Pages:
Author

Topic: POOLS under DDOS ATTACKS (Read 5488 times)

hero member
Activity: 672
Merit: 500
July 08, 2011, 02:19:46 PM
#48
Do you really know how a botnet works?

muaaahhaha? harder please ;-)
sr. member
Activity: 322
Merit: 252
July 08, 2011, 12:05:10 PM
#47

It is MUCH more difficulty to make a virus to Linux... I'm honestly do not believe that somebody can make a Linux Virus capable of infecting all Linux variants across the globe.. It is near impossible to do that.

http://en.wikipedia.org/wiki/Morris_worm

Aside from the first internet worm, of course Smiley
sr. member
Activity: 294
Merit: 250
July 08, 2011, 11:31:48 AM
#46
Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Botnets are indestructible!!! http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

How many infected PC (aka botnets zoombies) are Windows? 99% of it!
How many infected computers (aka botnet zoombies are Linux? 0,000001% of it?! Probably...

So, just use Linux (like Ubuntu or Debian) to end these botnets...

It is MUCH more difficulty to make a virus to Linux... I'm honestly do not believe that somebody can make a Linux Virus capable of infecting all Linux variants across the globe.. It is near impossible to do that.
Actually it would be possible to make something that runs on every Linux distro (it's all still just Linux), but it's a lot harder to make something that doesn't go away after you restart/relogin.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
July 08, 2011, 10:59:17 AM
#45
Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

Well, I have another idea... Don't know if can work by the way...

c) Make mining pool inaccessible from the outside, from the Internet (no route for it, no DNS), making the pool at some intranet, so, every single miner, like you and me, should authenticate itself in some Internet point and then, it will be able start a VPN with some hidden Internet VPN server and voiala, we will have access to the Mining Pool intranet network.

c.1) The login system at the Internet is just a "login"... Should be hosted everywhere... It should be simple and not browser dependent...

c.2) The VPN servers will be accessible only after the login, only for that session, otherwise, they will remain closed by firewalls and/or border gateways...

c.3) The VPN servers will be hosted everywhere too, the behind them, there is a Mining Pool...

 I'm thinking in OpenVPN or IPSec to achieve this...

 We will be able to identify and close any irregular traffic, not affecting the regular users / miners...

 To the miners, this should be totaly transparent, they just need to setup one more user/pass somewhere, that will be used before miner starts...

Well, this is just an idea that come to mind as I was sleeping...  \o/

This is a simple bandwidth exhaustion attack.  What you suggestion would actually make this attack much easier.

Well, never mind...   :-P
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
July 08, 2011, 10:40:41 AM
#44
Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Botnets are indestructible!!! http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

How many infected PC (aka botnets zoombies) are Windows? 99% of it!
How many infected computers (aka botnet zoombies are Linux? 0,000001% of it?! Probably...

So, just use Linux (like Ubuntu or Debian) to end these botnets...

It is MUCH more difficulty to make a virus to Linux... I'm honestly do not believe that somebody can make a Linux Virus capable of infecting all Linux variants across the globe.. It is near impossible to do that.
sr. member
Activity: 463
Merit: 252
July 08, 2011, 10:31:24 AM
#43
Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

Well, I have another idea... Don't know if can work by the way...

c) Make mining pool inaccessible from the outside, from the Internet (no route for it, no DNS), making the pool at some intranet, so, every single miner, like you and me, should authenticate itself in some Internet point and then, it will be able start a VPN with some hidden Internet VPN server and voiala, we will have access to the Mining Pool intranet network.

c.1) The login system at the Internet is just a "login"... Should be hosted everywhere... It should be simple and not browser dependent...

c.2) The VPN servers will be accessible only after the login, only for that session, otherwise, they will remain closed by firewalls and/or border gateways...

c.3) The VPN servers will be hosted everywhere too, the behind them, there is a Mining Pool...

 I'm thinking in OpenVPN or IPSec to achieve this...

 We will be able to identify and close any irregular traffic, not affecting the regular users / miners...

 To the miners, this should be totaly transparent, they just need to setup one more user/pass somewhere, that will be used before miner starts...

