Last updated on January 2nd, 2018 at 12:00 am
Bitmain understands what a massive distributed denial of service attack or DDoS can do to stop the operations of bitcoin mining pool.
Each time a bitcoin mining pool goes down due to a DDoS attack it costs the pool operator and the miners connected to the pool with actual, real, financial losses.
Bitmain has been working on a solution to mitigating DDoS attacks on AntPool and AntMiners. Rather than attempting to fight fire with fire, the more effective way to minimize the effects of a DDoS attack are to evade the attack, rather than to fight back.
The newest release of AntMiner firmware is designed to work with AntPool servers to detect and evade the effects of a DDoS attack. When a DDoS attack is detected, the new firmware will automatically point the miner to a nonpublic IP address that acts as a gateway to AntPool, allowing users to continue mining even if the main servers are under attack.
AntPool maintains numerous distributed proxy nodes, and changes IP address at regular intervals, rather than binding to a URL. The best measure one can take to protect against a DDoS attack is to not reveal IP addresses. If AntPool is under attack, an AntMiner machine with the new firmware installed will be able to detect the attack within 20 seconds and switch to a representative IP address, avoiding lost connections and financial damages.
In order to expose these hidden representative IP addresses, an attacker would have to own a physical AntMiner machine. This gives us the chance to target and discover the attacker’s real location and IP address, because which representative IP the miner connects to is dependent on the user’s physical location. We can continually change IP addresses for that region to narrow down the attacker’s real location, and eventually discover the miner’s MAC address and other unique identifying information.
An advantage to the aforementioned regional IP switching, is that only users located in the same region as the attacker will experience the effects of the attack, and even then only temporarily. Users mining in the affected region will have their machines then pointed to a new subset of representative IPs, further narrowing down the attacker’s location, until we can finally uncover the unique MAC address of the attacker’s miner, effectively identifying him.
It is important to note that this antiDDoS firmware is an independent update, and has nothing to do with cgminer or the device driver. Due to the sensitive security nature of this software, the source code will not be open, in order to prevent attackers from discovering the exact logic used. Additionally, because this update requires the miner to communicate with its pool, for the time being this antiDDoS update will only work on AntPool.
This firmware update has already been published in versions compatible with the S4 and S5 models of AntMiner.