Bitcoin Forum
December 03, 2016, 11:36:46 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Mass DDOS part 2  (Read 5782 times)
eleuthria
Legendary
*
Offline Offline

Activity: 1750


BTC Guild Owner


View Profile WWW
October 19, 2011, 07:21:47 PM
 #21

Copied from my post on Slush's thread, relevant to this topic:

Better yet, everybody should hop to a small pool.  Everybody jumping to BTC Guild ends up screwing over our regular users.  I've been removing servers from our clusters the last month due to shrinking speeds/profits.  We cannot handle 2+ TH/sec like we used to, because it isn't worth keeping up the hardware at this time.  That's why I'm looking at cancelling signups (private pool) or a major payout structure change:  Get the botnets off and keep our regular users with a stable pool.

So please:  If you mine on Slush, Deepbit, or BTC Guild, set your backup to a SMALL pool.  Not only is it more reliable (the major pool outages are often related), but it avoids putting unexpected heavier load on an already large pool.  And of course it's safer for the network to have the hash split between a larger number of nodes.

R.I.P. BTC Guild, 2011 - 2015.
BTC Guild Forum Thread
1480765006
Hero Member
*
Offline Offline

Posts: 1480765006

View Profile Personal Message (Offline)

Ignore
1480765006
Reply with quote  #2

1480765006
Report to moderator
1480765006
Hero Member
*
Offline Offline

Posts: 1480765006

View Profile Personal Message (Offline)

Ignore
1480765006
Reply with quote  #2

1480765006
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480765006
Hero Member
*
Offline Offline

Posts: 1480765006

View Profile Personal Message (Offline)

Ignore
1480765006
Reply with quote  #2

1480765006
Report to moderator
SolidBitShop
Member
**
Offline Offline

Activity: 70



View Profile
October 19, 2011, 07:30:21 PM
 #22

Hmm that is all strange with that pools hope it will resolv quickly.

As for me coinotron.com is working just fine and gaining power, no ddos attempt so far.
Mageant
Legendary
*
Online Online

Activity: 1079



View Profile WWW
October 19, 2011, 07:38:53 PM
 #23

I thought DDOS attacks were "only because of the upcoming hashrate change deadline"?
So what's the explanation now?
Unless it really is the banking interests.

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
Brian DeLoach
VIP
Full Member
*
Offline Offline

Activity: 158


View Profile
October 19, 2011, 07:43:49 PM
 #24

I thought DDOS attacks were "only because of the upcoming hashrate change deadline"?
So what's the explanation now?
Unless it really is the banking interests.

Silly talk. I've never heard anyone say DDOS attacks only occur close to a re-target. If the goal was to lower difficulty it doesn't make a difference when to bring down the hashrate, only that you take it down for a significant amount of time. Not even going to touch the "banking interests" line.

Quote from: Matthew N. Wright
I use the blockchain to power my rotating love bed.
Mageant
Legendary
*
Online Online

Activity: 1079



View Profile WWW
October 19, 2011, 07:45:14 PM
 #25

I thought DDOS attacks were "only because of the upcoming hashrate change deadline"?
So what's the explanation now?
Unless it really is the banking interests.

Silly talk. I've never heard anyone say DDOS attacks only occur close to a re-target. If the goal was to lower difficulty it doesn't make a difference when to bring down the hashrate, only that you take it down for a significant amount of time. Not even going to touch the "banking interests" line.

I read about 4 posts on these forums saying this last week.

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
October 19, 2011, 07:56:23 PM
 #26

The raptors are testing the fences.

Mageant
Legendary
*
Online Online

Activity: 1079



View Profile WWW
October 19, 2011, 07:59:58 PM
 #27

I thought DDOS attacks were "only because of the upcoming hashrate change deadline"?
So what's the explanation now?
Unless it really is the banking interests.

Silly talk. I've never heard anyone say DDOS attacks only occur close to a re-target. If the goal was to lower difficulty it doesn't make a difference when to bring down the hashrate, only that you take it down for a significant amount of time. Not even going to touch the "banking interests" line.

I read about 4 posts on these forums saying this last week.

What's the big mystery?

The raptors are testing the fences. Grow up.

It's no big mystery to me.
I'm just taunting the shills. Smiley

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
October 19, 2011, 08:15:01 PM
 #28

I thought DDOS attacks were "only because of the upcoming hashrate change deadline"?
So what's the explanation now?
Unless it really is the banking interests.

Silly talk. I've never heard anyone say DDOS attacks only occur close to a re-target. If the goal was to lower difficulty it doesn't make a difference when to bring down the hashrate, only that you take it down for a significant amount of time. Not even going to touch the "banking interests" line.

