool inaccessible due to the HUGE amount of traffic)

A Distributed Denial of Service attack is usually based on weaknesses of the system (getting huge amounts of getworks and draining bandwidth in the purpose of making the pool inaccessible) or just a HTTP-request attack against the website or similar. The whole purpose of a attack is to make the pool and/or website completely inaccessable, not slowing it down or "just" creating issues with the poolserver.

Someone pointing a botnet to mine at your pool does NOT make it a DDoS - it's just someone that wants to make bitcoins. It may make your bitcoind stall, but it's not an DDoS "ATTACK".
I've seen a couple of pools with < 400Gh claiming to be "attacked" by a DDoS - the real story is that it's just your system (mainly bitcoind) that can't handle the amount of connections from a botnet(!)

There are mainly two solutions for this - ban all hosts except trusted (easiest with a whitelist or similar, the "slush way") and/or load balance (btcguild/deepbit/bitlc) to be able to push the huge amount of getworks that botnets requests.

We got a pretty advanced setup with multiple PATCHED bitcoind/pushpoold running behind a load balancer - currently I'm seeing ~60k states in the load balancer
(of those are around 40-50k established connections against the nodes - both LP and keep-alive connections against pushpoold.)
I'm taking questions in this thread regarding protections and methods to be able to handle such a load - feel free to ask.

So guys, please stop saying that you're under "attack" when it's just a "fellow miner" that aiming a large cluster/botnet against your pool. Instead - solve the problem and make everyone happy.

Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481053883
Hero Member
*
Offline Offline

Posts: 1481053883

View Profile Personal Message (Offline)

Ignore
1481053883
Reply with quote  #2

1481053883
Report to moderator
gusti
Legendary
*
Offline Offline

Activity: 1102


View Profile
July 21, 2011, 01:32:25 AM
 #2

you mean your pool welcomes botnet mining ?  Huh

If you don't own the private keys, you don't own the coins.
Jine
Sr. Member
****
Offline Offline

Activity: 405


View Profile
July 21, 2011, 01:43:49 AM
 #3

If the "botnet" is legit, not using a proxy, go head.
I have a bunch of large clusters mining against us without any issues.

I cannot guarantee that it will scale for ever, but for now it seems really stable.

Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 21, 2011, 01:54:01 AM
 #4

So slush was never DDoSed, you say?

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
gusti
Legendary
*
Offline Offline

Activity: 1102


View Profile
July 21, 2011, 01:55:03 AM
 #5

botnets are never legit, because they come from stealing resources
http://en.wikipedia.org/wiki/Botnet


If you don't own the private keys, you don't own the coins.
V2-V3
Full Member
***
Offline Offline

Activity: 227


Jagersfontein


View Profile WWW
July 21, 2011, 01:58:40 AM
 #6

No "DDoS" Here

Quote
For the past two weeks BitClockers mining pool has been under an "Attack" by a very large botnet and over the weekend several more large botnets have joined in flooding our servers with get work requests on the order of thousands of requests every second and never returning any work. This severely drains the resources of the server and adds nothing to the hashing power of the pool. It is effecting the quality of service to our users and drains much of the time from the pool operator. Currently the bulk of man hours is spent defending the pool from the ongoing attack. We would rather be spending time on building up the pool and adding features

MiningBuddy
Moderator
Legendary
*
Offline Offline

Activity: 1058


฿itcoin ฿itcoin ฿itcoin


View Profile
July 21, 2011, 02:09:43 AM
 #7

I like how OP supports botnets but bans pool hoppers  Roll Eyes

error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 21, 2011, 02:15:17 AM
 #8

I have to wonder at why you'd want to make botnet operators happy.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
SmokeAndMirrors
Full Member
***
Offline Offline

Activity: 168


View Profile
July 21, 2011, 12:22:46 PM
 #9

so that he can find blocks faster -> make more btc for himself.

Help Bitcoins by buying clothes, technology, books, etc. through people/stores that accept BTC. This will increase overall value of BTC as well as mitigate unnecessary bank transaction fees.

My address -
1EM9HGg1SEa5Bux1rVEPxGqGSfNTTc9EkC
slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
July 21, 2011, 02:12:57 PM
 #10

My pool was DDoSed many times (classic SYN flood attacks). I don't think milions of connection requests per second can be considered as action of "fellow miners" Smiley.

phorensic
Hero Member
*****
Offline Offline

Activity: 630



View Profile
July 21, 2011, 03:54:51 PM
 #11

Jine, you are spot on in your OP.  We are patched for a large number of connections and today should be a good test for us.
AnnihilaT
Full Member
***
Offline Offline

Activity: 196



View Profile
July 21, 2011, 04:04:19 PM
 #12

This is exactly what i have suspected for a long time.   Technically your explanation is not 100% spot on but the general idea of what you are saying is indeed correct.   This has been annoying me as well.  Thanks for finally pointing out the elephant in the room Smiley
Jine
Sr. Member
****
Offline Offline

Activity: 405


View Profile
July 21, 2011, 04:42:09 PM
 #13

I like how OP supports botnets but bans pool hoppers  Roll Eyes

I like how your spreading bullshit Smiley *not*
I do not ban anyone, not even botnets - if they don't abuse nor affect the system in a bad way.

I have banned a few hopping-pools due to they don't get load balanced and makes nodes hang with the huge amount of connections. (This is due we're using sticky connections based on source ip-hash)

But yeah, keep thinking that Smiley

Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
eleuthria
Legendary
*
Offline Offline

Activity: 1750


BTC Guild Owner


View Profile WWW
July 21, 2011, 05:16:12 PM
 #14

Just to chime in and be "that guy":

While I completely agree and have said the same thing in IRC quite a bit about a lot of the smaller pools crying "DDoS", technically they ARE being DDoS'd.

The difference is, they're not being DDoS'd in a HOSTILE manner (ie: When BTC Guild was being hammered offline for DAYS by hundreds of thousands of computers, maxing out the pipes of all our servers).  The smaller pools are being DDoS'd by legit traffic that can't be handled without pushpoold and bitcoind patchs, not to mention separate frontends (run on a separate line from the pool itself).

Technically a botnet miner taking your pool offline IS a DDoS.  It is a distributed load that is denying service due to being unable to respond adequately.  Trust me, and Tycho can chime in too (slush likely as well):  If you get targetted by a hostile DDoS like what hit us a few weeks ago, you'll know.  You'll know because most (if not all) of the smaller pools out there are not running on a host that will tolerate the attack and will swiftly nullroute your IP address for 24 hours automatically.

R.I.P. BTC Guild, 2011 - 2015.
BTC Guild Forum Thread
Artefact2
Full Member
***
Offline Offline

Activity: 124


View Profile WWW
July 21, 2011, 05:26:22 PM
 #15

Just to chime in and be "that guy":

While I completely agree and have said the same thing in IRC quite a bit about a lot of the smaller pools crying "DDoS", technically they ARE being DDoS'd.

The difference is, they're not being DDoS'd in a HOSTILE manner (ie: When BTC Guild was being hammered offline for DAYS by hundreds of thousands of computers, maxing out the pipes of all our servers).  The smaller pools are being DDoS'd by legit traffic that can't be handled without pushpoold and bitcoind patchs, not to mention separate frontends (run on a separate line from the pool itself).

Technically a botnet miner taking your pool offline IS a DDoS.  It is a distributed load that is denying service due to being unable to respond adequately.  Trust me, and Tycho can chime in too (slush likely as well):  If you get targetted by a hostile DDoS like what hit us a few weeks ago, you'll know.  You'll know because most (if not all) of the smaller pools out there are not running on a host that will tolerate the attack and will swiftly nullroute your IP address for 24 hours automatically.

This.

