The problem I see with this is.
Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe
In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off
You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment
Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think
You are incorrect for several reasons.
Firstly, when a server is DDoS'd the reaction of the data centre is almost always to block all data destined for the server's IP
at the upstream data provider. Normally this is done on a BGP level. The thing with these BGP requests is that they cannot happen on a minute-by-minute basis, because massive routing changes are potentially dangerous and normally go through a change control process. Typically speaking, a dedicated server would be blackholed upstream on a BGP-level for ~4 hours. A VPS maybe longer by virtue of how cheap it is.
Thus if a sustained attack of 10 minutes is required to shut down a server for 4 hours, how much simultaneous bandwidth is required to kill your proverbial 1 240 masternodes? Well, basically it means you have to attack ~52 servers simultaneously. Now bear in mind that there are plenty of VPS and dedicated hosts that have 100mbps limits, I'd hazard less than 40% have 1gbps on tap, and fewer still with unmetered ports. In the VPS space especially bandwidth is shared between all guests on the host machine, so the actual available bandwidth is far from promised. Thus we can't take your 1gbps theoretical as being valid for all but a handful of masternodes. But let's be generous and pretend that 50% have unmetered 1gbps ports, and 50% have unmetered 100mbps ports, which means the total bandwidth required to knock the 52 servers off the grid is 28.6gbps.
Assuming you're Joe Scriptkiddie and don't have access to a botnet, how much would it cost to launch such an attack? Well I used
Str3ssed (one of the many so-called "booter" or "stresser", basically a DDoS-on-demand service pretending to be a network stress tester) to price it out. With their 250gbps of "stresser" capacity a 28.6gbps requirement is trivial. So if we just wanted to attack the network once we'd need to use their "1 Month Ultimate" package, which allows us to attack 1 target at a time for a total of 60 minutes within the month (of course you can change targets and start/stop attacks whenever you want, it's just a total of 60 minutes in the month). Because of that restriction we have to attack 207 masternodes simultaneously for 10 minutes, and then switch to the next group of 207 masternodes, and so on for an hour. After an hour we will have knocked the masternode network offline at least for the following 3 hours, some for even longer. The total cost of doing this once-off attack would be 207 x $50 = $10 350. Not cheap, but certainly not out of reach.
The larger problem is that an attacker only slightly more sophisticated or enabled than Joe Scriptkiddie can pull off a sustained attack without spending a cent. SNMP amplification attacks, for instance, are
no longer uncommon. Since SNMP provides a ~650x amplification, it means that a savvy attacker can turn a 1gbps VPS into a 650gbps DDoS device.
Literally the only reason that ludicrous amateur cryptography like this survives is because of the vast technical incompetence of many altcoin proponents. The time will come when someone more proficient sees an opportunity to short a coin or stands to benefit from a downturn, and they will decimate the house-of-cards infrastructure that has been built up.
Oh and your last point is, unfortunately, also not true: if you DDoS all the pools difficulty would not retarget quickly enough for you to have 51% of the hashing power, as the majority of miners have a fallback, sometimes to private pools etc. Also, things like p2pool and solo miners make an attack like this unreliable.
