elective-stereophonic
elective-stereophonic
is the chain healthy?
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Pages: 1 ... 13 14 [15] 16 17 ... 24  All

Author Topic: is the chain healthy?  (Read 69497 times)

devphp

  • Hero Member
  • *****
  • Karma: +87/-14
  • Offline Offline
  • Posts: 1229
    • View Profile
Re: is the chain healthy?
« Reply #280 on: June 19, 2014, 12:58:19 pm »

Would anyone be able to check my node: 54.186.204.166
I restarted it but when I try the getPeer API call from my computer, it acts like the node is not online.  It is on an Amazon EC2 server.

Thanks!

# telnet 54.186.204.166 7874

Trying 54.186.204.166...
Connected to 54.186.204.166.
Escape character is '^]'.
quit
HTTP/1.1 400 No URI
Content-Length: 0
Connection: close
Server: Jetty(9.1.5.v20140505)


it's online, but may need a restart.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: is the chain healthy?
« Reply #281 on: June 19, 2014, 12:58:21 pm »

well done guys

Despite two or three guys, we did nothing.

You did nothing except post gifs which is all you tend to do anyway.

That's what I'm talking about.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

allwelder

  • Hero Member
  • *****
  • Karma: +196/-13
  • Offline Offline
  • Posts: 1867
  • NxtChina.org
    • View Profile
    • NxtChina.org
Re: is the chain healthy?
« Reply #282 on: June 19, 2014, 12:59:36 pm »

it's just ddos attack or unconfirmed tx bug ? who can help sum up this abnormal for precaution.
Logged
NxtChina |Weibo |Twitter Donation welcomed:NXT-APL9-66GU-K8LY-B3JJJ

jefdiesel

  • Hero Member
  • *****
  • Karma: +88/-77
  • Offline Offline
  • Posts: 1275
    • View Profile
Re: is the chain healthy?
« Reply #283 on: June 19, 2014, 01:00:24 pm »

well done guys

Despite two or three guys, we did nothing.

You did nothing except post gifs which is all you tend to do anyway.

That's what I'm talking about.

the gifs defeated GLEFU

also. masonic plot  http://glef.eu/
Logged
Member of D.O.R.C.S., creators of Lyth - An Emergent Trading Game | Asset ID: 2318361924203311027

Klokan

  • Sr. Member
  • ****
  • Karma: +28/-5
  • Offline Offline
  • Posts: 288
    • View Profile
Re: is the chain healthy?
« Reply #284 on: June 19, 2014, 01:01:23 pm »

You could add to your iptables (protects the nxt ports against some ddos attacks) something like this, if you dont know how here is a tutorial. Be careful not to block yourself out via ssh.
https://translate.google.de/translate?hl=de&sl=de&tl=en&u=http%3A%2F%2Fwebmanufaktur.org%2F2011%2F11%2F02%2Feinfache-iptables-firewall-debian%2F

Code: [Select]
*filter
#
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
#
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Allows all outbound traffic
-A OUTPUT -j ACCEPT
#
-A INPUT -p tcp -m tcp --dport 7874  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 7874 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 7874 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7874 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7874 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 7874 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 7875  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 7875 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 7875 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7875 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7875 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 7875 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 7876  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 7876 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 7876 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7876 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7876 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 7876 -j ACCEPT

-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# Allows SSH connections (changed port according to sshd_config file)
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
#
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#
# log iptables denied calls (access via "dmesg" command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
#
# Reject all other inbound - default deny unless explicitly allowed policy:
-A INPUT -j REJECT
-A FORWARD -j REJECT
#
COMMIT

Are you sure that 2 connections per IP and 8 connections per C-class is sufficient? I can imagine a situation with bigger company (hundreds of workers) connected with Internet thru one real IP, or ISP (xDSL, for example) with dynamically allocated C-class for thousand of customers. And if all of them will want to work with their NXT/public NRS nodes (if not now, then certainly in the near future ;) ) ... So maybe I would suggest a small increasing of these values, but I'm unable to infer exact, how it possibly weaken (or not) DDoS prevention.

Even if today's "GLEFU case" may not be a classic DDoS, I believe that increasing the number of (hallmarking) nodes is a good idea in each case. I've four full hallmarked NRS nodes on core network, preparing currently several others. I think that the payment (NXT funds/rewards...) for operators of nodes is very reasonable. There is a very good idea with NSC payments, hopefully everything will be work with it and there will be still enough of buy orders in AE...
Logged

eimon

  • Sr. Member
  • ****
  • Karma: +20/-4
  • Offline Offline
  • Posts: 290
    • View Profile
Re: is the chain healthy?
« Reply #285 on: June 19, 2014, 01:03:02 pm »

I guess panic sellers already regret selling at 10k sat..
Logged

crimi

  • Hero Member
  • *****
  • Karma: +122/-11
  • Offline Offline
  • Posts: 863
    • View Profile
Re: is the chain healthy?
« Reply #286 on: June 19, 2014, 01:03:55 pm »

You could add to your iptables (protects the nxt ports against some ddos attacks) something like this, if you dont know how here is a tutorial. Be careful not to block yourself out via ssh.
https://translate.google.de/translate?hl=de&sl=de&tl=en&u=http%3A%2F%2Fwebmanufaktur.org%2F2011%2F11%2F02%2Feinfache-iptables-firewall-debian%2F

Code: [Select]
*filter
#
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
#
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Allows all outbound traffic
-A OUTPUT -j ACCEPT
#
-A INPUT -p tcp -m tcp --dport 7874  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 7874 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 7874 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7874 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7874 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 7874 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 7875  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 7875 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 7875 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7875 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7875 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 7875 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 7876  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 7876 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 7876 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7876 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 7876 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 7876 -j ACCEPT

-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# Allows SSH connections (changed port according to sshd_config file)
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
#
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#
# log iptables denied calls (access via "dmesg" command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
#
# Reject all other inbound - default deny unless explicitly allowed policy:
-A INPUT -j REJECT
-A FORWARD -j REJECT
#
COMMIT

Are you sure that 2 connections per IP and 8 connections per C-class is sufficient? I can imagine a situation with bigger company (hundreds of workers) connected with Internet thru one real IP, or ISP (xDSL, for example) with dynamically allocated C-class for thousand of customers. And if all of them will want to work with their NXT/public NRS nodes (if not now, then certainly in the near future ;) ) ... So maybe I would suggest a small increasing of these values, but I'm unable to infer exact, how it possibly weaken (or not) DDoS prevention.

Even if today's "GLEFU case" may not be a classic DDoS, I believe that increasing the number of (hallmarking) nodes is a good idea in each case. I've four full hallmarked NRS nodes on core network, preparing currently several others. I think that the payment (NXT funds/rewards...) for operators of nodes is very reasonable. There is a very good idea with NSC payments, hopefully everything will be work with it and there will be still enough of buy orders in AE...

There is no real ddos solution just temporary fixes that might help. Ask Ghash xD
Logged

devphp

  • Hero Member
  • *****
  • Karma: +87/-14
  • Offline Offline
  • Posts: 1229
    • View Profile
Re: is the chain healthy?
« Reply #287 on: June 19, 2014, 01:04:43 pm »

There is a very good idea with NSC payments, hopefully everything will be work with it and there will be still enough of buy orders in AE...

+1

If you can't run a hallmarked node, at least set up some buy orders for NSC asset, other people will run nodes and get their small reward.
Logged

jefdiesel

  • Hero Member
  • *****
  • Karma: +88/-77
  • Offline Offline
  • Posts: 1275
    • View Profile
Re: is the chain healthy?
« Reply #288 on: June 19, 2014, 01:07:31 pm »

whats the NSC asset info?
Logged
Member of D.O.R.C.S., creators of Lyth - An Emergent Trading Game | Asset ID: 2318361924203311027

MaWo

  • Jr. Member
  • **
  • Karma: +14/-1
  • Offline Offline
  • Posts: 44
    • View Profile
    • NFD Coin
Re: is the chain healthy?
« Reply #289 on: June 19, 2014, 01:08:24 pm »

There is a very good idea with NSC payments, hopefully everything will be work with it and there will be still enough of buy orders in AE...

+1

If you can't run a hallmarked node, at least set up some buy orders for NSC asset, other people will run nodes and get their small reward.

How a hallmarked node protect network when everyone can run one?
Logged

devphp

  • Hero Member
  • *****
  • Karma: +87/-14
  • Offline Offline
  • Posts: 1229
    • View Profile
Logged

fredch

  • Newbie
  • *
  • Karma: +0/-0
  • Offline Offline
  • Posts: 9
    • View Profile
Re: is the chain healthy?
« Reply #291 on: June 19, 2014, 01:09:48 pm »

@jeff NSC Asset Id:  6775372232354238105 
Logged

devphp

  • Hero Member
  • *****
  • Karma: +87/-14
  • Offline Offline
  • Posts: 1229
    • View Profile
Re: is the chain healthy?
« Reply #292 on: June 19, 2014, 01:12:06 pm »

There is a very good idea with NSC payments, hopefully everything will be work with it and there will be still enough of buy orders in AE...

+1

If you can't run a hallmarked node, at least set up some buy orders for NSC asset, other people will run nodes and get their small reward.

How a hallmarked node protect network when everyone can run one?

The more hallmarked nodes, the larger the network. The larger the network, the more trouble for DoS'ers. The network has to be large enough to outnumber DoS'ers. Besides, CfB said that Transparent Forging will be implemented only when the network is large enough. He believes it is not large enough now. So, set up more public (hallmarked) nodes or if you can't, buy NSC asset on the Asset exchange to support other people setting up nodes for the network.
Logged

megashira1

  • Guest
Re: is the chain healthy?
« Reply #293 on: June 19, 2014, 01:12:39 pm »

noob question: Will there be an issue if I send unconfirmed NXT from my address to another address?
Logged

MrV777

  • Hero Member
  • *****
  • Karma: +115/-4
  • Offline Offline
  • Posts: 991
    • View Profile
Re: is the chain healthy?
« Reply #294 on: June 19, 2014, 01:13:12 pm »

I had restarted right before posting my question  ???

Would anyone be able to check my node: 54.186.204.166
I restarted it but when I try the getPeer API call from my computer, it acts like the node is not online.  It is on an Amazon EC2 server.

Thanks!

# telnet 54.186.204.166 7874

Trying 54.186.204.166...
Connected to 54.186.204.166.
Escape character is '^]'.
quit
HTTP/1.1 400 No URI
Content-Length: 0
Connection: close
Server: Jetty(9.1.5.v20140505)


it's online, but may need a restart.
Logged
NXT: NXT-BK2J-ZMY4-93UY-8EM9V
NXT nodes: 209.222.98.250, 216.155.128.10

bizz

  • Sr. Member
  • ****
  • Karma: +22/-4
  • Offline Offline
  • Posts: 285
    • View Profile
Re: is the chain healthy?
« Reply #295 on: June 19, 2014, 01:14:08 pm »

There is a very good idea with NSC payments, hopefully everything will be work with it and there will be still enough of buy orders in AE...

+1

If you can't run a hallmarked node, at least set up some buy orders for NSC asset, other people will run nodes and get their small reward.

How a hallmarked node protect network when everyone can run one?

Not everyone. More NXT hallmark has more importance it has and if it owns lots of NXT it's not in their interest to do bad things.
Logged

jefdiesel

  • Hero Member
  • *****
  • Karma: +88/-77
  • Offline Offline
  • Posts: 1275
    • View Profile
Re: is the chain healthy?
« Reply #296 on: June 19, 2014, 01:14:34 pm »

ok set up a node. Im almost sure how to do this, but It wont load in a browser when i go to the ip:7876

did this

Quote
write these lines, where X.X.X.X is the IP address of the host:
nxt.myAddress=X.X.X.X
nxt.allowedBotHosts=127.0.0.1; localhost; X.X.X.X; 0:0:0:0:0:0:0:1;
nxt.allowedUserHosts=127.0.0.1; localhost; X.X.X.X; 0:0:0:0:0:0:0:1;
Logged
Member of D.O.R.C.S., creators of Lyth - An Emergent Trading Game | Asset ID: 2318361924203311027

qbd1313

  • Sr. Member
  • ****
  • Karma: +10/-8
  • Offline Offline
  • Posts: 372
    • View Profile
Re: is the chain healthy?
« Reply #297 on: June 19, 2014, 01:16:46 pm »

I will write tutorials
Logged

starik69

  • Sr. Member
  • ****
  • Karma: +11/-17
  • Offline Offline
  • Posts: 301
    • View Profile
Re: is the chain healthy?
« Reply #298 on: June 19, 2014, 01:16:58 pm »

Hurray to GLEFU!!!  8)
He saved the world!  :o
He send 100NXT in this 14426724090588077817 transaction to defaulted 13792774143018875909 and confirmed it himself in block 164939.
So, the next block could confirm the "bad" transaction 11815110199130602448 that blocked the network!  ;D
Logged
NXT-R2U6-22MC-LQL2-22222 (648774468) - NXT | All versions of NXT client and more - https://mega.co.nz/#F!J1xmgAyC!cnaqdxHALLMGiS0hTPrhAg

devphp

  • Hero Member
  • *****
  • Karma: +87/-14
  • Offline Offline
  • Posts: 1229
    • View Profile
Re: is the chain healthy?
« Reply #299 on: June 19, 2014, 01:18:23 pm »

ok set up a node. Im almost sure how to do this, but It wont load in a browser when i go to the ip:7876

did this

Quote
write these lines, where X.X.X.X is the IP address of the host:
nxt.myAddress=X.X.X.X
nxt.allowedBotHosts=127.0.0.1; localhost; X.X.X.X; 0:0:0:0:0:0:0:1;
nxt.allowedUserHosts=127.0.0.1; localhost; X.X.X.X; 0:0:0:0:0:0:0:1;

What do these commands show? Paste the output here.

iptables -L | grep 7874
iptables -L | grep 7875
iptables -L | grep 7876

you need to make sure those ports are opened at the firewall.
Logged
Pages: 1 ... 13 14 [15] 16 17 ... 24  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly