Topic: Wonder who this solominer is? 88.6.216.9 - page 7. (Read 60490 times)

Do you think the botnet operator will be sending the blocks from his home connection or some valuable C&C server he has? I'm not so sure about that. He's probably realying them through one of the bots he controls. Isn't it even possible the bots inject the blocks themselves?

Read more carefully:




I agree that it's a longshot for the ISP to pass a message to their customer, but if Mystery keeps using new relays we may eventually get one that will work with us.

Of course, the end result is we just get a long list of IPs.  Tracking those down and notifying them is an uphill battle, and not worth my time, but if other people are up to it I'm happy to help get them a hit list.

The corollary here is that if the price drops substantially then the system is likely to be fucked. Or alternatively, just halve the block reward a couple times. That will do the trick too. Or any combination of these two. Will be interesting to see what the new year brings us!

Absolutely right, I had Homer Simpson moment while writing that 

Botnets are designed to be self healing. Say the ISP does take the node offline or even less likely decided to call the owner and ask them to look at an anonymous forum.  Say that node is patched airtight.

When the botnet loses its gateway it simply elvates another node of (as some have estimated 1.8 mlllion) its nodes.  If that one goes down it elevates another one.  If Botnets were easy to defeat they wouldn't exist.  People talk about the cost this botnet is causing (<$1M in miner revenue and slightly longer tx times).... that is nothing.

Botnets cause BILLIONS of dollars a year in lost productivity.  Billions as in >1000x any potential damage being caused to Bitcoin.  It is in the entire global community interest to eradicate them yet they still exist.

Simply requiring 2+ tx per block is beyond useless.  Mystery could circumvent that in a day or less (or at least I could).

Agreed on all points.

Logging IPs may not help (they may be on TOR, or communicating through their C&C network to only submit hashes from a few IPs), but if we want to try I don't think Luke's patch is the way to go.  We don't need the whole network logging everything.  We just need to get that one node to log, and there's no need to turn on global logging to accomplish this.  Coercing him by deploying a patch and hoping he applies it is a precedent that I don't think should be set in this case.

I'd say the best way to go about it is get in contact with the relay node's ISP and inform them of the situation - and be clear that this particular person isn't the network C&C, please don't take them offline.  Just have them give the owner of that machine a call and ask them to join this thread.

Preventing is undoable and probably not even desirable. unethically-sourced is pretty vague, and its a thin line between a bot net, a borrowed, or rented PC.

However I wonder if there is a way we could help identify the victims of a bitcoin botnet somehow.  It may not be "bitcoin's job", but I also see no reason why we would not want to help law enforcement and AV companies to identify and take down these botnets. It would be good for bitcoin, and for the victims of these botnets.

I know luke published a patch that logs the IP of the relaying node, so that could be used to home in on the proxy being used to relay these blocks. Thats not a bad idea, but will probably not do a whole lot, as he switches proxies every few weeks. And its just a relaying proxy anyway, and most likely not the C&C node. Perhaps someone can think of a way to take it a step further to positively identify the IP of the machine that actually mined the bloc by somehow including it in the blockchain? Or of the machine that created the getworks ?

Just thinking out loud here.

This has been discussed ad nausaeum prior in this thread. The short answer is, if we require more than 1 tx, what is to stop the miner from sending coins to himself, which creates enough tx to make the block valid? The answer is nothing will stop such blocks. Read a few earlier posts for detailed discussion of your exact proposal.

put your money where your mouth is, man

Aside from the ethical problems with attacking someone who is probably not working for Mystery and is just a properly-operating relay node, it's not helpful in the long run.  Mystery can just start sending blocks through multiple relays.

I'm trying to ensure that miners have to actually perform the work they are paid to do - verify transactions, rather than slow down the whole network as Mystery is doing.  It's a solvable problem.

Preventing miners from using unethically-sourced compute power is a different problem.  I'm sure plenty of people will have a problem with it, but I don't see any way to solve it.  If you know a way to distinguish botnets (once they are properly supporting the blockchain) from ethical miners, let us know.

I say there is nothing wrong with this guy.

Nothing wrong with the code, nothing wrong with the protocol, nothing wrong with anything.

Move on folks, the system is perfect ...

You know how they say, if it ain't broke then don't fix it !

I think the true solution is:

RALLY THE PRICE UP,
BRINGING IN MORE MINERS,
OR WE ARE DEAD.

your welcome


sounds like ostracism or vigilantism to me.

that would force people to register their ip with some central authority.

not a good idea.

True, my memory isn't the best at times. It should however be possible to require that all blocks include more than one transaction as per one of the BIP proposals however then we are starting to move into the kind of regulation territory that I believe could quickly become detrimental to the project as a whole (and if this isn't workable with the current code feel free to spank me, I might even enjoy it  ), so this needs handling with extreme care.

However I think that most peeps involved in this project as either miners, traders, users or whatever can more or less agree that the playing field has to be level for everyone and that sudden gaps in network service caused by incidents similar to what Eleuthria outlined a few posts back aren't acceptable unless they are caused by network luck, which this one clearly wasn't.

Stuff like this is also one of the huge barriers barring bitcoins wider adoption as people should be able to have fairly accurate ideas on when their BTC are where they're supposed to be. Atm I believe that the rule of thumb for transactions reaching 6 confirmations is 45-90min with rare spikes of up to about two hours, clearly that wouldn't have been the case last night which is imo fairly massive theoretical failcake for the project.

One of the corner stones in this whole project is it not relying on any kind of central authority apart from "the code". However in order for people to take this as a serious alternative to bank/payment-processor transactions there has to be an extremely consistent "level of service" for lack of a better term. Seeing as one of the worst possible situations with any kind of money/value is not knowing where it is or when it is supposed to arrive.

So, you are saying that if participating botnets modify their operation to never present a threat, but only to leech a significant amount of bitcoin for almost no expense, that developers will never consider this a problem?

Hmmmm.

thanks for this fud stopper


what about ddosing (unknown) IPs outputting 1TX blocks? I realize the IP changed before.

where is bitcoinEXpress with his LOICs ?

https://bitcointalk.org/index.php?topic=69423.0;all

tl;dr: There are two current proposals: 1) change the protocol to require that miners prove they have a copy of the blockchain; 2) change the relay policy to require that miners include a minimum quota of transactions.  #1 would probably solve the immediate problem and boot Mystery from the network.  #2 is a broader approach which prevents Mystery from just getting a copy of the blockchain and then still not including any transactions.  The major objection to #2 is it limits the miners' ability to reject transactions they deem unworthy, eg, insufficient fees paid.

Since the network does not appear to be in immediate danger we're still considering solutions.

What's the norm? It is generally suggested to accept transaction at 6 confirmations. It is also generally known a secure tx can easily take longer than 1 hour.


This has been discussed: It can not be done in a safe way, afaik. The problem is identifying such "illegitimate" blocks. There are legitimate 1-tx-blocks (eligius is mining them every day, as luke says). The grey data-series in my chart above reflects possibly legitimate 1-tx-blocks.