Fair enough, that was a very hot-headed post from me because I was, and still am, pretty angry about the situation where we've effectively got an Internet run by people with power but no responsibility.
Idiots with the virtual equivalent of major first-world armies at their command, but without the restraint to use them only in times of justified war; it's the equivalent of the USA bombing the hell out of anyone just for teh lulz. Fucking anarchy.
The fact is that two pools now have publicly stated that they've appeased the bullies, and done what they've been ordered. These words will sting Anni (sorry, I respect you and I really enjoyed being part of your pool, but this has become a bigger moral debate) and the BTCGuild guy, but it's true.
What next? Given that Anni's just said that his paying clients were important and that the size of the DDoS would cripple his datacentre, then the criminals operating these zombie botnets will presumably now be requesting protection money. Some things never change... 'nice datacentre you've got here... would be a shame if it got DDoS'd, my boys can take care of that for a fee'...
I don't want to be involved in a world like that. There's giving up, abandoning the enterprise, giving the criminals money, or just letting the whole thing fall apart until everyone gets bored. But there must be *active* preventative measures - not just defence, but offence as well - surely?
Defensively - why not run the pool on a P2P basis, with signed code to prevent each pool member *not* distributing the earnings amongst the network (actually, the entire Bitcoin 'reward' system could be rewritten to pay *every* contributing miner a proportional basis of the money supply - eliminating 'luck' and pool-hopping entirely, but it'd also remove the ability of 'being a pool' - that's probably deserving of its own thread, but I'm sure someone has thought of this already)?
Offensively - I admit there's little point in attacking zombie machines (though my opinion has *always* been that if you're unskilled enough to secure your own machines / network, and your machines are used as attack vectors, then your machines should be taken off the network for the network's good) but there are only two points where a DDoS can be stopped; either at the zombie bot, or the zombie bot's ISP. If the ISP can't give a damn, then they are just as complicit. Massive traffic identified as a DDoS attack can be stopped by the ISP refusing to forward on the zombie's packets before they end up, along with all the other zombies, filling up someone's pipe. And stopping the attack at the zombie machine itself requires hacking the zombie machine, which is unethical as per responses above.
Is there any way to ask the router *upstream* of your datacentre to filter packets on a certain-number-per-originator basis? All source IPs would get through but only at a restricted rate. This wouldn't affect normal operation but would slow down 'flood' type attacks...
It's a fucking shame, an absolute fucking shame. I understand why Anni did what he did, and on a business basis it makes sense (unless it leads to threats of financial extortion) but the whole situation could snowball into causing mistrust in the Bitcoin community, the further devaluation of the BTC, and eventual total financial loss for those who have invested in the enterprise.
Perhaps I'm being somewhat pessimistic, but right now, with organised crime assaulting the Bitcoin mining infrastructure, I don't see the likelihood of Bitcoin actually *succeeding* being very high any more. I think my investment in hardware will be wasted and mining eventually ending. Organised crime doesn't gain anything from this outcome - maybe the vested interests of established fiat currencies may gain, but I wouldn't expect them to approach the problem *this* way.
Again it comes down to power without responsibility - such idiots shouldn't be allowed to have such heavy weapons...
I truly hope that something rises from the ashes of MMC... I was proud to be a member of that pool and I'd be back in a heartbeat. I don't have the facilities to offer but will help in any other way - I'm hoping Vladimir has something up his sleeve
Everyone pays for protection from the stronger. Even you pay for protection by taxes.
just as guarding & security services purchased by corporations and stores in the physical world.
Tor is not the ideal protection method either as an attacker with relatively low bandwidth can bring down the network very easily
(Fake TLS handshakes, attacking directory services and all active routers on the network, consuming the network bandwidth grinding it to a halt)
