How mining pools protect themselves from DDOS attacks ?

promojo

sr. member

Activity: 420

Merit: 250

Quote from: paid2 on February 01, 2023, 07:52:06 AM

I wonder how pool operators are protecting their statums addresses from DDOS attacks
I cannot find an answer on google about protecting stratum addresses from DDOS
What am I missing ? I mean they can't just manualy ban the IPs addresses which are slowing down the pool. I imagine it could give a lot of work to pool OPs no ?

Sorry for the newbie question, but as I know that some pool operator are present here, I hope that I will find a proper answer

VIP/dedicated stratum nodes/servers for specific clients.

paid2

hero member

Activity: 504

Merit: 1065

Crypto Swap Exchange

Thank you for the information, it gives me good starting points to explore on this subject!

I was convinced that it was special services for mining. I imagined that all the shares submitted by the ASICs could have been considered as DDOS, and could have been unnecessarily blocked by the "typical" protection services.

I made something that's rather simple much too complex haha Cheesy

kano

legendary

Activity: 4466

Merit: 1798

Linux since 1997 RedHat 4

Good server providers have hardware DDoS protection coz they have datacentres full of servers and really don't want someone to cause problems for all their clients.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: paid2 on February 01, 2023, 07:52:06 AM

I wonder how pool operators are protecting their statums addresses from DDOS attacks
I cannot find an answer on google about protecting stratum addresses from DDOS
What am I missing ? I mean they can't just manualy ban the IPs addresses which are slowing down the pool. I imagine it could give a lot of work to pool OPs no ?

Sorry for the newbie question, but as I know that some pool operator are present here, I hope that I will find a proper answer

Also, it's not a manual ban it's automatic, even going back a decade to NOMP https://github.com/zone117x/node-open-mining-portal#attack-mitigation it had automatic banning of IPs that were causing problems. It can also be a combination using something like cloudflare as discussed above to take care of the 1st layer of attacks then something internally to filter out the rest.

-Dave

paid2

hero member

Activity: 504

Merit: 1065

Crypto Swap Exchange

Quote from: ABCbits on February 01, 2023, 08:40:12 AM

Few provider such as F2Pool use CloudFlare as DDoS protection. You can verify this using traceroute command.

Code:

$ sudo traceroute -T -p 3333 btc.f2pool.com
traceroute to btc.f2pool.com (172.65.217.174), 30 hops max, 60 byte packets
...
3 ae-0.cloudflare.atlnga05.us.bb.gin.ntt.net (128.241.219.58) 16.827 ms 16.813 ms 16.786 ms
...

Take note IP/port is taken from F2Pool website[1] and it looks like gin.ntt.net seems to be owned by CloudFlare based on traceroute shared by other people[2-3].

[1] https://www.f2pool.com/#btc
[2] https://community.cloudflare.com/t/tracert-from-hong-kong-gets-routed-to-singapore/49413
[3] https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=236223

Thank you so much ! Helping a lot !

ABCbits

legendary

Activity: 2842

Merit: 7333

Crypto Swap Exchange

Few provider such as F2Pool use CloudFlare as DDoS protection. You can verify this using traceroute command.

Code:

$ sudo traceroute -T -p 3333 btc.f2pool.com
traceroute to btc.f2pool.com (172.65.217.174), 30 hops max, 60 byte packets
...
3 ae-0.cloudflare.atlnga05.us.bb.gin.ntt.net (128.241.219.58) 16.827 ms 16.813 ms 16.786 ms
...

Take note IP/port is taken from F2Pool website[1] and it looks like gin.ntt.net seems to be owned by CloudFlare based on traceroute shared by other people[2-3].

[1] https://www.f2pool.com/#btc
[2] https://community.cloudflare.com/t/tracert-from-hong-kong-gets-routed-to-singapore/49413
[3] https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=236223

paid2

hero member

Activity: 504

Merit: 1065

Crypto Swap Exchange

I wonder how pool operators are protecting their statums addresses from DDOS attacks
I cannot find an answer on google about protecting stratum addresses from DDOS
What am I missing ? I mean they can't just manualy ban the IPs addresses which are slowing down the pool. I imagine it could give a lot of work to pool OPs no ?

Sorry for the newbie question, but as I know that some pool operator are present here, I hope that I will find a proper answer

Topic: How mining pools protect themselves from DDOS attacks ? (Read 346 times)