How mining pools protect themselves from DDOS attacks ?

[paid2]

I wonder how pool operators are protecting their statums addresses from DDOS attacks
I cannot find an answer on google about protecting stratum addresses from DDOS
What am I missing ? I mean they can't just manualy ban the IPs addresses which are slowing down the pool. I imagine it could give a lot of work to pool OPs no ?

Sorry for the newbie question, but as I know that some pool operator are present here, I hope that I will find a proper answer

[1715444361]

1715444361

[1715444361]

1715444361

[ABCbits]

Few provider such as F2Pool use CloudFlare as DDoS protection. You can verify this using traceroute command.

Code:

$ sudo traceroute -T -p 3333 btc.f2pool.com
traceroute to btc.f2pool.com (172.65.217.174), 30 hops max, 60 byte packets
...
 3  ae-0.cloudflare.atlnga05.us.bb.gin.ntt.net (128.241.219.58)  16.827 ms  16.813 ms  16.786 ms
...

Take note IP/port is taken from F2Pool website[1] and it looks like gin.ntt.net seems to be owned by CloudFlare based on traceroute shared by other people[2-3].

[1] https://www.f2pool.com/#btc
[2] https://community.cloudflare.com/t/tracert-from-hong-kong-gets-routed-to-singapore/49413
[3] https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=236223

[paid2]

Few provider such as F2Pool use CloudFlare as DDoS protection. You can verify this using traceroute command.

Code:

$ sudo traceroute -T -p 3333 btc.f2pool.com
traceroute to btc.f2pool.com (172.65.217.174), 30 hops max, 60 byte packets
...
 3  ae-0.cloudflare.atlnga05.us.bb.gin.ntt.net (128.241.219.58)  16.827 ms  16.813 ms  16.786 ms
...

Take note IP/port is taken from F2Pool website[1] and it looks like gin.ntt.net seems to be owned by CloudFlare based on traceroute shared by other people[2-3].

[1] https://www.f2pool.com/#btc
[2] https://community.cloudflare.com/t/tracert-from-hong-kong-gets-routed-to-singapore/49413
[3] https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=236223

Thank you so much ! Helping a lot !

[DaveF]

I wonder how pool operators are protecting their statums addresses from DDOS attacks
I cannot find an answer on google about protecting stratum addresses from DDOS
What am I missing ? I mean they can't just manualy ban the IPs addresses which are slowing down the pool. I imagine it could give a lot of work to pool OPs no ?

Sorry for the newbie question, but as I know that some pool operator are present here, I hope that I will find a proper answer

Also, it's not a manual ban it's automatic, even going back a decade to NOMP https://github.com/zone117x/node-open-mining-portal#attack-mitigation it had automatic banning of IPs that were causing problems. It can also be a combination using something like cloudflare as discussed above to take care of the 1st layer of attacks then something internally to filter out the rest.

-Dave

[kano]

Good server providers have hardware DDoS protection coz they have datacentres full of servers and really don't want someone to cause problems for all their clients.

[paid2]

Thank you for the information, it gives me good starting points to explore on this subject!

I was convinced that it was special services for mining. I imagined that all the shares submitted by the ASICs could have been considered as DDOS, and could have been unnecessarily blocked by the "typical" protection services.

I made something that's rather simple much too complex haha 

[promojo]

I wonder how pool operators are protecting their statums addresses from DDOS attacks
I cannot find an answer on google about protecting stratum addresses from DDOS
What am I missing ? I mean they can't just manualy ban the IPs addresses which are slowing down the pool. I imagine it could give a lot of work to pool OPs no ?

Sorry for the newbie question, but as I know that some pool operator are present here, I hope that I will find a proper answer

VIP/dedicated stratum nodes/servers for specific clients.