In my opinion this sort of test could also be a big "marketing" aspect, if the masternode network (the masternode owners) would accept and fund this sort of test, and if the masternode network would resist the ddos attacks of a medium botnet.
Which Masternode model should we implement?
- Thread starter eduffield
- Start date
In my opinion this sort of test could also be a big "marketing" aspect, if the masternode network (the masternode owners) would accept and fund this sort of test, and if the masternode network would resist the ddos attacks of a medium botnet.
moli
Well-known member
Darksend is an "ahead-of-time" tool for anonymous money, it would be a terrible irony if it can't be protected by an "ahead-of-time" thinking/planning to prevent MN go down by a DDOS, which will take down the wonderful aheadoftime DS also. Right now DRK isn't well-known yet so it's not a worry but DDOSing the MNs to hell is not a problem for some hackers, i'm sure.
You probably already know hackers can bring down networks of a whole country like Estonia and North Korea.
JGCMiner
Active member
Yeah, but how far ahead of time do you protect against before you are just wasting time. Evan seems to think that 2000+ nodes is fairly DDOS resistant and we have never seen a large number of MNs down due to this attack. That is enough for me until I see evidence to the contrary.
There are a lot of very rich incumbents in the current financial system that would not mind if BTC disappeared, but recently we haven't seen a major attack against their nodes.
Looking ahead of time is fine so long as you are looking at something that matters.
moli
Well-known member
Probably they don't think Bitcoin is a threat? I don't know. But if Darkcoin is perceived as a threat by many, that would be a different story.
Make the coin as hard as possible against any sort of attack. Ddos attack is the most common, therefore it should be tested instead of assuming that ddos is not a threat. Prepare yourself when you can.
moli
Well-known member
Agreed totally! Do you own a botnet? Want to try? :grin:
No, i do not. But darkstrike420 has outed himself as a botnet and tor hobbyist.
moli
Well-known member
You mean darkstrike420 ? I wonder if he's responsible for some of the DDoSes on Freenode and Efnet ... :grin: jk
Sometimes it's just fun to see a network being ddosed and then go back up again lol
JGCMiner
Active member
Everything has tradeoffs.
I am fine with option 2 to make DDOS more difficult if the negative effects are minimal, but if option 2 costs us enough in terms of MN response time which in turn harpoons IX... then what was the point.
moli
Well-known member
Right now it's obvious that option 1 is the only option.
Option 1 or 2... i don't know, i am no expert in networking, but i think in general, that the masternode network needs to withstand some hacker attacks minimum in testnet. If there are not enough masternodes in testnet, then there could be a planned ddos attack against half of the masternode network to see what will happen.
JGCMiner
Active member
Don't misunderstand my point. I have no problem with testing. Actually, that was the point of my first post. Someone (preferably someone who is worried about this attack) should try to DDOS the MNs. If it works then we need to come up with a solution and if it doesn't then this should be considered a fringe attack vector at best.
Again, I took exception with opponents of option 1 making a yet-to-be-proven, mythical DDOS against against the all MNs save the ones they own the reason why option 1 is not acceptable.
By all means, test away...:smile:
Icebucket
Active member
Dont know if this point has been raised but there are VPS service providers that allow you to be anonymous, pay in BTC or convince the provider to accept DRK. like I did, the only info they need is a Email, and you can use https://protonmail.ch/ to be safer.
LOL, all this worry about DDOSing 2000+ Masternodes when 90% of the hash gets funnelled through 3 pool servers?
An attacker is not going to waste time disrupting DS and IX services when they can render the entire currency unusable and rewrite the blockchain at will with 3 orders of magnitude less effort.
Blockchain security should be shifted to Masternodes, using the same n-of-m approach that makes DS and IX so secure. And then, when IP obfuscation/i2p/whatever is implemented, you have a practically unbreakable system with no weak links.
An attacker is not going to waste time disrupting DS and IX services when they can render the entire currency unusable and rewrite the blockchain at will with 3 orders of magnitude less effort.
Blockchain security should be shifted to Masternodes, using the same n-of-m approach that makes DS and IX so secure. And then, when IP obfuscation/i2p/whatever is implemented, you have a practically unbreakable system with no weak links.
Last edited by a moderator:
GermanRed+
Active member
We don't need to fund the attack. The MN operators just need to piss off the "Anonymous" group.
GermanRed+
Active member
Just a question for you guys: We have been emphasizing the one IP per node but we see only 1977 unique IPs for 2237 active MNs. So, how can we say that it is one IP per node? And, we can see that each MN is paid after roughly every 2237 blocks. So, someone is running multiple nodes on one IP.
EDIT: My guess is that these nodes are using NAT and the private IPs are in virtual instance of OS with private network stack. Then, the firewall distribute the incoming traffics to these virtual instance of OS. So, the one IP per node is not a real requirement. It just takes a little more effort to get around it. That brings back to my original suggestion: pay MN according to the number of darksend transactions served.
EDIT: My guess is that these nodes are using NAT and the private IPs are in virtual instance of OS with private network stack. Then, the firewall distribute the incoming traffics to these virtual instance of OS. So, the one IP per node is not a real requirement. It just takes a little more effort to get around it. That brings back to my original suggestion: pay MN according to the number of darksend transactions served.
Last edited by a moderator:
GermanRed+
Active member
Are there some MNs going through Tor out-proxy right now? Or, do we have to run darkcoin as hidden service?
darkstrike420
Active member
I don't own a botnet. If you want to test how strong Darkcoin is against DDOS, you first should get acceptance of ddos of masternode owners(so its legal to stress test their network) then throw together couple thousand for 1 Gbit/s servers and get DNS amplification code off the internet. Then just input the IP addresses.
FYI: I am not criminal. Why would you assume I run botnets?
Hidden service is way better.
darkstrike420
Active member
Correct. With enough power you would be able to down ALL other or the majority of masternodes thus all mixing would go through your nodes and you would know everything.
Thanks for mentioning this. Another reason to not have clearnet IP.
darkstrike420
Active member
Anti-DRK? LOL. I invested cash to be rich. If I was anti-drk I wouldn't recommend ideas that increase the strength of the whole network against DDOS attacks and potentially give a rocket to the value of Darkcoin for a good ride to the moon.
I am just being realistic. Its time to open up your eyes bro. DRK will never replace BTC in the world, it will however replace BTC when it comes to crime. That is the DRK future.
Government will kill every one of us before they allow anonymous money to be used in shops and everything.
Anti-DRK.. lol. I think you are anti-drk for not wanting it to reach its full potential.
Last edited by a moderator: