Information on attacks
-
Please let me know any amendments or additions you want made to this article.
[b]Introduction[/b]
It can be seen in the block chain that someone has been using their hash power to generate their own blocks which orphan genuine blocks. This is normally achieved by what is called a 51% attack and is something that all Bitcoin based coins have exposure to. It is an issue in any decentralised peer-to-peer network where voting occurs.
[b]What is a 51% attack?[/b]
Feathercoin is a decentralised network that listens to the majority, which at its smallest amount is 51% of the network. In regards to block generation it is 51% of the hashing power that dictates which blocks are valid and which blocks are not.
A typical 51% attack tries to reverse transactions. To do this someone generates their own blockchain separate from the network, then they spend their coins on the genuine network but not on their own. After the coins have been spent they use their 51% hash power to get the network to accept their own blockchain where the coins have not been spent. The effect is that the transaction where they spent their coins, disappears from the network entirely.
[b]What damage has been done?[/b]
So far we have not found any evidence of damage. The biggest targets would be the exchanges and there have been no reports of any problems there.
[b]How to protect against this?[/b]
Require more confirmations before providing goods or services for payment. Attacks generally do not last very long as they require a lot of hash power so are not prolonged attacks. They may be able to reverse several blocks but there will be limits. All exchange with any volume have updated their confirm count to at least ten.
In short there is no need to worry about these attacks. Precautions have been taken and people are safe to mine and trade Feathercoin on the exchanges as normal.
-
Very well said, much better than I could put it together.
-
sweet i now understood 51% attack much better!
thanks for the explanation -
Nice this sound good. I’m happy to see no real damage seems to have been done. :) :) :)
For the records I send a message to Bushstar with preliminary info and he tell me to put it public on the forum, more person can then look at it. So it was!
I had to make those public after I found them. I can’t find if damage or not has occur by looking at block chain. so i say: can be real damage or not.just a small addition to Bushstar description:
[quote]A typical 51% attack tries to reverse transactions. To do this someone generates their own blockchain separate from the network, then they spend their coins on the genuine network but not on their own. After the coins have been spent they use their 51% hash power to get the network to accept their own blockchain where the coins have not been spent. The effect is that the transaction where they spent their coins, disappears from the network entirely.[/quote]
if the transaction where he spend the coins had been accepted with low confirmation number by party A for an immediate irreversible good. the result would be send by A and go to the attacker but the transaction form the attacker would disappear from the blockchain and A will not get the coins. so high number of confirm is a must.One pretty technical questions: if I add an orphan block now at 33001 orphan block do it will be accepted as orphan in the orphan chain or is the “11 block means time” use to accept block would prevent this?
-
Great explanation!
-
A typical successful 51% attack allows the attackers to spend money twice. Having superior hash power, they can generate blocks faster than the rest of the network. They can fork the block chain, spend money on either branch with the necessary number of confirmations required, then abandon it by switching to the other branch where the money were not spent and continue it to make the primary block chain eventually. Confirmed transactions on the abandoned (orphaned) branch will be void; unconfirmed transactions are likely to be submitted by the clients again. Such activity requires much more hash power than 51% though. The attackers often try to DDoS largest pools to decrease network hash rate. If they’re down, the assault becomes easier.
-
Just out of curiosity, is there a possibility people are doing this with botnets? Because that would suck…
-
[quote name=“ghostlander” post=“6830” timestamp=“1369604807”]
A typical successful 51% attack allows the attackers to spend money twice. Having superior hash power, they can generate blocks faster than the rest of the network. They can fork the block chain, spend money on either branch with the necessary number of confirmations required, then abandon it by switching to the other branch where the money were not spent and continue it to make the primary block chain eventually. Confirmed transactions on the abandoned (orphaned) branch will be void; unconfirmed transactions are likely to be submitted by the clients again. Such activity requires much more hash power than 51% though. The attackers often try to DDoS largest pools to decrease network hash rate. If they’re down, the assault becomes easier.
[/quote]So people should set up their client for either another pool or solo mining as backup, can be easily done with --failover-only in cgminer, to keep the hashrate up during an 51%/ddos attack
-
[quote name=“svennand” post=“6832” timestamp=“1369605037”]
[quote author=ghostlander link=topic=853.msg6830#msg6830 date=1369604807]
A typical successful 51% attack allows the attackers to spend money twice. Having superior hash power, they can generate blocks faster than the rest of the network. They can fork the block chain, spend money on either branch with the necessary number of confirmations required, then abandon it by switching to the other branch where the money were not spent and continue it to make the primary block chain eventually. Confirmed transactions on the abandoned (orphaned) branch will be void; unconfirmed transactions are likely to be submitted by the clients again. Such activity requires much more hash power than 51% though. The attackers often try to DDoS largest pools to decrease network hash rate. If they’re down, the assault becomes easier.
[/quote]So people should set up their client for either another pool or solo mining as backup, can be easily done with --failover-only in cgminer, to keep the hashrate up during an 51%/ddos attack
[/quote]I get about 15k/h mining LTC. Is it even worth me solomining? I couldn’t seem to connect to any of the pools kept coming back with json error. Though as I said I mine LTC using Ozpool just fine.
C
-
Scrypt botnets are CPU only. Consider about 30KH/s for a 3GHz quad core i7 with HT enabled. A 3GHz Core 2 Duo or Athlon X2 won’t hit even 10KH/s while an old mainstream HD5750 is capable of >150KH/s. Fat chance for botnets.
15KH/s? It’s not worth to mine solo with 150KH/s or even with 1.5MH/s unless difficulty descreases significantly.
-
[quote]Scrypt botnets are CPU only. Consider about 30KH/s for a 3GHz quad core i7 with HT enabled. A 3GHz Core 2 Duo or Athlon X2 won’t hit even 10KH/s while an old mainstream HD5750 is capable of >150KH/s. Fat chance for botnets.
15KH/s? It’s not worth to mine solo with 150KH/s or even with 1.5MH/s unless difficulty descreases significantly.[/quote]
Well that is good to know:)
-
[quote name=“ghostlander” post=“6840” timestamp=“1369607721”]
Scrypt botnets are CPU only. Consider about 30KH/s for a 3GHz quad core i7 with HT enabled. A 3GHz Core 2 Duo or Athlon X2 won’t hit even 10KH/s while an old mainstream HD5750 is capable of >150KH/s. Fat chance for botnets.15KH/s? It’s not worth to mine solo with 150KH/s or even with 1.5MH/s unless difficulty descreases significantly.
[/quote]1: GPU botnets by injecting mining code into a fake upgrade for a game.
2: Data centers and botnets with 10s of thousands per fleet.Still most likely is people who believe in ZTC, Zee Troo Coeen! putting together a rogue pool.
There is a simple way to handle this. Set up the marketplace in forum so we ignore the prices on the exchanges. Those prices are pure fantasy and we should only use them to acquire cheap coins from unbelievers.
-
Most people with Radeons don’t even bother to install OpenCL. BTW, scrypt miner needs to be configured manually in order to run fast.
[quote]There is a simple way to handle this. Set up the marketplace in forum so we ignore the prices on the exchanges. Those prices are pure fantasy and we should only use them to acquire cheap coins from unbelievers.[/quote]
A good idea.
-
[quote name=“ghostlander” post=“7082” timestamp=“1369653620”]
Most people with Radeons don’t even bother to install OpenCL. BTW, scrypt miner needs to be configured manually in order to run fast.
[/quote]The upgrade would do the install.
-
Very clear and transparant :)
-
Very informative.
-
is there something happening with attack? i am seeing trouble connecting to two different pools and the total hash# is down and the FTC hash# on coinotron is down alot
-
ftc.d2.cc pool is working just fine, I also have trouble reaching http://www.coinotron.com/ so it seems coinotron might have some troubles…
-
people talking about attacks…is it true or bogus?
-
Something odd is going on right now, most pools are down and my deposit to btc-e hasn’t been credited at 16 confirms. I am dedicating hashrate right now to help counteract the attack that is likely happening right now I hope others do as well.
