Pages:
Author

Topic: DDOS Payback - page 2. (Read 8445 times)

sr. member
Activity: 339
Merit: 250
División de Poderes s.XXI es Descentralización
April 19, 2013, 05:20:03 AM
#68

This is true. I've seen all bitcoin related service suffer the same fate in the last few days, including Rugatu, and I don't seem to understand what is the purpose of this sustained attack.

The purpose is to kill off Bitcoin as a currency and as a community.

What if the mafia or criminal enterprises are finaly looking on Bitcoin as a tool for their shady financial activities. They want some coins for testing so they DDOSed and manipulated the price down, so they can bought a lot of them for cheap.  Cheesy






Lol, lets DDoS the NYSE



full member
Activity: 136
Merit: 100
April 19, 2013, 04:22:09 AM
#67

This is true. I've seen all bitcoin related service suffer the same fate in the last few days, including Rugatu, and I don't seem to understand what is the purpose of this sustained attack.

The purpose is to kill off Bitcoin as a currency and as a community.

What if the mafia or criminal enterprises are finaly looking on Bitcoin as a tool for their shady financial activities. They want some coins for testing so they DDOSed and manipulated the price down, so they can bought a lot of them for cheap.  Cheesy
full member
Activity: 136
Merit: 100
April 19, 2013, 04:17:55 AM
#66
Almost every major Bitcoin website has been under DDOS attack over the past few days. It’s becoming a real problem, not just for the exchanges. It is also opening up other vulnerabilities.

Installing defensive tech (like cloudflare) is not enough. Isn’t the Bitcoin community supposed to include some of the best hackers in the world? We should set up a bounty and take the fight to whatever botnets are trying to mess with Bitcoin.

As long as attackers can get away with it for free, attacks will continue. Let's just readjust their incentives a bit  Wink

I suggest setting up:

0. Reward for proving that there is a real attacker
1. Reward for whoever can identify the source of the attacks
2. Bounty for taking down (with prejudice) any major attackers


Considering the potential losses for major Bitcoin businesses if these attacks continue, I’m sure pledging a few coins each for this would be worthwhile. It might also be a good project for the Bitcoin Foundation...



DDOS could come from anywhere – about a month ago there were DDOS attacks on Czech internet banking sites, biggest search engine seznam.cz and some institutions sites. It lasted a FULL WEEK! Now the investigation come to results that those DDOSs comes from NORTH KOREA! Now tell me how you can find who is behind attacks and how do you (legaly) fight with Chinese or North Korea governmet, or Russin botnet operators with contacts to mafia. Hell, I can even imagine that this could be the work of CIA or some other shady organisation.

Fight fire with fire is not the answer, we can only make more exchanges so the attackers cannot DDOS them all. Or just use local/face2face exchanges.

Also if I remember it correctly the Gox is using Prolexic as an DDOS protection and it is used also by big banks around the globe. How is that possible that DDOSers were so succesful? Did the mass histeria and crowds trying to connect to Gox help them?
legendary
Activity: 1227
Merit: 1000
April 19, 2013, 03:56:35 AM
#65

To mitigate these types of attacks you just run multiple versions of the site in multiple virtual machines and simple pause one of them, take a snapshot, make the snapshot live. The data can be migrated in the background.  Basically the way to defeat the DDOS is by cloud based migration.

So you fight a distributed attack by becoming distributed yourself, becoming a moving target. Nice.
hero member
Activity: 714
Merit: 510
April 18, 2013, 10:02:35 PM
#64

This is true. I've seen all bitcoin related service suffer the same fate in the last few days, including Rugatu, and I don't seem to understand what is the purpose of this sustained attack.

The purpose is to kill off Bitcoin as a currency and as a community.
hero member
Activity: 714
Merit: 510
April 18, 2013, 09:59:11 PM
#63
speaking of,
i can't get access to https://blockchain.info for the past 40min...

This page (https://blockchain.info/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by CloudFlare | Hide this Alert

To mitigate these types of attacks you just run multiple versions of the site in multiple virtual machines and simple pause one of them, take a snapshot, make the snapshot live. The data can be migrated in the background.  Basically the way to defeat the DDOS is by cloud based migration.
hero member
Activity: 714
Merit: 510
April 18, 2013, 09:56:44 PM
#62
Let me explain about DDoS (I know many here know).

The problem is it's like standing in the middle of a clear field against an unseen army in the forest. You have to stand in the field so people can find you, but you're completely exposed to attack. You just have to be able to take everything that comes your way.

Translated to Web technology this means most sites exposed to significant DDoS attack are effectively disabled. There are mitigation techniques/software to reduce the effectiveness of attacks, but as the link provided above, which gives good information, points out even spending thousands of dollars on expert defenses is not always enough. The only real answer, like standing in that field, is to be big enough and bad enough to take it, having loads of bandwidth, servers, software etc. to ride the attack out. Cloudflare is something that helps the issue greatly, because they take the expensive problem many have independently and address it with consolidated resources. Still, it's an underdog fight to start with.

So how to effectively address DDoS? You might try finding the attacker(s) using social means as mentioned. The problem there is you'll never find everyone if anyone. Pooling resources, money, brain power, etc. in the style of Cloudflare in more organized ways might help.

The problem is more systemic. For example, there are DDoS extortion cases where it's less costly for a victim site, like a profitable gambling one, to pay a ransom then suffer extended downtime.

I'd say you really have to take away the main weapon which is botnets. To do that you have to provided better security against computer sheeple allowing their computers to be used unwittingly. I actually had a business idea which was a computer that was virus proof (it basically stored files in a compartmentalized way, and clean re-installed the OS with a click or on automated schedule) but never developed it.



All you would have to do is build an OS which runs each file in a separate virtual machine instance. This would be equal to compartmentalizing on the file level. So the browser would run in a virtual machine, but so would every other piece of software and all of it in individual sandboxes.
hero member
Activity: 714
Merit: 510
April 18, 2013, 09:51:38 PM
#61
How exactly do large scale companies deal with DDOS?

Like Banks, Ebay, US Gov sites, etc?

Clound computing and virtual machines. Also some kind of intrusion detection system.
full member
Activity: 140
Merit: 100
Mining FTW
April 18, 2013, 06:45:31 PM
#60
0. Reward for proving that there is a real attacker
in case you also followed the news outside of bitcoin, it kinda looks like the Russians are still mad about Cyprus or something... Almost any big financial institute is getting hit or has been hit over the past two weeks...

The only way to counter DDoS is setting up a fully decentralized system, which I do not believe possible with FIAT currency involved. (you would still see a couple of big hitters, taking 80% of the load, and those go down during a DDoS, you get the picture)
hero member
Activity: 546
Merit: 500
April 18, 2013, 06:20:05 PM
#59
This needs to stop... These "DDOS" attacks are just killing BTC. When the price routinely drives down, people will start to cut their losses and move on.


Dont worry, help is on the way.
newbie
Activity: 53
Merit: 0
April 18, 2013, 06:13:29 PM
#58
banks can't legally do it. at least not here in the US.

What difference does that make?
sr. member
Activity: 322
Merit: 250
April 18, 2013, 05:58:48 PM
#57
I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

That is funny. A virus fighting virus attack.

Maybe reset their background to a picture of the lone ranger with a message "Your system is now free from bad guys"
..while running a DDoS on the whole of Wales in the background mwahahah!!



LOL
legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
April 18, 2013, 05:54:42 PM
#56
It can't be so difficult to do, just make a cleaning site with a browser exploit kit, and put it on some free bitcoins sites and start the advisory.
member
Activity: 112
Merit: 100
April 18, 2013, 05:53:24 PM
#55
As someone with a fair bit of security experience in both the white and blackhat aspects of network security - You're not finding anyone I assure you.

legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
April 18, 2013, 05:42:09 PM
#54
I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

That is funny. A virus fighting virus attack.

Maybe reset their background to a picture of the lone ranger with a message "Your system is now free from bad guys"

Could be a good idea and here is why:

Quote
Most vaccines contain a little bit of a disease germ that is weak or dead.

http://www.phac-aspc.gc.ca/im/vs-sv/vs-faq01-eng.php
legendary
Activity: 1722
Merit: 1217
April 18, 2013, 05:22:24 PM
#53
if we actually knew who was doing it what would be the point of ddosing him back? just post up a bounty for his broken knee caps. say 100btc per cap?
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
April 18, 2013, 05:14:40 PM
#52
I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

That is funny. A virus fighting virus attack.

Maybe reset their background to a picture of the lone ranger with a message "Your system is now free from bad guys"
legendary
Activity: 1050
Merit: 1002
April 18, 2013, 04:39:10 PM
#51
If most of the IP's used in DDoS's are infected PC's then wouldn't that mean most of these PC's are vulnerable to attacks?

ALL computers are vulnerable to attack, though some more so than others.

I'd guess that means a bot could target them with the same attack to install and update an antivirus and remove all the spam toolbars from their browser.

lol if only it were that simple.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
April 18, 2013, 04:06:06 PM
#50

This is true. I've seen all bitcoin related service suffer the same fate in the last few days, including Rugatu, and I don't seem to understand what is the purpose of this sustained attack.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
April 18, 2013, 03:55:21 PM
#49
MtGox could also check the logs to see who consistently sells before or early into a DDOS attack and buys near the end of the attack.

They may be able to discover a pattern.
Pages:
Jump to: