Pages:
Author

Topic: [ANN Mt.Gox] It’s been an epic few days: What happened? - page 2. (Read 4039 times)

hero member
Activity: 756
Merit: 522
The point is that when merely using UDP, unlike TCP, the source can block ALL incoming traffic which makes it immune to DDoS. As casascius points out, UDP is like a radio broadcast signal. TCP is like the postal service with delivery confirmation.

At what level do you propose blocking the incoming traffic?
hero member
Activity: 728
Merit: 500
In cryptography we trust
Quote from: MPOE-PR link=topic=166578.msg1739785#msg1739785
I don't think you understand how DDoS works on this level. Your UDP stream would have to have a source, which would have to have an IP, which then would get flooded to crap. It's the routers that pop, not the machines.

The point is that when merely using UDP, unlike TCP, the source can block ALL incoming traffic which makes it immune to DDoS. As casascius points out, UDP is like a radio broadcast signal. TCP is like the postal service with delivery confirmation.
member
Activity: 75
Merit: 10
I propose two ideas, i dont know if good ideas:

1-since the attackers are operating in order to get benefits by buy/sell, couldn´t gox proceed to identify them or putting under suspect some accounts?

2-stop the site while ddos occurs?
hero member
Activity: 756
Merit: 522
Also MtGox could take a position on my UDP streams idea, which could be any of the following without commitment:

a) Great idea, we haven't thought of it, and you're right, it would totally get information out immune to DDoS, we'll consider it but like anything else will take time
b) Great idea, but we don't agree it would work as well as you think it will, or for (specific technical reason) won't work on our platform
c) We haven't got a clue as to what this means
d) I don't have a clue what this means because I'm not a developer or tech guy myself, but I have relayed your suggestion to someone more technical, and he says (response).  (Hopefully this suggestion is more valuable than to merely forward it blindly like the latest facebook meme, since MtGox's reputation is suffering and this will actually solve the claimed issue at hand)

Just to be clear, using UDP to broadcast ticker data would be, for all intents and purposes, IMMUNE from DDoS attacks, because such a stream consists solely of outbound traffic which is not influenced by inbound traffic.  Unlike a normal stream, there is no inbound overhead for packets to acknowledge or to keep the connection in sync, packets which can be drowned out in a DDoS attack.  UDP is much more like a point-to-point radio broadcast: the signal gets sent from point A to B even if nobody's listening

I don't think you understand how DDoS works on this level. Your UDP stream would have to have a source, which would have to have an IP, which then would get flooded to crap. It's the routers that pop, not the machines.
full member
Activity: 197
Merit: 100
the attack can also happen in order to STABILIZE bitcoin. the more people are unsatisfied with mtgox, the more they will flock to other exchanges and STABILIZE the bitcoin ecosystem. we do not need one huge centralized exchange. remember this!
hero member
Activity: 504
Merit: 500
Cheers for the update. Ignore the haters  Wink
hero member
Activity: 756
Merit: 522
Looky what I found:



Anyone recall?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Also MtGox could take a position on my UDP streams idea, which could be any of the following without commitment:

a) Great idea, we haven't thought of it, and you're right, it would totally get information out immune to DDoS, we'll consider it but like anything else will take time
b) Great idea, but we don't agree it would work as well as you think it will, or for (specific technical reason) won't work on our platform
c) We haven't got a clue as to what this means
d) I don't have a clue what this means because I'm not a developer or tech guy myself, but I have relayed your suggestion to someone more technical, and he says (response).  (Hopefully this suggestion is more valuable than to merely forward it blindly like the latest facebook meme, since MtGox's reputation is suffering and this will actually solve the claimed issue at hand)

Just to be clear, using UDP to broadcast ticker data would be, for all intents and purposes, IMMUNE from DDoS attacks, because such a stream consists solely of outbound traffic which is not influenced by inbound traffic.  Unlike a normal stream, there is no inbound overhead for packets to acknowledge or to keep the connection in sync, packets which can be drowned out in a DDoS attack.  UDP is much more like a point-to-point radio broadcast: the signal gets sent from point A to B even if nobody's listening
sr. member
Activity: 280
Merit: 250
I didn't see anything in there about adjusting the trade fee schedule.