I read about 4 posts on these forums saying this last week.

What's the big mystery?

The raptors are testing the fences. Grow up.

It's no big mystery to me.
I'm just taunting the shills. Smiley


Last change 149184 14/10/2011 01:44 1'468'844.65 x0.89
Last 120 149797-149917 19/10/2011 19:13 1'345'917.52 x0.92
Last 10 149907-149917 19/10/2011 19:13 839'020.17 x0.57
Next 151200 29/10/2011 12:35 1'330'841.97 x0.91

  The current estimate for Next change is 2 days sooner than it was 34~ hours ago.. An attack lasting any significant time will push that out past the current 10/29. With the already expected drop average of about 200k it would put it at about 17~ days. To repeat, we are currently ahead of that.(likely thanks to some awesome luck at some pools).(And possibly bots successfully solving a few before they broke everything over the past few days). Those shills be dumb..  

  And I noticed someone posted about an attack for the purpose of shifting the time to retarget, stating it would not matter 'when'. This is not entirely true. The 'length' of attack is certainly the heaviest weight in the formula but the 'when' matters also. Crunch the math of an attack dropping 40% of the global hash rate out during the first 500 blocks after retarget and then again on an attack that did the same for the last 500 blocks... In my head it would seem the earlier attack would have the bigger impact on time to next retarget.. My head is old and fuzzy though, so without giving a shit to punch in the numbers it is highly likely I am delusional...

  An ideal attack would be to push the Dif back up as much as possible right before a retarget and then drop the added hash out. This would have the immediate impact of making the first few days of blocks after retarget take unusually long to solve. Variance aside, of course.

  Cheers, Shill Poker, Mageant

TL;DR Rabble Rabble, I like cheese!    Cheesy

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
rotrott
Jr. Member
*
Offline Offline

Activity: 47



View Profile
October 19, 2011, 08:37:44 PM
 #29

Why don't the botnet operators simply run their own pool server?

Or maybe they are already and they're trying to run everyone else off so their pool can take more of the pie.
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
October 19, 2011, 08:41:52 PM
 #30

Why don't the botnet operators simply run their own pool server?

  Probably because that would require actual work to code and pay for hosting for servers that could handle all the connections. And, it would not allow them to force their agenda on everyone.....


  Edit;  The pie doesn't work that way. Each solution has a chance to be a correct block. Best case scenario they chase off all the lazies and 'EVENTUALLY', very slowly and painfully the difficulty will drop a bit more than it would be otherwise in the long run.. It really only delays the time to retarget if sustained long enough. It wouldn't take more than a few brain cells put to the profibilaty calculations of such a prospect to see they would just extend the 'time to profitability' at what their target difficulty would be to be profitable. If they of course were thinking that. I highly doubt it and am certain their agenda is much more obvious...

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
October 19, 2011, 08:48:32 PM
 #31

Ironically, botnet operators can not easily switch their nodes to solo mining. Even if UPnP is employed for firewall piercing, many users will likely notice 12 hours of disk activity as their node catches up to the block-chain.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
October 19, 2011, 09:04:40 PM
 #32

Ironicly, botnet operators can not easily switch their nodes to solo mining. Even if UPnP is employed for firewall piercing, many users will likely notice 12 hours of disk activity as their node catches up to the block-chain.


 Oh yea, on that note, so will the zombie's internet providers. Atleast if they are with ATT.. I received an interesting email from ATT;


  IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected

Our investigation shows that the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network which is possibly a Botnet.

Date: (UTC) => Your IP:
2011-10-18 04:45:24 => My Business T1 IP
2011-10-17 04:23:13 => My Business T1 IP
2011-10-16 02:47:36 => My Business T1 IP


IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.


IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.

Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to:  http://www.corp.att.com/aup/


   It was certainly news to me that they had a 'policy' against connecting to IRC servers on non default ports.  The times they reference are in direct correlation to my firing up the Bitcoin Client.. ;p
  I made sure to contact them on it none the less, because they do have a history of disabling accounts if they truely do suspect one of being 'zombiefied'.  I did not mention Bitcoin or anything but basicly told them that unless they had something in their policy about what remote IRC ports I am allowed to connect to, to please not send me further messages about it. I'm an asshole when it comes to them people. I pay for a home connection and 2 businesses worth of internet and phone servicve with them. Total about 4 grand a month, so they can kiss my shiny, white ass....

  But, it does make me wonder if they have jumped on the security bandwagon that has it in mind to flag Bitcoin related communications as infectious transmissions...?  And, will they decide to block it? They certainly are more than capable with their NAT setup to do so....  The next release of Bitcoin will have to include a built in http proxy just to fuggin work if something like that were to happen. Something to think about.

   And, also something for you agenda pushing Botnet fuckers to think about. I will be extremely pissed if because of your agenda you get 'Bitcoin' traffic in general banned..... Or is that your true goal!?!? hmmm *tinfoil hat feels warm*

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Shevek
Sr. Member
****
Offline Offline

Activity: 252



View Profile
October 19, 2011, 09:08:00 PM
 #33

We cannot handle 2+ TH/sec like we used to, because it isn't worth keeping up the hardware at this time.  That's why I'm looking at cancelling signups (private pool) or a major payout structure change:  Get the botnets off and keep our regular users with a stable pool.

I have an idea that could help: instead of accepting bare shares, pools may accept shares over a given small difficulty; say 4, 8, 16... of course accepted shares should count up as 4, 8, 16... "normal" shares. This countermeasure should get down the legal flood and make easier to identify the DDoS flow.

I don't know how much miner software should be amended to avoid alarming high rates of states if such solution is implemented.

Proposals for improving bitcoin are like asses: everybody has one
1SheveKuPHpzpLqSvPSavik9wnC51voBa
eleuthria
Legendary
*
Offline Offline

Activity: 1750


BTC Guild Owner


View Profile WWW
October 19, 2011, 09:28:14 PM
 #34

We cannot handle 2+ TH/sec like we used to, because it isn't worth keeping up the hardware at this time.  That's why I'm looking at cancelling signups (private pool) or a major payout structure change:  Get the botnets off and keep our regular users with a stable pool.

I have an idea that could help: instead of accepting bare shares, pools may accept shares over a given small difficulty; say 4, 8, 16... of course accepted shares should count up as 4, 8, 16... "normal" shares. This countermeasure should get down the legal flood and make easier to identify the DDoS flow.

I don't know how much miner software should be amended to avoid alarming high rates of states if such solution is implemented.

Changing difficulty won't affect pool traffic as much as people think.  Your miner will ask for work exactly as often as it already does.  It simply will submit fewer shares.  The vast majority of pool traffic is obtaining new work, not submitting shares.

The biggest issue of pool overhead is in longpoll connection handling.  When you have large numbers of active connections, things start to randomly slow down.

R.I.P. BTC Guild, 2011 - 2015.
BTC Guild Forum Thread
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
October 19, 2011, 10:43:20 PM
 #35

MtGox was hit with ~11Gbps of ddos.

Peak Bits Per Second: 11.67 Gbps
Attack Types: UDP Flood, UDP Fragment
Event Time Start: Oct 19, 2011 15:00:00 UTC

No downtime to report.

322i0n
Full Member
***
Offline Offline

Activity: 196


View Profile WWW
October 19, 2011, 10:59:53 PM
 #36

it would've great to get one of these hooked up https://en.bitcoin.it/wiki/P2Pool

Supporting The Global Insurrection Against Banker Occupation
BTC: 1C1w6t1dMkEXeCntURxDiBiWsTbdJbvTr9
NMC: N6uNpVPAdpTur4Hwr8Sqgd6kxcKPto4S2T
2112
Legendary
*
Offline Offline

Activity: 1708



View Profile
October 19, 2011, 11:09:14 PM
 #37

No downtime to report.
Are you allowed to report how much you pay per month to Barret Lyon and his friends?

Edit: Oh, noes, it looks like Barret had sold Prolexic.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
October 19, 2011, 11:10:27 PM
 #38

MtGox was hit with ~11Gbps of ddos.

Peak Bits Per Second: 11.67 Gbps
Attack Types: UDP Flood, UDP Fragment
Event Time Start: Oct 19, 2011 15:00:00 UTC

No downtime to report.

 Upstream side UDP filter ftw? Or you got mad moxy on your side?


 

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
October 19, 2011, 11:15:34 PM
 #39

MtGox was hit with ~11Gbps of ddos.

Peak Bits Per Second: 11.67 Gbps
Attack Types: UDP Flood, UDP Fragment
Event Time Start: Oct 19, 2011 15:00:00 UTC

No downtime to report.

 Upstream side UDP filter ftw? Or you got mad moxy on your side?

All connections are going through prolexic, which protects us from ddos attacks. It's expensive, but considering the loss (in trade fee revenue and image) generated by the website going down, it's worth it.

BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 19, 2011, 11:19:07 PM
 #40


Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!