The TRUTH about Darkcoin: ZERO Anonymity, EASY DOS attacks, & Amateur code base!

[superresistant]

When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

That's true.

[flipme]

When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

That's true.

Not quite, it only applies if the machine runs a DNS server.
Do Masternodes run BIND or something?

[Longenecker]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

Exactly this.

[flipme]

Especially if coming from somebody promoting or owning the website mymonero.com.
Why don't you just blow it off the table, if its so easy?
Or ask BCX to do it, he seems to be open for good and easy fun.

[flipme]

But its an interesting point.
Hosting masternodes has to be on a level.

I'd suggest to move it into the IP6 address space completely and provide any amount of failover IPs for such scenarios.
Many datacenters offer that already, even in the IP4 space.

[Crestington]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

Exactly this.

I have read little things here and there about DarkCoin not actually being anonymous because you have to create anonymity on the protocol level. Monero/Cryptonote has good anonymity because it splits up all of your blocks over different people when you send the transaction but the drawback to this is that it creates more data on the Blockchain. In DarkCoins case, the mixing nodes would present more of a risk since a script could be run in order to link transactions, plus the nodes can be taken offline and disrupt the network.

[oblox]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

Exactly this.

I have read little things here and there about DarkCoin not actually being anonymous because you have to create anonymity on the protocol level. Monero/Cryptonote has good anonymity because it splits up all of your blocks over different people when you send the transaction but the drawback to this is that it creates more data on the Blockchain. In DarkCoins case, the mixing nodes would present more of a risk since a script could be run in order to link transactions, plus the nodes can be taken offline and disrupt the network.

Anonymity through obscurity. Unless you can actually prove without a reasonable doubt that Address A paid Address Z with a factor of 3^8 pathways, by all means, knock yourself out. The masternodes used per round are random and only know their inputs and outputs. You would need control over all the masternodes in the chain used (however many rounds the user specifies) to be able to knowingly link A to Z.

[oblox]

Anonymity through obscurity. Unless you can actually prove without a reasonable doubt that Address A paid Address Z with a factor of 3^8 pathways, by all means, knock yourself out. The masternodes used per round are random and only know their inputs and outputs. You would need control over all the masternodes in the chain used (however many rounds the user specifies) to be able to knowingly link A to Z.

At this point it doesnt matter that Anonymity in Darkcoin works or not because its over a clay base of masternodes.

Right, the most logical of counter-arguments. That "clay base" you speak of has substantial capital behind it. I'd take this "clay base" over a straw house any day of the week.

[coingun]

I won't even speak at the fud in this thread. I think pointing people to this post made in our most recent testing session might help shed some light on the ds+ process.

https://darkcointalk.org/threads/instantx-testing-v10-17.3083/page-36#post-32290

This is only the first 3 rounds

This might help if you can't follow that post. It is Evan's talk from a recent crypto conference.

https://www.youtube.com/watch?v=4Y9wO9v2nMw

[toknormal]

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate.

This is actually a far better problem for an anonymity coin to have than a protocol weakness.

The criticism above is fair enough as far as network serviceability goes, but if it doesn't have any impact on the anonymity of historical transactions in the blockchain and they remain safe, then the job is more or less done.

All networks are subject to DOS attacks, whatever their nature. It's not a significant criticism of an anon-coin to say that it may be exposed to DOS attacks - who cares as long as the blockchain's safe ? Websites get DOS'd, eMail gets DOS'd, everything gets DOS'd. You just mitigate it, setup nodes elsewhere and carry on. The technology and the whole approach evolve to become progressively more optimal and resistant to serviceability attacks.

On the other hand, networks that rely on purely protocol based anonymisation are a ticking time bomb because if a crack emerges then you've got a potential can opener for the whole blockchain's worth of historical data.

That's why I think Darkcoin's got the right approach. If I want to make an anonymous transaction today, I don't give a sh*t about whether it can be DOS attacked tomorrow. But I DO care about my historical transaction staying anonymous.

The other blatant flaw in the "it's vulnerable to DOS attacks" critiscism is that it assumes a static network. The masternode network is not static, it's constantly moving. A masternode can be setup and hosted in minutes and then moved in minutes if need be. It's a moving target "cloud" that is not stuck behind a fixed DOS'able firewall in the way fluffypony alludes to.

So all in all, I think this post, far from exposing any weaknesses, only goes to demonstrate its fundemantal strength of approach in offering massive redundancy and pre-emptive anonymisation using the 2-tier system.

[qwizzie]

to OP

- pls stop hiding behind fake accounts like Iranianfromhell666 on reddit and now this account on BTC, its just getting a bit sad really.
- thanks for giving Darkcoin some well-deserved attention, 1473 views for a post on BCT is impressive .. since most people in this Altcoin
Discussion Forum are used to trolls creating new accounts and attacking coins i trust most of these readers to prick right through this
post and form their own opinion about Darkcoin and maybe even get a bit more intrigued by it.

Maybe those people will start asking themself questions like : what is Darkcoin about? what does Darksend mean and what does it do exactly ?
what are Masternodes ? how many Masternodes are there and why do they keep growing so fast ? why is Darkcoin getting in the news more and more
lately ? why is it being attacked so much by trolls lately ? What is that Darkcoin InstantX i keep hearing about ?

Find answers to those questions and you my dear readers may have found more wisdom. To help you get started i will provide you with a link to the developer
of Darkcoin explaining some of those questions himself : https://www.youtube.com/watch?v=l1J5iYBpwNY

qwizzie



        

[fluffypony]

When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

That's true.

Not quite, it only applies if the machine runs a DNS server.
Do Masternodes run BIND or something?

No it isn't - AT ALL - it would be a good idea to read up on terms you are unfamiliar with. An amplification attack uses other devices on the Internet with open SNMP or DNS servers to amplify the attack and flood the target machine with packets so that the data centre is forced to null-route the traffic. It has nothing to do with the target machine - in fact, even if the machine has no services running you can still run this attack, as the routers in the data centre will still route traffic to it.

[fluffypony]

Especially if coming from somebody promoting or owning the website mymonero.com.
Why don't you just blow it off the table, if its so easy?
Or ask BCX to do it, he seems to be open for good and easy fun.

I have no desire to do that, but that does not mean I won't engage in debate.

[fluffypony]

This is actually a far better problem for an anonymity coin to have than a protocol weakness.

A fundamental architectural failure betrays critically flawed thinking on the part of its creators. In fact, such open exposure to Sybil attacks indicates a lack of understanding of the fundamentals of network security - these attacks are so well known that it is as fundamental to the architecture of distributed systems as salted passwords are to the architecture of authentication systems. At this stage arguing that it doesn't have a protocol weakness is nonsensical - it merely doesn't have a protocol weakness that you know of.

The other blatant flaw in the "it's vulnerable to DOS attacks" critiscism is that it assumes a static network. The masternode network is not static, it's constantly moving. A masternode can be setup and hosted in minutes and then moved in minutes if need be. It's a moving target "cloud" that is not stuck behind a fixed DOS'able firewall in the way fluffypony alludes to.

A DDoS attack can be rerouted in seconds. Since every node knows every masternode this becomes a non-trivial problem to solve.

Furthermore, masternodes can and will be malicious against other masternodes when the time is right. This is already happening with mining pools in Bitcoin, what makes everyone think masternode operators will be any less aggressive?

[oblox]

Anonymity through obscurity. Unless you can actually prove without a reasonable doubt that Address A paid Address Z with a factor of 3^8 pathways, by all means, knock yourself out. The masternodes used per round are random and only know their inputs and outputs. You would need control over all the masternodes in the chain used (however many rounds the user specifies) to be able to knowingly link A to Z.

At this point it doesnt matter that Anonymity in Darkcoin works or not because its over a clay base of masternodes.

Right, the most logical of counter-arguments. That "clay base" you speak of has substantial capital behind it. I'd take this "clay base" over a straw house any day of the week.

sorry then, very expensive and useless clay base.

lol, if you insist... How's Monero and the inflation working out for you? As your investment dwindles away into nothingness from the nonstop dumps.

And I should clarify, I have no issues with CN or the Monero dev team. Each coin does privacy in its own way. I do have a problem with bullshit being thrown by both sides (and yes, you kazuki, are part of the problem).

[trafficriderx]

If all this is true, then why would someone hiding behind a new account? After all, it is clear that someone wants to knock down the price to buy cheaper ..

[Polycoin]

wow.....Really Really interesting read. Darkcoin is even scammier than i thought, and thats why I support it 100%!!

[illodin]

wow.....

Nice trust btw, I especially liked this one: "Blatant scammer"

[grendel25]

'shocking'... NOT.  No one should ever expect to be completely hidden.  Only way to stop from being caught electronically is to stay completely off the grid... and even then I'm not so sure you couldn't be hunted down if someone wants you bad enough.

[Polycoin]

wow.....Really Really interesting read. Darkcoin is even scammier than i thought, and thats why I support it 100%!!

Nice trust btw, I especially liked this one: "Blatant scammer"

Darkcoin is my favorite coin. Have a lot in common