Well, this is just an idea that come to mind as I was sleeping...  \o/

This is a simple bandwidth exhaustion attack.  What you suggestion would actually make this attack much easier.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
July 08, 2011, 10:28:16 AM
#42
Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

Well, I have another idea... Don't know if can work by the way...

c) Make mining pool inaccessible from the outside, from the Internet (no route for it, no DNS), making the pool at some intranet, so, every single miner, like you and me, should authenticate itself in some Internet point and then, it will be able start a VPN with some hidden Internet VPN server and voiala, we will have access to the Mining Pool intranet network.

c.1) The login system at the Internet is just a "login"... Should be hosted everywhere... It should be simple and not browser dependent...

c.2) The VPN servers will be accessible only after the login, only for that session, otherwise, they will remain closed by firewalls and/or border gateways...

c.3) The VPN servers will be hosted everywhere too, the behind them, there is a Mining Pool...

 I'm thinking in OpenVPN or IPSec to achieve this...

 We will be able to identify and close any irregular traffic, not affecting the regular users / miners...

 To the miners, this should be totaly transparent, they just need to setup one more user/pass somewhere, that will be used before miner starts...

Well, this is just an idea that come to mind as I was sleeping...  \o/
sr. member
Activity: 294
Merit: 250
July 08, 2011, 10:12:20 AM
#41
Distributed denial of service attacks - DDoS can be defeated and prevented - but the victim may need to change their internet service provider.

Briefly, a DDoS stems from a multitude of controlled client computers - the botnet - in which the botnet operator causes them to flood a particular victim web service with connection requests or other useless messages that may consume all the input bandwidth allowed the victim, leaving none for legitimate customers.

DDoS attack traffic can be detected and removed by a cooperative internet service provider.  The ISP generally has very high capacity bandwidth with the internet backbone network, and the point of connection to the backbone DDoS filtering can be performed on behalf of the victim's servers hosted by the ISP.  This DDoS mitigation and prevention service is promoted by certain ISPs - for example those now hosting Mt Gox and BTC Guild.  Other ISPs may not be as cooperative or may not have the network devices to effectively prevent DDoS attacks.

Most small websites using low-cost ISPs are thus unable to withstand DDoS attacks with their present ISP and must migrate their servers to a more secure ISP when attacked.

DDoS resistant hosting which can actually withstand a sustained attack is very expensive.  You basically end up having to pay for the bandwidth either way.

The best strategy for stopping a DDoS is to already have protection and thus not go down in the first place.  Only the most dedicated attacker is going to redouble their efforts and try again.  However if you move to DDoS hosting they know it's costing you more money and will continue.
Before people start screaming "but here you can get DDoS protected hosting for only $20 a month!", let me also mention that 99% of the providers offering 'DDoS protection' choke on anything more than a gigabit. They typically have one Cisco Guard or similar hardware, and then claim it's 'DDoS protected'. Any serious attack will still go through. The same goes for providers with a fixed 'filtering capacity' or 'cleaned bandwidth limit'. They will just suspend your plan after you get too much DDoS.

The cheapest DDoS protection you can find that will actually achieve something starts at ~$300 (at hosts who are located in Dragonara, for example), and even then the costs will probably rack up if you need more filtering capacity.
newbie
Activity: 57
Merit: 0
July 08, 2011, 09:58:55 AM
#40
Well if anything it will make the pool admins more aware of the holes in their systems.

facepalm...do you know how botnets work?

The only real way for admins to stop a ddos attack from crippling is to A) wait it out B) have so much connection bandwidth a ddos attack does nothing. So you are telling server owners to buy ridiculous amounts of bandwidth?

It's like saying the solution to people stealing gas out of your car is to buy more gas.

QFT
sr. member
Activity: 463
Merit: 252
July 08, 2011, 09:58:38 AM
#39
Distributed denial of service attacks - DDoS can be defeated and prevented - but the victim may need to change their internet service provider.

Briefly, a DDoS stems from a multitude of controlled client computers - the botnet - in which the botnet operator causes them to flood a particular victim web service with connection requests or other useless messages that may consume all the input bandwidth allowed the victim, leaving none for legitimate customers.

DDoS attack traffic can be detected and removed by a cooperative internet service provider.  The ISP generally has very high capacity bandwidth with the internet backbone network, and the point of connection to the backbone DDoS filtering can be performed on behalf of the victim's servers hosted by the ISP.  This DDoS mitigation and prevention service is promoted by certain ISPs - for example those now hosting Mt Gox and BTC Guild.  Other ISPs may not be as cooperative or may not have the network devices to effectively prevent DDoS attacks.

Most small websites using low-cost ISPs are thus unable to withstand DDoS attacks with their present ISP and must migrate their servers to a more secure ISP when attacked.

DDoS resistant hosting which can actually withstand a sustained attack is very expensive.  You basically end up having to pay for the bandwidth either way.

The best strategy for stopping a DDoS is to already have protection and thus not go down in the first place.  Only the most dedicated attacker is going to redouble their efforts and try again.  However if you move to DDoS hosting they know it's costing you more money and will continue.
hero member
Activity: 686
Merit: 501
Stephen Reed
July 08, 2011, 08:49:12 AM
#38
Distributed denial of service attacks - DDoS can be defeated and prevented - but the victim may need to change their internet service provider.

Briefly, a DDoS stems from a multitude of controlled client computers - the botnet - in which the botnet operator causes them to flood a particular victim web service with connection requests or other useless messages that may consume all the input bandwidth allowed the victim, leaving none for legitimate customers.

DDoS attack traffic can be detected and removed by a cooperative internet service provider.  The ISP generally has very high capacity bandwidth with the internet backbone network, and at the point of connection to the backbone DDoS filtering can be performed on behalf of the victim's servers hosted by the ISP.  This DDoS mitigation and prevention service is promoted by certain ISPs - for example those now hosting Mt Gox and BTC Guild.  Other ISPs may not be as cooperative or may not have the network devices to effectively prevent DDoS attacks.

Most small websites using low-cost ISPs are thus unable to withstand DDoS attacks with their present ISP and must migrate their servers to a more secure ISP when attacked.
sr. member
Activity: 294
Merit: 250
July 08, 2011, 08:30:08 AM
#37
There are several issues with this:
1. When successful you will be taking out internet connections of people that have nothing to do with it (whose computer is infected with a bot).
2. Your bandwidth is already getting raped, so it'll be hard to send anything of significance the other way Smiley
3. You typically can't just find the C&C server... you only have the IP addresses of the infected computers/rooted servers that are attacking you. It would take a considerable amount of cracking (into a compromised server or computer) to figure out where the C&C is.
4. You will only be able to attack 1 or a few IPs at the same time... botnets often rely on numbers rather than individual capacity, rendering your attack useless. When you stop attacking a machine, it just comes back as if nothing happened.
5. It's blatantly illegal to do all of the above, and will most likely not only get your server shutdown by your hosting provider, but will also get you into legal issues.

1. They have a lot to do with it.
When you have a car accident and it was your fault, the police didn't take the "excuse me it was my car, i did nothing to do with it" ;-)

2.just droping ALL incoming pacets and requests doesnt work? and just remember the IPs to send back?

3.that was not my intension , because i know it doesnt work.
4. maybe then an anti-botnet-trojan/worm is needed xD
5.ah and why the providers dont take the infected machines down, and send to the owners letters with rembering to the terms&conditions of the ISP?!? just reroute traffic isnt illegal.

Do you know how a botnet works at all?
sr. member
Activity: 322
Merit: 252
July 08, 2011, 08:29:32 AM
#36

5.ah and why the providers dont take the infected machines down, and send to the owners letters with rembering to the terms&conditions of the ISP?!? just reroute traffic isnt illegal.

Pretend you're a cable provider.

Investigating what your clients are doing and whether or not their PCs are infected costs you >0.  Doing nothing costs 0.
Shutting down a paying customer costs you 39.95 a month.  Leaving them on earns you 39.95 a month.

Ask the question again.
hero member
Activity: 672
Merit: 500
July 08, 2011, 08:24:23 AM
#35
There are several issues with this:
1. When successful you will be taking out internet connections of people that have nothing to do with it (whose computer is infected with a bot).
2. Your bandwidth is already getting raped, so it'll be hard to send anything of significance the other way Smiley
3. You typically can't just find the C&C server... you only have the IP addresses of the infected computers/rooted servers that are attacking you. It would take a considerable amount of cracking (into a compromised server or computer) to figure out where the C&C is.
4. You will only be able to attack 1 or a few IPs at the same time... botnets often rely on numbers rather than individual capacity, rendering your attack useless. When you stop attacking a machine, it just comes back as if nothing happened.
5. It's blatantly illegal to do all of the above, and will most likely not only get your server shutdown by your hosting provider, but will also get you into legal issues.

1. They have a lot to do with it.
When you have a car accident and it was your fault, the police didn't take the "excuse me it was my car, i did nothing to do with it" ;-)

2.just droping ALL incoming pacets and requests doesnt work? and just remember the IPs to send back?

3.that was not my intension , because i know it doesnt work.
4. maybe then an anti-botnet-trojan/worm is needed xD
5.ah and why the providers dont take the infected machines down, and send to the owners letters with rembering to the terms&conditions of the ISP?!? just reroute traffic isnt illegal.
sr. member
Activity: 321
Merit: 250
Firstbits: 1gyzhw
July 08, 2011, 06:08:26 AM
#34
Slush makes 1500 BTC daily with a 2% fee, that's about $13,000 a month. That could buy some serious bandwidth

So Slush's pool is solving 1500 blocks daily? That's why difficulty keeps increasing every two days....
And I'm glad I'm part of it, i get about 0.02 BTC out of every block, giving me a profit of 1500*0.02=30BTC per day! Not.

But you probably meant 1500 BTC per month, which would fit the rest of your message :-)

1500 BTC daily is 30 blocks per day.

http://mining.bitcoin.cz/stats/graphs/

sr. member
Activity: 294
Merit: 250
July 08, 2011, 03:58:53 AM
#33
I have an idea,
isnt it possible to fight botnets to reroute the traffic back to its own pcs?
But,Only 1 PC of this Botnet at a time gets all the traffic for a limited time.
If this PC hangsup, next PC of the Botnet gets the traffic.

does anybody think this could work?

(maybe send the Traffic at the Command & Controll port? )
There are several issues with this:
1. When successful you will be taking out internet connections of people that have nothing to do with it (whose computer is infected with a bot).
2. Your bandwidth is already getting raped, so it'll be hard to send anything of significance the other way Smiley
3. You typically can't just find the C&C server... you only have the IP addresses of the infected computers/rooted servers that are attacking you. It would take a considerable amount of cracking (into a compromised server or computer) to figure out where the C&C is.
4. You will only be able to attack 1 or a few IPs at the same time... botnets often rely on numbers rather than individual capacity, rendering your attack useless. When you stop attacking a machine, it just comes back as if nothing happened.
5. It's blatantly illegal to do all of the above, and will most likely not only get your server shutdown by your hosting provider, but will also get you into legal issues.
hero member
Activity: 672
Merit: 500
July 07, 2011, 09:48:18 PM
#32
I have an idea,
isnt it possible to fight botnets to reroute the traffic back to its own pcs?
But,Only 1 PC of this Botnet at a time gets all the traffic for a limited time.
If this PC hangsup, next PC of the Botnet gets the traffic.

does anybody think this could work?

(maybe send the Traffic at the Command & Controll port? )
sr. member
Activity: 252
Merit: 251
July 07, 2011, 04:03:55 PM
#31
HYIPs always get DDos'd when they start up. Now, why on earth would the people attack HYIPs?

Obviously, the government does not want people making money or getting ahead.

Your logic is funny at best.
Online HYIPs are without exception ponzi schemes. Every single one of them. In the end only the few people joining at the beginning make money and the rest lose.

The government has only to benefit if you make money or get ahead. Ever head of capital tax? They *encourage* you to earn money so that they can get a cut of it.

Only people in the world with a motivation to DDoS HYIPs are other HYIP admins who want to drive suckers to their own site by discrediting the other site with constant downtime.
member
Activity: 90
Merit: 10
July 07, 2011, 03:58:41 PM
#30
Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Not from within.  Modern malware can be so devious that you cannot really trust a negative report from an antivirus program that is running from inside a compromised system.  The solution is to either boot from a live-CD and perform a scan of your hard-drive from there, or to just nuke the system completely and reinstall everything fresh from a trusted source.

Statistically speaking, if you are running Windows and you are posing such beginner questions (no offense!), it is very well possible that your system may indeed be compromised and part of a botnet.
hero member
Activity: 630
Merit: 500
Posts: 69
July 07, 2011, 03:58:00 PM
#29
Is there a sure way to make sure my computer isn't infected with some botnet crap? I'd hate to think I"m contributing to this in some sort of way.

will an antivirus program recognize it as a trojan or something?

Botnets are indestructible!!! http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/
Pages:
Jump to: