Pages:
Author

Topic: DDOS Payback - page 3. (Read 8445 times)

legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
April 18, 2013, 03:50:28 PM
#48
The irony is that the anonymity of Bitcoin would likely keep us from tracking the source.

The most likely scenario is that someone who wants to buy a bunch of bitcoins or has a bunch and wants to play the market just hops onto Silk Road, finds someone with 1000 bots for rent. They pay them a couple hundred bucks in bitcoins, they get temporary control over them and start hitting MtGox. They sell their BTC as the value starts to drop and they put a buy order in at a lower price. Once they hit their buy they pull the bots and the price starts to climb back up. Easy money.

So, to track this person down you would find the source of the bots. This is likely a bunch of random computers with a virus. Even if you could track down the person who created the virus, the actual person who started the DDOS paid in bitcoins.

Or you could use the transparency of Bitcoin to find out what the cost of a DDOS would be, look for a transaction on the blockchain within a day of the DDOS that is close to that price. Then try to track the source address to see who it is.
newbie
Activity: 37
Merit: 0
April 18, 2013, 03:47:45 PM
#47
Ripple enthusiasts are too smart for that, and Litecoin users are too stupid.
Don't forget that Litecoin is essentially a coin that's build to be easily mineable with botnets.

Quote
Yeah, what system does Slashdot use? Or CNN.com? (any major news website, most are immune to DDOS).
They aren't immune. They are just big and therefore expensive to attack.
Even banks can be attacked : http://www.informationweek.com/security/attacks/bank-ddos-attacks-resume-wells-fargo-con/240151825
The folks that attacked those banks weren't even all that powerful. Just one random group of angry hackers.

Quote
The problem is more systemic. For example, there are DDoS extortion cases where it's less costly for a victim site, like a profitable gambling one, to pay a ransom then suffer extended downtime.
MtGox is effectively a profitable gambling site.
legendary
Activity: 2506
Merit: 1010
legendary
Activity: 1512
Merit: 1001
Bitcoin - Resistance is futile
April 18, 2013, 01:58:21 PM
#45
speaking of,
i can't get access to https://blockchain.info for the past 40min...

This page (https://blockchain.info/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by CloudFlare | Hide this Alert
member
Activity: 92
Merit: 10
April 18, 2013, 01:49:10 PM
#44
speaking of,
i can't get access to https://blockchain.info for the past 40min...
legendary
Activity: 1050
Merit: 1002
April 18, 2013, 01:18:34 PM
#43
Let me explain about DDoS (I know many here know).

The problem is it's like standing in the middle of a clear field against an unseen army in the forest. You have to stand in the field so people can find you, but you're completely exposed to attack. You just have to be able to take everything that comes your way.

Translated to Web technology this means most sites exposed to significant DDoS attack are effectively disabled. There are mitigation techniques/software to reduce the effectiveness of attacks, but as the link provided above, which gives good information, points out even spending thousands of dollars on expert defenses is not always enough. The only real answer, like standing in that field, is to be big enough and bad enough to take it, having loads of bandwidth, servers, software etc. to ride the attack out. Cloudflare is something that helps the issue greatly, because they take the expensive problem many have independently and address it with consolidated resources. Still, it's an underdog fight to start with.

So how to effectively address DDoS? You might try finding the attacker(s) using social means as mentioned. The problem there is you'll never find everyone if anyone. Pooling resources, money, brain power, etc. in the style of Cloudflare in more organized ways might help.

The problem is more systemic. For example, there are DDoS extortion cases where it's less costly for a victim site, like a profitable gambling one, to pay a ransom then suffer extended downtime.

I'd say you really have to take away the main weapon which is botnets. To do that you have to provided better security against computer sheeple allowing their computers to be used unwittingly. I actually had a business idea which was a computer that was virus proof (it basically stored files in a compartmentalized way, and clean re-installed the OS with a click or on automated schedule) but never developed it.

full member
Activity: 219
Merit: 101
April 18, 2013, 12:40:21 PM
#42
99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).

Pray tell, how would you tell the difference between DDoS data and real data?  The only people who have access to the information needed to make that distinction are the website operators who are being DDoSed.  Without their server logs, you're not going to accomplish much.


traceroute and ping em and their uplinks during attacks, look at packet loss this will tell you all you need to know. Look whether it is 0%, 100% or something closer 20-05%.

