Topic: [1050 TH] BitMinter.com [1% PPLNS,Pays TxFees +MergedMining,Stratum,GBT,vardiff] - page 194. (Read 837101 times)

Sorry to ask again but i just want to make sure. Are we from now on protected by black lotus or not yet ?

Thanks

Doc I will pop up on Irc to discuss it when i (and you) do have time. I feel I  have to stop spamming the topic with FW TCP/UDP and stuff

Thank you very much for your comments.

I am heartened by your words doc.
Dont worry I'll find the next few blocks for the team!

UDP will be incredibly easy to defend against since my server won't need UDP to function. Upstream could block all UDP traffic, very easy mitigation. Black Lotus fend off attacks every day, they're not noobs.

The web server was up during the attacks, that must be where you got a quick 404 response from. Trust me the net connection of the mining server was completely saturated.

Doc,

In my opinion Black Lotus will not be able to guard your network (bandwidth) usage in case you are victim to UDP due to protocol nature itself. UDP attacks can be filtered in ISP core routers only. If it is a TCP attack it will be OK with both VPN and Black Lotus solution. However what i have noticed so far - when server was down (attacked) it was responding damn fast to wget with 404 page not found. If responses came from your server not from cloudfire it is pretty obvious that there were no issues with bandwidth at all during the attacks.

Good luck Doc - choose what you will be comfortable with  

It seems it's already effective, isn't it ?

Hi Doc'

That s good news for the black lotus protection. When will that be effective exactly ?

Thanks

fyi I'm not able to reach my miners at the moment.  assuming they are still running, they are probably pointing at the old server.  another 24hours or so I'll be able to check them and fix them.

M

@DrHaribo,
I would like to personally thank you for all of the hard work that you have been putting in for us.

Your pool is by far the best and easiest to use and I mention it every chance that I can.

Just know that all of your hard work is paying off

So...

Thank you

We're not running out of CPU here, but bandwidth. One scrubbing server will just get knocked off the net, same as the mining server itself did.

I could perhaps set up multiple 10 Gbps servers to scrub traffic, at a data center with very high bandwidth and where they don't blackhole (nullroute) you when you get DDoSed. I don't know a good place for that, nor if it can be done for a reasonable price. I think for now Black Lotus is a good choice.

If the pool had 30TH you wouldn't notice a 90+cdf block.....  You also would probably be making waaaaaaay less per block 8-)

Not a problem, Vince.

Just for my own curiousity I was just looking at EclipseMC's (similar pool size as BitMinter) block stats and see that less than 2 weeks ago they had a string of 4 blocks where 3 of them were 99.3%, 95.5%, and 94%. That was a bad week, but guess what: they also had a string of 4 blocks where 3 of them were 0.1%, 0.5%, and 3% to balance it out.

the worst part is that CDF never reaches 100%   And it can take a long time and stay on 99% but we will go over it for sure. Good times are coming!

Thank you.

I was asking that because it is the first time I notice 2 consecutive blocks with 90+ CdF.

Vince120, there is nothing particularly unusual about a 90%+ CDF. It is normal variance; every pool will run into this. Just like it isn't all that unusual to get a <10% CDF.  Take a look at bitminters recent block stats:

https://bitminter.com/blocks

Right now I see 3 blocks with >90% CDF and 3 blocks with <10% CDF. The reason long blocks get more attention around here than short ones are just that: they hang around, in-your-face, for a long time. Short blocks usually come and go without most people even noticing. The reality is that both types of blocks are equally likely and, over time, they all average out properly.

More than 15 hours again.

Perhaps I misunderstood but :
- Ddos implies miners have gone
- Less miners implies less THps
- Less THps implies slowest block computing
- Slowest computing implies longer durations

But, considering the increasing difficulty, why do we have >90% CdF ? (with the samed number of hashes computed at 15M difficulty, CDF is higher than at 19M diffuclty) Does Ddos had an impact on CdF considerations

Keep in mind that this also could be the result of the lower difficulty in LTC about 3 days ago - to date, and a lot of miners moved to LTC since this (I am one, moved all my rigs to LTC) of course that makes the difficulty to rise again, when that happens, I will get back here hehe.

Doc,

We do appreciate all of your handwork and efforts

I wrote the idea a couple of times but before going with lotus please consider the flowing

The example i will use Google public DNS IP's for simplicity:


Exposed Machine emty Box just Ovpn+Firewal+Nat (ISP One)                   Real Bitminter Server  (ISP TWO)  

--------------------------                                                                -------------------------------

8.8.8.8/OVPN 10.10.10.1                        <---------->              8.8.4.4 (Hidden known only by you and 8.8.8.8 box)/OVPN 10.10.10.2

-------------------------- -                                                             --------------------------------


Bitminter is known/resolved to 8.8.8.8

All requests (web mining or whatever you need)                               10.10.10.2 Is serving the requests+ Policy routing. All requests arrived at
are forwarded to 10.10.10.2 OVPN                                                    10.10.10.2 are forwarded back to 10.10.10.1 Hiding  your IP

All requests coming back from 10.10.10.2 are nated to 8.8.8.8


Doing this you will achive:

1. If the attacks are coming from known IP address - rangers you can easy filter them out on 8.8.8.8 With zero CPU/Network load to your Server 8.8.4.4. I am not aware of the attacks details but believe me Empty Linux box doing nothing just natting one IP can filter a lot    
2. You can use Connection iptables limit - i am not aware if it is a good or bad idea since some miners can be affected also
3. And other fancy stuff

In the end you are the boss and you will decide what to do no doubt about it but i just wanna know you got the idea

Drawbacks some lag will occur (Traffic moving along the ovpn) but it will be not noticed at all especially if you rent second server in a Rack near by
And if you decide to do it pls make sure that nginx (or whatever else is there) will never expose 8.8.4.4 IP via http (other) headers to attackers

That is serious investment. I think I'll increase my donation percentage in thanks.

It may not be much now, but when my ASICs arrive, it should help a bit more.

Thanks Doc - you really do care about your mint! Time to show I do too.

Hi Doc,

Thanks for fixing the pool and taking bitminter s pool security to the next level !

When exactly will the pool be protected against DDoS ? That would be good to have idea on when we should finally be able  to mine without any attack annoying us all.

Thanks for the investment !