MtGox - too many connections

[coined]

did the market just outgrow our little community very very quickly?

a simple DDoS and 95% of bitcoin trades freeze, it is a good way to drive prices down, investors will see our amateur level operations and wait a while 

maybe its the wake up call we need. were not ready for the world to join in yet.

[1714770425]

1714770425

[bitcoinex]

did the market just outgrow our little community very very quickly?

a simple DDoS and 95% of bitcoin trades freeze, it is a good way to drive prices down, investors will see our amateur level operations and wait a while  

maybe its the wake up call we need. were not ready for the world to join in yet.

99.9% really

decentralized Bitcoin are highly centralized to mtgox!11

[Steve]

MtGox' version of trading curbs 

[fbit]

=( just took an evening off to play around with the API and get a trading bot started. Now I got some basic functionalty done and the page goes down.

[eleuthria]

I was implementing a BitCoin currency on my store using the MtGox API as it went down as well.  Was getting nice results too, was about to work on the final checkout page .  Guess it'll have to wait for a May 1st update.  At least people can still use US$ .

[Ulysses]

Most likely it's not a dos, mtgox was featured on hacker news frontpage.

[The Script]

I'm sure magical tux is working on it, so this is me subscribing to the thread so I get notified as things progress.

[qed]

Most likely it's not a dos, mtgox was featured on hacker news frontpage.

Source?

[bitcoinBull]

MagicalTux is on #bitcoin-otc discussing the DDoS right now:

[21:08] <+MagicalTux> in 0.05 seconds, I'm getting 313 connection attempts
[21:09] <+MagicalTux> that's ~6200 connections/second
[21:10] <+MagicalTux> I'll be storing bits of flood from tcpdump, and blocking those

http://webchat.freenode.net/?channels=#bitcoin-otc

[MagicalTux]

Reporting here! What I got so far:

Getting ~6000 SYN/sec (standing at ~1.7MB/s) from various sources, mainly vietnam. Those are attempts to connect on port 443 to "poke" various urls, including / and /users/login.

There are different patterns, suggesting either there are various version of the "drones" out there trying to attack mtgox, or that different people are attacking.

The attacks seems specifically targetted at mtgox (use of the login url, for example), and contain a vast majority of russian bits (use of random russian referers, use of russian user agents, etc).


The strategy:

I'm trying to get some patterns out there I can block out from the server. Traffic load is still lower than server uplink, which should allow to block that without too much troubles. The first thing I'll be doing is to block the ips I've recorded so far, and write a little C program with libpcap to analyze the network traffic and block ips that seem obviously doing something bad. I'll also reduce the max open tcp connections per ip to limit the load caused by a single IP.

[bitcoinBull]

Most likely it's not a dos, mtgox was featured on hacker news frontpage.

Source?

Bitcoin hits US$ 4, after being mentioned on CNN yesterday (mtgox.com)
http://news.ycombinator.com/item?id=2501006

Bitcoin exchange account of Coinpal shut down by Paypal (bitcoin.org)
http://news.ycombinator.com/item?id=2501793

[qed]

Most likely it's not a dos, mtgox was featured on hacker news frontpage.

Source?

Bitcoin hits US$ 4, after being mentioned on CNN yesterday (mtgox.com)
http://news.ycombinator.com/item?id=2501006

Bitcoin exchange account of Coinpal shut down by Paypal (bitcoin.org)
http://news.ycombinator.com/item?id=2501793

I miss the connection, how is hacker news related with any hackers crew?

[bitcoinBull]

Most likely it's not a dos, mtgox was featured on hacker news frontpage.

Source?

Bitcoin hits US$ 4, after being mentioned on CNN yesterday (mtgox.com)
http://news.ycombinator.com/item?id=2501006

Bitcoin exchange account of Coinpal shut down by Paypal (bitcoin.org)
http://news.ycombinator.com/item?id=2501793

I miss the connection, how is hacker news related with any hackers crew?

Its not.  But HN is a high-profile site which can drive large traffic.  However, the HN traffic still would not be enough to cause the MtGox outage.  As MagicalTux explained above, apart from legitimate traffic, they are under a DDoS attack.

[cypherdoc]

for us non hackers, is it possible to sustain a DDoS attack indefinitely and if so can mtgox restore functionality?

[eof]

for us non hackers, is it possible to sustain a DDoS attack indefinitely and if so can mtgox restore functionality?

in theory; but he will likely be able to find patterns in the traffic and/or block the right IPs to restore functionality.  depends on how smart a ddos and how much resources they have

[cypherdoc]

for us non hackers, is it possible to sustain a DDoS attack indefinitely and if so can mtgox restore functionality?

in theory; but he will likely be able to find patterns in the traffic and/or block the right IPs to restore functionality.  depends on how smart a ddos and how much resources they have

has a gov't ever launched a DDoS?

[mewantsbitcoins]

MagicalTux, if we mirrored your site, maybe you could do some load balancing?

[bitcoinex]

The attacks seems specifically targetted at mtgox (use of the login url, for example), and contain a vast majority of russian bits (use of random russian referers, use of russian user agents, etc).

And now I understand you

[qed]

for us non hackers, is it possible to sustain a DDoS attack indefinitely and if so can mtgox restore functionality?

Nope.

[bitcoinex]

for us non hackers, is it possible to sustain a DDoS attack indefinitely and if so can mtgox restore functionality?

Nope.

An ddos could be a cover for a hack.