Topic: DDOS Payback - page 3. (Read 8437 times)

The irony is that the anonymity of Bitcoin would likely keep us from tracking the source.

The most likely scenario is that someone who wants to buy a bunch of bitcoins or has a bunch and wants to play the market just hops onto Silk Road, finds someone with 1000 bots for rent. They pay them a couple hundred bucks in bitcoins, they get temporary control over them and start hitting MtGox. They sell their BTC as the value starts to drop and they put a buy order in at a lower price. Once they hit their buy they pull the bots and the price starts to climb back up. Easy money.

So, to track this person down you would find the source of the bots. This is likely a bunch of random computers with a virus. Even if you could track down the person who created the virus, the actual person who started the DDOS paid in bitcoins.

Or you could use the transparency of Bitcoin to find out what the cost of a DDOS would be, look for a transaction on the blockchain within a day of the DDOS that is close to that price. Then try to track the source address to see who it is.

Don't forget that Litecoin is essentially a coin that's build to be easily mineable with botnets.

They aren't immune. They are just big and therefore expensive to attack.
Even banks can be attacked : http://www.informationweek.com/security/attacks/bank-ddos-attacks-resume-wells-fargo-con/240151825
The folks that attacked those banks weren't even all that powerful. Just one random group of angry hackers.

MtGox is effectively a profitable gambling site.

Related:


 - http://news.netcraft.com/archives/2013/04/11/mt-gox-victim-of-own-success-as-bitcoins-fall-in-value.html

This page (https://blockchain.info/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by CloudFlare | Hide this Alert

speaking of,
i can't get access to https://blockchain.info for the past 40min...

Let me explain about DDoS (I know many here know).

The problem is it's like standing in the middle of a clear field against an unseen army in the forest. You have to stand in the field so people can find you, but you're completely exposed to attack. You just have to be able to take everything that comes your way.

Translated to Web technology this means most sites exposed to significant DDoS attack are effectively disabled. There are mitigation techniques/software to reduce the effectiveness of attacks, but as the link provided above, which gives good information, points out even spending thousands of dollars on expert defenses is not always enough. The only real answer, like standing in that field, is to be big enough and bad enough to take it, having loads of bandwidth, servers, software etc. to ride the attack out. Cloudflare is something that helps the issue greatly, because they take the expensive problem many have independently and address it with consolidated resources. Still, it's an underdog fight to start with.

So how to effectively address DDoS? You might try finding the attacker(s) using social means as mentioned. The problem there is you'll never find everyone if anyone. Pooling resources, money, brain power, etc. in the style of Cloudflare in more organized ways might help.

The problem is more systemic. For example, there are DDoS extortion cases where it's less costly for a victim site, like a profitable gambling one, to pay a ransom then suffer extended downtime.

I'd say you really have to take away the main weapon which is botnets. To do that you have to provided better security against computer sheeple allowing their computers to be used unwittingly. I actually had a business idea which was a computer that was virus proof (it basically stored files in a compartmentalized way, and clean re-installed the OS with a click or on automated schedule) but never developed it.

Packet loss due to a ton of legitimate traffic would look identical to a DDoS though.

Gox said 4 hours ago on their twitter feed that this was a DDOS.  Or are you suspecting that Gox is lying about that?  If so, the only people with access to this "proof" you want would be Gox, SoftLayer, Prolexic, or the person actually doing the attack.

Pray tell, how would you tell the difference between DDoS data and real data?  The only people who have access to the information needed to make that distinction are the website operators who are being DDoSed.  Without their server logs, you're not going to accomplish much.

99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).

banks can't legally do it. at least not here in the US.
DDOS attacks are illegal regardless of who does it (perhaps besides the actual government who can do anything)
so average joe can't DDOS nor can any bank with ties to the US.
if there is proof that it came from a bank under US jurisdiction those people can go to jail for this

the law shouldn't be selective as to who gets punished for these kind of crimes

How exactly do large scale companies deal with DDOS?

Like Banks, Ebay, US Gov sites, etc?

Re:  DDoS prevention denominated in BTC.


http://www.blacklotus.net/learn/about-ddos-attacks

While on a general level you are correct, and I was joking.... On a personal level, I don't think devoting the life of myself and a crack team of genius engineers to design a temporal displacement device so I could go back in time and cock block the founder of Paypal's father as he was concieving would be at all unjustified..... Just saying.  

Could the computers responsible be contacted and told that they are part of a DDoS swarm and instructed on how to clean their computers and hop to change behavior to prevent it in the future?

LMAO!

I heard through the grapevine that Mt.Gox has a newly designed logo coming out soon. I happen to know someone working on the design team and was able to get a sneak peak at the new logo!

How about voluntarily deleting malware off zombie computers, installing firewalls and antivirus software ?
[edit] or just fucking up the whole computer so bad that it's owner realises whats up.

Although funny that wouldn't be a solution.
It would be as bad we being DDoSed and unfair.
Agreeing or not with their policies, we have no right to desire harm to them.

Guys... guys... I have the solution.

Just reroute it all to Paypal.