Jine (OP)
|
|
July 21, 2011, 01:25:06 AM |
|
Hi!
I just wanted to please tell all my fellow pool op's stop saying that xxx pool is under attack by a "DDoS". The only pools that I really know of that have been attacked from a botnet are ours, deepbit and btcguild. (Those attacks have completely make the site and pool inaccessible due to the HUGE amount of traffic)
A Distributed Denial of Service attack is usually based on weaknesses of the system (getting huge amounts of getworks and draining bandwidth in the purpose of making the pool inaccessible) or just a HTTP-request attack against the website or similar. The whole purpose of a attack is to make the pool and/or website completely inaccessable, not slowing it down or "just" creating issues with the poolserver.
Someone pointing a botnet to mine at your pool does NOT make it a DDoS - it's just someone that wants to make bitcoins. It may make your bitcoind stall, but it's not an DDoS "ATTACK". I've seen a couple of pools with < 400Gh claiming to be "attacked" by a DDoS - the real story is that it's just your system (mainly bitcoind) that can't handle the amount of connections from a botnet(!)
There are mainly two solutions for this - ban all hosts except trusted (easiest with a whitelist or similar, the "slush way") and/or load balance (btcguild/deepbit/bitlc) to be able to push the huge amount of getworks that botnets requests.
We got a pretty advanced setup with multiple PATCHED bitcoind/pushpoold running behind a load balancer - currently I'm seeing ~60k states in the load balancer (of those are around 40-50k established connections against the nodes - both LP and keep-alive connections against pushpoold.) I'm taking questions in this thread regarding protections and methods to be able to handle such a load - feel free to ask.
So guys, please stop saying that you're under "attack" when it's just a "fellow miner" that aiming a large cluster/botnet against your pool. Instead - solve the problem and make everyone happy.
|
Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
|
|
|
|
|
|
|
|
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
July 21, 2011, 01:32:25 AM |
|
you mean your pool welcomes botnet mining ?
|
If you don't own the private keys, you don't own the coins.
|
|
|
Jine (OP)
|
|
July 21, 2011, 01:43:49 AM |
|
If the "botnet" is legit, not using a proxy, go head. I have a bunch of large clusters mining against us without any issues.
I cannot guarantee that it will scale for ever, but for now it seems really stable.
|
Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
|
|
|
error
|
|
July 21, 2011, 01:54:01 AM |
|
So slush was never DDoSed, you say?
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
July 21, 2011, 01:55:03 AM |
|
botnets are never legit, because they come from stealing resources http://en.wikipedia.org/wiki/Botnet
|
If you don't own the private keys, you don't own the coins.
|
|
|
V2-V3
|
|
July 21, 2011, 01:58:40 AM Last edit: July 21, 2011, 02:24:38 AM by V2-V3 |
|
No "DDoS" Here For the past two weeks BitClockers mining pool has been under an "Attack" by a very large botnet and over the weekend several more large botnets have joined in flooding our servers with get work requests on the order of thousands of requests every second and never returning any work. This severely drains the resources of the server and adds nothing to the hashing power of the pool. It is effecting the quality of service to our users and drains much of the time from the pool operator. Currently the bulk of man hours is spent defending the pool from the ongoing attack. We would rather be spending time on building up the pool and adding features
|
|
|
|
MiningBuddy
|
|
July 21, 2011, 02:09:43 AM |
|
I like how OP supports botnets but bans pool hoppers
|
|
|
|
error
|
|
July 21, 2011, 02:15:17 AM |
|
I have to wonder at why you'd want to make botnet operators happy.
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
SmokeAndMirrors
|
|
July 21, 2011, 12:22:46 PM |
|
so that he can find blocks faster -> make more btc for himself.
|
Help Bitcoins by buying clothes, technology, books, etc. through people/stores that accept BTC. This will increase overall value of BTC as well as mitigate unnecessary bank transaction fees.
My address - 1EM9HGg1SEa5Bux1rVEPxGqGSfNTTc9EkC
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
July 21, 2011, 02:12:57 PM |
|
My pool was DDoSed many times (classic SYN flood attacks). I don't think milions of connection requests per second can be considered as action of "fellow miners" .
|
|
|
|
phorensic
|
|
July 21, 2011, 03:54:51 PM |
|
Jine, you are spot on in your OP. We are patched for a large number of connections and today should be a good test for us.
|
|
|
|
AnnihilaT
|
|
July 21, 2011, 04:04:19 PM |
|
This is exactly what i have suspected for a long time. Technically your explanation is not 100% spot on but the general idea of what you are saying is indeed correct. This has been annoying me as well. Thanks for finally pointing out the elephant in the room
|
|
|
|
Jine (OP)
|
|
July 21, 2011, 04:42:09 PM |
|
I like how OP supports botnets but bans pool hoppers I like how your spreading bullshit *not* I do not ban anyone, not even botnets - if they don't abuse nor affect the system in a bad way. I have banned a few hopping-pools due to they don't get load balanced and makes nodes hang with the huge amount of connections. (This is due we're using sticky connections based on source ip-hash) But yeah, keep thinking that
|
Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
|
|
|
eleuthria
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
July 21, 2011, 05:16:12 PM |
|
Just to chime in and be "that guy":
While I completely agree and have said the same thing in IRC quite a bit about a lot of the smaller pools crying "DDoS", technically they ARE being DDoS'd.
The difference is, they're not being DDoS'd in a HOSTILE manner (ie: When BTC Guild was being hammered offline for DAYS by hundreds of thousands of computers, maxing out the pipes of all our servers). The smaller pools are being DDoS'd by legit traffic that can't be handled without pushpoold and bitcoind patchs, not to mention separate frontends (run on a separate line from the pool itself).
Technically a botnet miner taking your pool offline IS a DDoS. It is a distributed load that is denying service due to being unable to respond adequately. Trust me, and Tycho can chime in too (slush likely as well): If you get targetted by a hostile DDoS like what hit us a few weeks ago, you'll know. You'll know because most (if not all) of the smaller pools out there are not running on a host that will tolerate the attack and will swiftly nullroute your IP address for 24 hours automatically.
|
RIP BTC Guild, April 2011 - June 2015
|
|
|
Artefact2
|
|
July 21, 2011, 05:26:22 PM |
|
Just to chime in and be "that guy":
While I completely agree and have said the same thing in IRC quite a bit about a lot of the smaller pools crying "DDoS", technically they ARE being DDoS'd.
The difference is, they're not being DDoS'd in a HOSTILE manner (ie: When BTC Guild was being hammered offline for DAYS by hundreds of thousands of computers, maxing out the pipes of all our servers). The smaller pools are being DDoS'd by legit traffic that can't be handled without pushpoold and bitcoind patchs, not to mention separate frontends (run on a separate line from the pool itself).
Technically a botnet miner taking your pool offline IS a DDoS. It is a distributed load that is denying service due to being unable to respond adequately. Trust me, and Tycho can chime in too (slush likely as well): If you get targetted by a hostile DDoS like what hit us a few weeks ago, you'll know. You'll know because most (if not all) of the smaller pools out there are not running on a host that will tolerate the attack and will swiftly nullroute your IP address for 24 hours automatically.
This.
|
A pool-biased blockchain representation, by me: pident (WTFPL)
|
|
|
AnnihilaT
|
|
July 21, 2011, 09:55:07 PM |
|
Just to chime in and be "that guy":
While I completely agree and have said the same thing in IRC quite a bit about a lot of the smaller pools crying "DDoS", technically they ARE being DDoS'd.
The difference is, they're not being DDoS'd in a HOSTILE manner (ie: When BTC Guild was being hammered offline for DAYS by hundreds of thousands of computers, maxing out the pipes of all our servers). The smaller pools are being DDoS'd by legit traffic that can't be handled without pushpoold and bitcoind patchs, not to mention separate frontends (run on a separate line from the pool itself).
Technically a botnet miner taking your pool offline IS a DDoS. It is a distributed load that is denying service due to being unable to respond adequately. Trust me, and Tycho can chime in too (slush likely as well): If you get targetted by a hostile DDoS like what hit us a few weeks ago, you'll know. You'll know because most (if not all) of the smaller pools out there are not running on a host that will tolerate the attack and will swiftly nullroute your IP address for 24 hours automatically.
+1
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
July 21, 2011, 10:34:53 PM |
|
I would like to see responsible pool operators banning any suspicious botnet activity. and I will NEVER join any pool that permit and /or endorse such a fraudulent activity.
|
If you don't own the private keys, you don't own the coins.
|
|
|
DrHaribo
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
July 22, 2011, 05:29:29 PM |
|
There are mainly two solutions for this - ban all hosts except trusted (easiest with a whitelist or similar, the "slush way") and/or load balance (btcguild/deepbit/bitlc) to be able to push the huge amount of getworks that botnets requests.
Are you talking about surviving botnets doing normal mining in your pool? Or are you saying you can out-scale actual DDOS attacks? Obviously it can help to scale up to mitigate the effects of a DDOS attack, but aren't many of the botnets so large that you can't out-scale them?
|
|
|
|
eleuthria
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
July 23, 2011, 04:30:05 AM |
|
There are mainly two solutions for this - ban all hosts except trusted (easiest with a whitelist or similar, the "slush way") and/or load balance (btcguild/deepbit/bitlc) to be able to push the huge amount of getworks that botnets requests.
Are you talking about surviving botnets doing normal mining in your pool? Or are you saying you can out-scale actual DDOS attacks? Obviously it can help to scale up to mitigate the effects of a DDOS attack, but aren't many of the botnets so large that you can't out-scale them? Jine's points aren't about stopping a DDoS (whitelisting won't work AT ALL and load balancing will only work if you have big enough pipes and enough entry points to distribute the load without failure). His points are how the larger pools have been able to handle the load of the large scale CPU miners (some of which are botnets, some of which are not).
|
RIP BTC Guild, April 2011 - June 2015
|
|
|
NetTecture
|
|
July 23, 2011, 05:59:31 AM |
|
Yes. The argument is that quite a lot of the "DDOS" is just "someone large wants to use us as a pool".
For example Vladimir - he is offering 50 to 100 gigahash for pools.
Imagine he has no customer.
Imagine a smaller pool offers PPS + some small percentage.
Imagine he decides to give that a try (being better than pure PPS).
Imagine a small low cost VPS run from a clueless admin normally dealing with 20gigahash suddenly having 120 giga and just falling down.
No DDOS - just a large player moving.
This was the argument. That many of the experienced DDOS are just normal usage in a degree the pool is not prepared and able to handle.
|
|
|
|
|