Packet loss due to a ton of legitimate traffic would look identical to a DDoS though.
sr. member
Activity: 431
Merit: 251
April 18, 2013, 12:38:14 PM
#41
99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).

Gox said 4 hours ago on their twitter feed that this was a DDOS.  Or are you suspecting that Gox is lying about that?  If so, the only people with access to this "proof" you want would be Gox, SoftLayer, Prolexic, or the person actually doing the attack.
full member
Activity: 219
Merit: 101
April 18, 2013, 12:36:08 PM
#40
99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).

Pray tell, how would you tell the difference between DDoS data and real data?  The only people who have access to the information needed to make that distinction are the website operators who are being DDoSed.  Without their server logs, you're not going to accomplish much.
legendary
Activity: 1227
Merit: 1000
April 18, 2013, 12:02:36 PM
#39
99485 members on this forum and we can't even get a compelling answer to question 0: Is this a real attack or just exponential traffic growth?


(Personally and from what I've gathered from several webmasters this does look like an attack... but I want proof, not opinions).
hero member
Activity: 602
Merit: 500
April 18, 2013, 11:22:47 AM
#38
banks can't legally do it. at least not here in the US.
DDOS attacks are illegal regardless of who does it (perhaps besides the actual government who can do anything)
so average joe can't DDOS nor can any bank with ties to the US.
if there is proof that it came from a bank under US jurisdiction those people can go to jail for this

the law shouldn't be selective as to who gets punished for these kind of crimes
sr. member
Activity: 308
Merit: 250
April 18, 2013, 11:07:09 AM
#37
How exactly do large scale companies deal with DDOS?

Like Banks, Ebay, US Gov sites, etc?
sr. member
Activity: 322
Merit: 250
April 18, 2013, 10:58:10 AM
#36



Re:  DDoS prevention denominated in BTC.


http://www.blacklotus.net/learn/about-ddos-attacks

sr. member
Activity: 308
Merit: 250
April 18, 2013, 10:53:27 AM
#35
Guys... guys... I have the solution.

Just reroute it all to Paypal. Grin Grin
Although funny that wouldn't be a solution.
It would be as bad we being DDoSed and unfair.
Agreeing or not with their policies, we have no right to desire harm to them.

While on a general level you are correct, and I was joking.... On a personal level, I don't think devoting the life of myself and a crack team of genius engineers to design a temporal displacement device so I could go back in time and cock block the founder of Paypal's father as he was concieving would be at all unjustified..... Just saying.  Grin
sr. member
Activity: 375
Merit: 250
April 18, 2013, 10:51:44 AM
#34
Could the computers responsible be contacted and told that they are part of a DDoS swarm and instructed on how to clean their computers and hop to change behavior to prevent it in the future?
full member
Activity: 193
Merit: 100
April 18, 2013, 10:46:58 AM
#33
I heard through the grapevine that Mt.Gox has a newly designed logo coming out soon. I happen to know someone working on the design team and was able to get a sneak peak at the new logo!



LMAO!
legendary
Activity: 2506
Merit: 1030
Twitter @realmicroguy
April 18, 2013, 10:43:08 AM
#33
I heard through the grapevine that Mt.Gox has a newly designed logo coming out soon. I happen to know someone working on the design team and was able to get a sneak peak at the new logo!

hero member
Activity: 910
Merit: 1000
Items flashing here available at btctrinkets.com
April 18, 2013, 10:44:37 AM
#32
Fight fire with fire? I don't think it will work the way is intended. Internet provides anonymity and the attackers could take advantage of the same bounties we make to protect against their DDoS attacks.
How about voluntarily deleting malware off zombie computers, installing firewalls and antivirus software ?
[edit] or just fucking up the whole computer so bad that it's owner realises whats up.
legendary
Activity: 1493
Merit: 1003
April 18, 2013, 10:38:52 AM
#31
Guys... guys... I have the solution.

Just reroute it all to Paypal. Grin Grin
Although funny that wouldn't be a solution.
It would be as bad we being DDoSed and unfair.
Agreeing or not with their policies, we have no right to desire harm to them.
sr. member
Activity: 308
Merit: 250
April 18, 2013, 10:27:11 AM
#30
Guys... guys... I have the solution.

Just reroute it all to Paypal. Grin Grin
Pages:
Jump to: