Bitcoin Forum

Bitcoin => Mining => Topic started by: Cryddit on August 13, 2014, 08:01:32 PM

Title: How can we prevent this attack from recurring?
Post by: Cryddit on August 13, 2014, 08:01:32 PM

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

1) Get access to a switch at an ISP (or, really, anywhere in the network fabric)
2) Divert mining getwork requests to the cracker's own pool server
3) Run a mining pool that none of the participants know they're in
4) Don't pay the participants.
5) Profit!

Title: Re: How can we prevent this attack from recurring?
Post by: DannyHamilton on August 13, 2014, 08:28:43 PM

Quote from: Cryddit on August 13, 2014, 08:01:32 PM

Have miners sign the getwork reply?

Title: Re: How can we prevent this attack from recurring?
Post by: azeteki on August 13, 2014, 09:06:18 PM

Pretty much any boring auth method would work.

You don't need a CA or WoT even to gain a huge improvement on the current status quo.

See SSH 'known hosts'. After first connection, halt work and sound a bell / send e-mail to hardware owner if the key changes.

Title: Re: How can we prevent this attack from recurring?
Post by: gmaxwell on August 13, 2014, 09:58:55 PM

BFGminer supports TLS and can do cert validation.

Or better, just run P2Pool. This sort of thing isn't a threat when you're not blindly selling your hashrate to third parties.

Title: Re: How can we prevent this attack from recurring?
Post by: -ck on August 15, 2014, 11:13:30 AM

TLS requirement is overkill. Simply preventing redirection to a URL from a different domain is enough to avoid it and has been successful at doing so for a while now. The report is for ancient versions of software that have long since provided protection against it. Mining is changing so rapidly that any news you read outside of these forums is long since ancient and irrelevant by the time it's published.