Static IP and network defense

[2tights]

I know the main concern for attack is a DDOS attack. I have a static IPV4 address for my home network. I'm concerned that if my IP ends up on a malicious user's, or bitcoin hater's, shit-list that I may become a target. I am confident in securing my network, but I'd like to hear what network appliances people are using to protect their mining operations.

[Kenshin]

If you have a good firewall then it should drop the DDOS.

[cp1]

My new router has a checkbox that says "Enable DDOS protection".  No idea if it works well.  I'm sure Cisco could sell you something, but I don't think you'd like the prices.  There's got to be something you can install in a linux box.

[Hax8]

It is really difficult to counter a DDoS. Protection built in to the router/firewall just drops the rogue packets without replying but there is no way the router can stop all that traffic from still traversing the pipe and hitting your router/firewall.

You can either:
- Have more bandwidth than the attackers which will still allow your legitimate traffic. With amplification attacks, this is very costly!
- Have your ISP block the traffic further upstream leaving your pipe free.
- Use one of the companies that provide this service which normally means you use them as a proxy hiding your true IP.
- Setup your own proxies in hosted datacentre's and hide behind those.

That is all I can think of at the moment.

If the mining setup is in your home/office, I would just pull in another internet pipe. Preferably with a different ISP and switch to that when required. Or just use a dedicated line for the miners minimising exposure of your IP to third parties.

[cp1]

You could always tell your ISP you're being attacked and maybe get a new IP assigned?  Or go through a VPN for $10 a month for all your traffic.

[mitty]

You could mine or tor or use some sort of proxy service/VPN to hide your IP.