It used to be < $160,000 to get to 0.3% (and probably a lot lower), now it's upwards of $1,370,000, a factor of ten. When will you be adjusting it to make it in line with current prices?
hero member
Activity: 910
Merit: 1000
Items flashing here available at btctrinkets.com
One thing Mt.Gox could do is release what information they have on the attack(s). We all know it's a botnet of infected computers, but I would not count out the bitcoin community out from doing detective work and more.
sr. member
Activity: 241
Merit: 250
Time you enjoy wasting is not wasted time.

Mt.Gox has been suffering from its worst trading lag ever, 502 errors, and at one point some users were not able to log in their account.


Have to admit, I too am a sucker for folks who fess up to their failings, so props to you for doing that head-on without any crap; it affords you a level of credibility that ought to be a sober example for others who lack it in lumps, like the bullshitting BFL brigade.

hero member
Activity: 756
Merit: 522
Thanks for the excellent feedback.

If this is excellent I bet nobody eats what you cook.

If you were to make the list of "events which might have killed Bitcoin", MtGox's hack is indisputably at #1, above the Pirate heist, above the recent unexpected fork, above everything else. This is MtGox's legacy: they're a historical threat to Bitcoin' continued existence and a permanent nuisance in the day to day life of it. To further illustrate this point:

Quote
Mar 04 19:15:17 blu3gr1ffon ;;goxlag
Mar 04 19:15:22 gribble 106.133771 seconds

Mar 06 04:46:15 Ukto ;;goxlag
Mar 06 04:46:15 gribble 78.10124 seconds

Mar 06 05:17:03 Chaang-Noi ;;goxlag
Mar 06 05:17:05 gribble 456.476647 seconds

Mar 06 11:41:29 dub ;;goxlag
Mar 06 11:41:46 gribble 245.37453 seconds

Mar 07 01:58:34 kakobrekla ;;goxlag
Mar 07 01:58:37 gribble 471.638897 seconds

Mar 11 09:35:00 jurov ;;goxlag
Mar 11 09:35:01 gribble 2025.557307 seconds
Mar 11 09:35:10 jurov what is the record?

Mar 12 03:53:17 dub ;;goxlag
Mar 12 03:53:18 gribble 38.016469 seconds

Mar 12 04:12:36 smickles ;;goxlag
Mar 12 04:12:36 gribble 157.044926 seconds

Mar 12 04:23:10 gesell ;;goxlag
Mar 12 04:23:11 gribble 199.519792 seconds

Let's skip to recent times:

Quote
Mar 29 00:34:07 Bitesaak ;;goxlag
Mar 29 00:34:07 gribble 288.72481 seconds

Mar 29 00:40:41 thestringpuller ;;goxlag
Mar 29 00:40:41 gribble 167.450794 seconds

It's so bad we have a special command to query it! And it's so funny people have taken to embellishing it:

Quote
Apr 03 09:24:23 ThickAsThieves ;;goxlag
Apr 03 09:24:24 gribble MtGox lag is 219.524796 seconds. During this time, light travels 0.439925233262 AU. You could have sent a bitcoin from the Sun to Mercury (0.39 AU).

Apr 03 11:50:16 dub ;;goxlag
Apr 03 11:50:16 gribble MtGox lag is 468.536678 seconds. During this time, light travels 0.938942256714 AU. You could have sent a bitcoin from the Sun to Earth (1 AU).

Apr 03 17:52:42 TomServo ;;goxlag
Apr 03 17:52:42 gribble MtGox lag is 6048.679827 seconds. During this time, light travels 12.1214866489 AU. You could have sent a bitcoin from the Sun to Saturn (9.54 AU).

