The following content was written by 2tights on January 07, 2014, 06:43:11 PM in the thread Static IP and network defense. All content is owned by the author of the bitcointalk.org post. (original)
I know the main concern for attack is a DDOS attack. I have a static IPV4 address for my home network. I’m concerned that if my IP ends up on a malicious user’s, or bitcoin hater’s, shit-list that I may become a target. I am confident in securing my network, but I’d like to hear what network appliances people are using to protect their mining operations.
The following content was written by Kenshin on January 07, 2014, 06:49:04 PM in the thread Static IP and network defense. All content is owned by the author of the bitcointalk.org post. (original)
If you have a good firewall then it should drop the DDOS.
The following content was written by cp1 on January 07, 2014, 06:49:14 PM in the thread Static IP and network defense. All content is owned by the author of the bitcointalk.org post. (original)
My new router has a checkbox that says “Enable DDOS protection”. No idea if it works well. I’m sure Cisco could sell you something, but I don’t think you’d like the prices. There’s got to be something you can install in a linux box.
The following content was written by Hax8 on January 09, 2014, 08:59:14 PM in the thread Static IP and network defense. All content is owned by the author of the bitcointalk.org post. (original)
It is really difficult to counter a DDoS. Protection built in to the router/firewall just drops the rogue packets without replying but there is no way the router can stop all that traffic from still traversing the pipe and hitting your router/firewall.
You can either:
– Have more bandwidth than the attackers which will still allow your legitimate traffic. With amplification attacks, this is very costly!
– Have your ISP block the traffic further upstream leaving your pipe free.
– Use one of the companies that provide this service which normally means you use them as a proxy hiding your true IP.
– Setup your own proxies in hosted datacentre’s and hide behind those.
That is all I can think of at the moment.
If the mining setup is in your home/office, I would just pull in another internet pipe. Preferably with a different ISP and switch to that when required. Or just use a dedicated line for the miners minimising exposure of your IP to third parties.
The following content was written by cp1 on January 09, 2014, 09:03:17 PM in the thread Static IP and network defense. All content is owned by the author of the bitcointalk.org post. (original)
You could always tell your ISP you’re being attacked and maybe get a new IP assigned? Or go through a VPN for $10 a month for all your traffic.