A pool-biased blockchain representation, by me: pident (WTFPL)
AnnihilaT
Full Member
***
Offline Offline

Activity: 196



View Profile
July 21, 2011, 09:55:07 PM
 #16

Just to chime in and be "that guy":

While I completely agree and have said the same thing in IRC quite a bit about a lot of the smaller pools crying "DDoS", technically they ARE being DDoS'd.

The difference is, they're not being DDoS'd in a HOSTILE manner (ie: When BTC Guild was being hammered offline for DAYS by hundreds of thousands of computers, maxing out the pipes of all our servers).  The smaller pools are being DDoS'd by legit traffic that can't be handled without pushpoold and bitcoind patchs, not to mention separate frontends (run on a separate line from the pool itself).

Technically a botnet miner taking your pool offline IS a DDoS.  It is a distributed load that is denying service due to being unable to respond adequately.  Trust me, and Tycho can chime in too (slush likely as well):  If you get targetted by a hostile DDoS like what hit us a few weeks ago, you'll know.  You'll know because most (if not all) of the smaller pools out there are not running on a host that will tolerate the attack and will swiftly nullroute your IP address for 24 hours automatically.

+1
gusti
Legendary
*
Offline Offline

Activity: 1102


View Profile
July 21, 2011, 10:34:53 PM
 #17

I would like to see responsible pool operators banning any suspicious botnet activity.
and I will NEVER join any pool that permit and /or endorse such a fraudulent activity. 

If you don't own the private keys, you don't own the coins.
DrHaribo
Legendary
*
Offline Offline

Activity: 1960


Bitminter.com Operator


View Profile WWW
July 22, 2011, 05:29:29 PM
 #18

There are mainly two solutions for this - ban all hosts except trusted (easiest with a whitelist or similar, the "slush way") and/or load balance (btcguild/deepbit/bitlc) to be able to push the huge amount of getworks that botnets requests.

Are you talking about surviving botnets doing normal mining in your pool?  Or are you saying you can out-scale actual DDOS attacks?

Obviously it can help to scale up to mitigate the effects of a DDOS attack, but aren't many of the botnets so large that you can't out-scale them?

▶▶▶ Bitminter.com - Your trusted mining pool since 2011.
eleuthria
Legendary
*
Offline Offline

Activity: 1750


BTC Guild Owner


View Profile WWW
July 23, 2011, 04:30:05 AM
 #19

There are mainly two solutions for this - ban all hosts except trusted (easiest with a whitelist or similar, the "slush way") and/or load balance (btcguild/deepbit/bitlc) to be able to push the huge amount of getworks that botnets requests.

Are you talking about surviving botnets doing normal mining in your pool?  Or are you saying you can out-scale actual DDOS attacks?

Obviously it can help to scale up to mitigate the effects of a DDOS attack, but aren't many of the botnets so large that you can't out-scale them?


Jine's points aren't about stopping a DDoS (whitelisting won't work AT ALL and load balancing will only work if you have big enough pipes and enough entry points to distribute the load without failure).  His points are how the larger pools have been able to handle the load of the large scale CPU miners (some of which are botnets, some of which are not).

R.I.P. BTC Guild, 2011 - 2015.
BTC Guild Forum Thread
NetTecture
Full Member
***
Offline Offline

Activity: 140


View Profile
July 23, 2011, 05:59:31 AM
 #20

Yes. The argument is that quite a lot of the "DDOS" is just "someone large wants to use us as a pool".

For example Vladimir - he is offering 50 to 100 gigahash for pools.

Imagine he has no customer.

Imagine a smaller pool offers PPS + some small percentage.

Imagine he decides to give that a try (being better than pure PPS).

Imagine a small low cost VPS run from a clueless admin normally dealing with 20gigahash suddenly having 120 giga and just falling down.

No DDOS - just a large player moving.

This was the argument. That many of the experienced DDOS are just normal usage in a degree the pool is not prepared and able to handle.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!