Title: Strange behavior with MobileMiner Post by: can on March 13, 2014, 02:47:16 AM Hi,my first post here since a couple years lurking around. Time to give back as much as I can.
This might be just related to CGminerMobileAdapter as I didnt't try MobileMiner with another miner. https://github.com/Axadiw/CGMinerMobileAdapter I have noticed unusual bandwith usage on all my rigs since I built my last bamt image. I've found an https connection to this suspicious, kind of ghost site, mstheater.org, with a considerable bandwith: 168.62.48.183 Hostname: mstheater.org MAC Address: a0:f3:c1:8a:d6:a8 Last seen: 2014-03-13 02:31:53 UTC+0000 (7 secs ago) In: 842,967 Out: 2,049,992 Total: 2,892,959 TCP ports (1-1 of 1) Port Service In Out Total SYNs 443 https 842,967 2,049,992 2,892,959 365 UDP ports The table is empty. IP protocols (1-1 of 1) # Protocol In Out Total 6 tcp 842,967 2,049,992 2,892,959 Looking for the process it cames from, I found PID 3671: 002:~# netstat -tnp | grep 168.62.48.183:443 tcp 0 1 192.168.1.2:35996 168.62.48.183:443 LAST_ACK - tcp 0 1 192.168.1.2:35999 168.62.48.183:443 LAST_ACK - tcp 0 1 192.168.1.2:36011 168.62.48.183:443 LAST_ACK - tcp 0 1 192.168.1.2:36014 168.62.48.183:443 LAST_ACK - tcp 0 0 192.168.1.2:36068 168.62.48.183:443 CLOSE_WAIT 3671/python tcp 0 1 192.168.1.2:35969 168.62.48.183:443 LAST_ACK - tcp 0 1 192.168.1.2:36023 168.62.48.183:443 LAST_ACK - tcp 0 1 192.168.1.2:35972 168.62.48.183:443 LAST_ACK - tcp 0 0 192.168.1.2:36069 168.62.48.183:443 ESTABLISHED 3671/python tcp 0 1 192.168.1.2:36056 168.62.48.183:443 LAST_ACK - ps aux gives: root 3671 0.0 0.2 10280 7524 pts/2 Ss+ Mar10 2:13 python /opt/CGMinerMobileAdapter/CGMinerMobileAdapter.py Strangest thing is I didn't find not even one human written search result referring to this mstheater.org site. WTF? Maybe the devs or some python or packet inspection ninja can bring us some light? Title: Re: Strange behavior with MobileMiner Post by: can on March 13, 2014, 04:11:00 AM Find out MobileMiner's API is hosted on Microsoft's Azure cloud service >:( That's why MobileMiner's IP connections resolves to this odd microsoft theater page.
However bandwith is very high. Title: Re: Strange behavior with MobileMiner Post by: nwoolls on March 13, 2014, 06:38:05 PM Make sure you are using the latest version of his Python script. It was initially submitting statistics every 5s. It's now set to 60s. You can edit it in the script yourself too (towards the bottom).
Title: Re: Strange behavior with MobileMiner Post by: can on March 15, 2014, 07:18:37 AM Thank you very much nwoolls. Great job.
|