Apr 03 18:03:07 thestringpuller ;;goxlag
Apr 03 18:03:07 gribble MtGox lag is 5455.751923 seconds. During this time, light travels 10.933265768 AU. You could have sent a bitcoin from the Sun to Saturn (9.54 AU).

The notion that you're running an exchange with multisecond lag is ridiculous on its face. I'm not even sure why this has to be spelled out, it's beyond ridiculous. It's like Monty Python's cheese shop, it's like Monty Python's "self defense classes", it's like a comedy routine. This is what we use you for, MtGox, comedic relief. You're not an exchange, okay? You're Bitcoin's very own Comedy Central.

So now, armed with this basic understanding of what's what and where we're standing, let us dissect MtGox's most recent load of bullcrap (continued).
legendary
Activity: 3108
Merit: 1531
yes
Thanks for updating the community  Cheesy
member
Activity: 112
Merit: 10

We, Coinlab & Mt.Gox, will announce something on this matter soon.

I really hope so because to date both services have fallen well short of the mark in keeping users informed.

I agree with you, but let's say that the FinCEN announcement delayed a few things.
hero member
Activity: 868
Merit: 1000

We, Coinlab & Mt.Gox, will announce something on this matter soon.

I really hope so because to date both services have fallen well short of the mark in keeping users informed.
member
Activity: 112
Merit: 10
Prolexic sucks, they are resellers. Go with Black Lotus and make them agree to guaranteed uptime protection they'll do it. You could also clone a backup elastic cloud image on Amazon that ssh's to your secure db and switch to it whenever you get hammered beyond 10Gbps

We were using Black Lotus and runaway from them... And 10Gbps is pretty much nothing for us, we have this on weekly basis and EC2 doesn't have enough CPU/memory to handle our db on a single instance
member
Activity: 112
Merit: 10
Alex, you mentioned the verification issue.

It's really unclear to me what is going to happen with this when US/Canadian users get transferred to CoinLab.  Will the accounts which are currently awaiting verification still be verified by MtGox or will US/Canadian customers be verified by CoinLab following the transition (ie, will those US/Canadian customers currently awaiting verification by MtGox need to start the verification process again with CoinLab)?  

The lack of recent information about the transition is worrying as customers were initially told that they needed to agree to CoinLab's ToS if they wanted to use MtGox following the transition but the information on the CoinLab site says that the funds of US/Canadian customers will automatically be transferred to the US.  

This implies that people will need to withdraw their funds from MtGox before the transition if they don't want those funds transferred to the US bank (which may present difficulties for unverified customers given the backlog on verification) or they'll have to register as a CoinLab user whether they want to or not in order to withdraw their funds.

It was previously stated that MtGox user data would not be transferred to CoinLab without user agreement (ie, MtGox users accepting CoinLab's ToS), but if the funds are being transferred automatically then how will users be able to access them without using CoinLab?

I know you have a lot going on, but the transition to CoinLab has to the potential to be disastrous if you don't keep your users fully informed and - quite frankly - you don't need any more things happening right now which undermine people's confidence in you.


We, Coinlab & Mt.Gox, will announce something on this matter soon.
hero member
Activity: 899
Merit: 1002
Prolexic sucks, they are resellers. Go with Black Lotus and make them agree to guaranteed uptime protection they'll do it. You could also clone a backup elastic cloud image on Amazon that ssh's to your secure db and switch to it whenever you get hammered beyond 100Gbps
member
Activity: 112
Merit: 10
Dear Mt.Gox users and Bitcoiners,

It’s been an epic few days on Bitcoin, with prices going up as high as $142 per BTC. We all hope that this is just the beginning!


Thought the top was $147?

You are right (last 24hrs), I was stuck on the past 12hrs data
sr. member
Activity: 291
Merit: 250
Dear Mt.Gox users and Bitcoiners,

It’s been an epic few days on Bitcoin, with prices going up as high as $142 per BTC. We all hope that this is just the beginning!


Thought the top was $147?
Pages:
Jump to: