Hacker News new | past | comments | ask | show | jobs | submit login
UDP flood DDoS attacks against XT nodes
34 points by Andrew_Quentin on Aug 29, 2015 | hide | past | favorite | 8 comments
It would seem that the conflict has taken a nasty turn, and some of the more extreme Core supporters have started just straight out DDoS attacking XT nodes. Not the silly bloom filter CPU exhaustion thing, but actual UDP flood attacks. Looking at a recent drop-off at XTNodes.com[1] , it seems that this has started during the last 24 hours, and one of my nodes was hit three times in that period, on a dedicated IP that only runs a Bitcoin node and nothing else. (Not that they accomplished anything outside of saturating it for ten minutes or so.)

Is this really how some people think they are going to "resolve" the situation? If this continues, I can easily see people starting to declare open season on non-XT nodes, and then we have a war going that no one wants.

> and then we have a war going that no one wants...

The "war" was already started, now is just escalating...

This is really sad... Not good for bitcoin at all. If someone wanted to destroy bitcoin this is exactly what he would've done.

Divide et Impera

Wait a minute, this explains what happened to my VPS hosted at DigitalOcean. I have been running a XT node on it ever since Day 1 and today I got this email from DigitalOcean:

  Hi there,
  Our system has automatically detected an inbound DDoS against your droplet named core with the following IP Address: <IP>
  As a precautionary measure, we have temporarily disabled network traffic to your droplet to protect our network and other customers. Once the attack subsides, networking will be automatically reestablished to your droplet. The networking restriction is in place for three hours and then removed.
  Please note that we take this measure only as a last resort when other filtering, routing, and network configuration changes have not been effective in routing around the DDoS attack.

I responded asking for more specific information, and they said:

  Hi there, 
  It looks like it was 2.1gbps DoS attack at about 200k PPS which would really make me think this was a straight-up SYN flood. 
  I don't really have more detailed information than that, sadly. 
  It looks like the blackhole will expire 3 hours after it was 
  put in place. 
  If you'd like a different IP, the simplest way would be to power off the droplet, take a snapshot, and bring the snapshot back up as a new droplet. After that's done, you can destroy the old droplet and you should be good to go from there.
Now it all makes sense.

> and then we have a war going that no one wants

maybe some security improvements can be had from such a war?

So the part where everyone else has already been DDOS'd for the last two or three months; the part where many people are being personally and viciously attacked, and the part where it's actually quite possible that someone who has nothing to do with "Core" or even Bitcoin at all is behind these attacks, I suppose technically feeds into this line of reasoning.

Maybe we shouldn't so easily ascribe it to "Core supporters". It could be anyone trolling or pursuing a more complex agenda.

Sorry, the text should have been in quotes. As r/bitcoin remains censored I thought perhaps you hackers would like to learn of the twist and turn that some people have chosen to take in regards to bitcoin.

I think XT is great because is fundamentally allows something that was sorely needed - a way for the miners to votes.

There is no sense in trying to convince anyone to act as you want in currencies. You have to incentivize them. And if there are attacks they need to be looked at as a problem to solve.

A lot of people hundreds of years ago probably yelled 'hey don't shave the edges off gold and silver coins!!!'. The solution however, was to build ridges into the edges of coins so that shaving them off would work in practicality.

This is a battle of code and incentives, never forget that.

You asked for a currency without central controlling authority. You have a currency without central controlling authority.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact