|
Title: Monitoring IP connections to Antminer S9, showing connection to pool AND another Post by: AESyn on November 01, 2019, 03:17:14 PM So when I check the firewall for traffic, I see that they all connect to the pool ip address. 172.65.195.45 port 3334 (nicehash), But occasionally I see some of my Antminer S9's connecting to some sort of other IP using port 123. And its not all of them. Only some, and sometimes it disappears. One of them was a legitimate NTP IP pool, but another IP was strange, when I put it in my browser, it asked for username and password.
Should I block it? Is there a reason why the S9's should need to connect to another IP address other than the pool? And the funny thing is, its UDP port 123 all the time, although thats used for NTP Network Time Protocol. I've heard some people say that Antminer's can be DDOsed using NTP IP pools. Any thoughts? Title: Re: Monitoring IP connections to Antminer S9, showing connection to pool AND another Post by: PassThePopcorn on November 01, 2019, 03:27:32 PM The miner only needs to connect to the pool and in some cases the dns server, other than that if you feel there is a problem block it.
Title: Re: Monitoring IP connections to Antminer S9, showing connection to pool AND another Post by: mikeywith on November 01, 2019, 04:57:32 PM It is really hard to say , does your hashrate on the pool drop when the miner is communicating with the other IP address? also are you using any sort of modified firmware which may come with dev fees whereby it tries to hash on the dev's pool? I would say the best thing would be to block all unknown destinations, one by one and check if block any of them will affect the hash rate reported on the pool. Title: Re: Monitoring IP connections to Antminer S9, showing connection to pool AND another Post by: frodocooper on November 02, 2019, 03:41:16 AM If you would like to find out more information about those IP addresses before deciding whether to block them, then I suggest performing reverse lookups of the IP addresses to see what domain names they are mapped to, if any, and then performing WHOIS lookups of the returned domain names to see if those IP addresses belong to any entity that you know and trust.
If you are using a *nix OS — e.g., macOS or any Linux distribution — open a terminal window and enter the following: Code: dig @2606:4700:4700::1111 -x [IP address] +dnssec +multiline (Replace [IP address] with the IP address that you are looking up. The IPv6 address 2606:4700:4700::1111 points to Cloudflare's public DNS resolver. You may change it to an IPv4 or IPv6 address of any other public resolver or simply leave out the @ field to query your local system's DNS resolver.) This should return the domain name that is mapped to the IP address, if any. Then, perform a WHOIS lookup of the returned domain name by entering the following into your terminal: Code: whois [domain name] (Replace [domain name] with the domain name that you are looking up. You may instead use a web-based WHOIS lookup client if you wish.) If the returned results are suspicious or unknown to you, then I recommend blocking those IP addresses. |