Status as of Friday, June 30, 2017

Discussion of development releases of Prohashing.
jinxorbit
Posts: 40
Joined: Thu Apr 06, 2017 4:20 pm

Re: Status as of Friday, June 30, 2017

Post by jinxorbit » Sat Jul 01, 2017 7:04 am

I am OK with the a fee increase, also thanks for your persistence in dealing with the attacks.
User avatar
Steve Sokolowski
Posts: 4014
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Re: Status as of Friday, June 30, 2017

Post by Steve Sokolowski » Sat Jul 01, 2017 7:30 am

piet wrote:I would say drop javapipe, what kind of ddos provider doesn`t notice (and migate) a 10gb flood ? why are protocols / ports open that arn`t needed ? Why does it take so long for them to respond ?

What if a ddos is happening while you are asleep ? who is gonna call comcast ?

now that you know it`s "only" 2900, would you still increase the fee with 2% ?
They did notice and mitigate it, but the action they took was incorrect. They blocked all UDP traffic.

But given the circumstances, that was an acceptable guess, since none of our services except the VPN used it. We told them to drop all UDP packets except those coming from the hosting location, and this type of attack is no longer effective.

I don't think that the downtime was their fault, because they didn't have any idea what we needed them to do.
Mrrt
Posts: 28
Joined: Sun Oct 02, 2016 11:50 pm

Re: Status as of Friday, June 30, 2017

Post by Mrrt » Sat Jul 01, 2017 9:05 am

Steve Sokolowski wrote:
Mrrt wrote:I would be less interested in additional DDoS mitigation solutions at this point as I would be in having more information about my network traffic.

DDoS attacks are commonly used as smokescreens to divert attention while real info-gathering/hacks are taking place, so I'd be more interested in seeing what other abnormal traffic may be headed to the servers to either identify or rule out more serious potential security threats.
While this sounds intriguing, if there were other traffic going to the servers, they were unsuccessful in exploiting them. There was so much attack traffic that Chris couldn't even log in, so I doubt attackers would have been able to do any damage considering that Chris couldn't even get characters from an SSH terminal to display.
LOL This is EXACTLY why DDoS's work as smokeskreens, because you'd expect nothing else could possibly be happening.

I spent several years in a previous life as a security consultant hawking NetFlow, sFlow, IPFIX and related technologies.

You would be surprised what can be accomplished with just a few packets, and considering we're flying blind without such network traffic accounting I wouldn't be so cocky.
GregoryGHarding
Posts: 665
Joined: Sun Apr 16, 2017 3:01 pm

Re: Status as of Friday, June 30, 2017

Post by GregoryGHarding » Sat Jul 01, 2017 11:25 am

OR.. it could just have been a DDoS to try and run prohashing out of business as a competitor... the simplest explanation is most likely the correct one
User avatar
Steve Sokolowski
Posts: 4014
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Re: Status as of Friday, June 30, 2017

Post by Steve Sokolowski » Sat Jul 01, 2017 1:39 pm

GregoryGHarding wrote:OR.. it could just have been a DDoS to try and run prohashing out of business as a competitor... the simplest explanation is most likely the correct one
An even simpler explanation is that some Russian hacker decided to spend money to buy 21Gbps of attack traffic to cause trouble.

If this is a competitor, that would be a big mistake. If the police discover who is responsible, then they will face time in prison for the attacks, and they are almost certain to lose their life savings when we sue to recover the half million dollars in customer opportunity costs that were lost. They better hope their opsec was perfect or they'll be poor for the rest of their lives.

That's why I think that a pool isn't responsible - they would be better off attacking a competitor who refuses to reveal their identities. One of the advantages of being honest and paying our taxes is that we can take real action against criminals like them and take their money as compensation. The anonymous pools have no recourse.
User avatar
Eyedol-X
Posts: 105
Joined: Sun Nov 06, 2016 1:45 pm

Re: Status as of Friday, June 30, 2017

Post by Eyedol-X » Sat Jul 01, 2017 9:02 pm

I say for now follow KISS (keep it simple stupid) and stick with Javapipe.

This entire Ddos attack could be some rager pool that is trying to steal hashrate from you or some altcoin that has a user that doesn't like the difficulty spike when PH connects miners to the network.

That being said, this could go away in time once they "start getting headaches and lose interest" so to speak.

I do think you have the right-headed approach towards having comcast as a backup. Does this service require an upfront agreement with monthly fees or is it $1095 a-la-carte?
GregoryGHarding
Posts: 665
Joined: Sun Apr 16, 2017 3:01 pm

Re: Status as of Friday, June 30, 2017

Post by GregoryGHarding » Sat Jul 01, 2017 10:22 pm

Eyedol-X wrote:I say for now follow KISS (keep it simple stupid) and stick with Javapipe.

This entire Ddos attack could be some rager pool that is trying to steal hashrate from you or some altcoin that has a user that doesn't like the difficulty spike when PH connects miners to the network.

That being said, this could go away in time once they "start getting headaches and lose interest" so to speak.

I do think you have the right-headed approach towards having comcast as a backup. Does this service require an upfront agreement with monthly fees or is it $1095 a-la-carte?
Take a read through the last page or so. Steve has corrected misinterpretation of pricing structure of Comcast. But I still think javapipe is the best to stick with until we outgrow or they can no longer mitigate
User avatar
FRISKIE
Posts: 121
Joined: Sun Apr 16, 2017 12:51 pm

Re: Status as of Friday, June 30, 2017

Post by FRISKIE » Sun Jul 02, 2017 3:40 am

some altcoin that has a user that doesn't like the difficulty spike when PH connects miners to the network
I've thought this myself, more likely "users" though, a group, site or something that has been making money off altcoins and feels PH pushes up the diff
Post Reply