[POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com

[phzi]

any proves that you can sniff my traffic if i give you an ip? not just some virtual hoster that you managed to get it working 5 years ago?

Of course I can't sniff your traffic arbitrarily.  You can only view traffic on the wire where you are located - so, if you have a server in a data center on the same switch as a pool, for example, you could view all the traffic inbound to the pool.

And OVH is far from a "virtual hoster" - they are one of the largest private data center providers in the world.

---

This is all pretty basic networking stuff.  You want a demo of sniffing packets?  Connect two machines to the same network switch, fire up wireshark on one machine and start monitoring (can filter based on the other machine's IP if you want), and then go to a few websites on the second machine.

---

A forums post made by an OVH tech that was written last month, suggests that intercepting traffic was definitely still possible at OVH (they claim they are updating their switch configuration with a feature that prevent this):
https://forum.ovh.us/showthread.php/306-Misdirected-traffic-on-dedicated-server

It looks like in the case of OVH, some form of DoS attack may be necessary to knock the intended host offline in order to intercept tcp headers.  That OVH employee post certainly confirms in my mind that, when combined with another server at a host that fails to implement BCP38, the attack method I proposed is definitely possible.

[1714270478]

1714270478

[1714270478]

1714270478

[1714270478]

1714270478

[1714270478]

1714270478

[1714270478]

1714270478

[1714270478]

1714270478

[lagster]

any proves that you can sniff my traffic if i give you an ip? not just some virtual hoster that you managed to get it working 5 years ago?

Of course I can't sniff your traffic arbitrarily.  You can only view traffic on the wire where you are located - so, if you have a server in a data center on the same switch as a pool, for example, you could view all the traffic inbound to the pool.

And OVH is far from a "virtual hoster" - they are one of the largest private data center providers in the world.

---

This is all pretty basic networking stuff.  You want a demo of sniffing packets?  Connect two machines to the same network switch, fire up wireshark on one machine and start monitoring (can filter based on the other machine's IP if you want), and then go to a few websites on the second machine.

---

Confirmation from an OVH employee, written last month, suggesting that intercepting traffic was still possible at OVH (they claim they are updating their switch configuration with a feature that prevent this):
https://forum.ovh.us/showthread.php/306-Misdirected-traffic-on-dedicated-server

It looks like in the case of OVH, some form of DoS attack may be necessary to knock the intended host offline in order to intercept tcp headers.  That OVH employee post certainly confirms in my mind that, when combined with another server at a host that fails to implement BCP38, the attack method I proposed is definitely possible.

pretty basic stuff to see the traffic of all of your neighbores at your datacenter? i am probably doing something wrong, but i cant sniff anything from my datacenters. do i have to name the hosters to prove i cant sniff no one around me?

[JDawg76]

Hello,

I'm a newbie to mining but reading around I have managed to configure my rig to what I think is a satisfactory level although stability is still questionable. I have decided that Wafflepool is a very good multipool (a million times better than the first one I tried) and I hope to be here for the long run.

Recently I have noticed a high number of disconnects on my connection to Wafflepool:

 Pool 0  | CD:1044 A:326144 R:3072 RTT:522ms Q:15/75 DC:17

This was over 13 hours and is over 3-9 times higher than my other pools. Is this a normal level of disconnects? With all this talk of hijacking should I be worried?

I am using Kalroth's cgminer but have not built the latest version with the --no-client-reconnect option. Is that worth doing or will that break things and stop me reconnecting after a disconnect?

[Thirtybird]

Can scrypt n coins be mined on a pool like this ?

during DDOS, I tried script-n. can not be parallel to mine and then it requires individual settings. perhaps in time we need to convince, pw, another pool on a script-n.

The real work that needs to be done is extending the stratum implementation to also pass the value of N to the sgminer (and have sgminer understand).  Then a pool could switch between different scrypt-n coins.

I did some vertcoin mining while WafflePool was being DDoS'd, and I am planning to stay long on vertcoin for now - I think it's likely to do quite well as scrypt ASIC power ramps up.  Already, vertcoin is consistently more profitable to mine then LTC by my calculations (and we are still at the very beginning of the scrypt ASIC era).

This is exactly what I am working on for YACMiner (which does scrypt, n-scrypt, and scrypt-chacha) - the server specifies the algorithm and the parameters, and the miner switches to that.  It's a lot more complicated on the miner side as the way cgminer/yacminer et.al. are written is to initialize for an algorithm one time when the program starts.  It's taking a lot more re-engineering than I anticipated to get to a point where the algorithm can be specified at the pool level even initially, let alone after the program is already running.  I've got hte details in the plan on the wiki for YACMiner, and if there are any coders who can contribute, there is a fork that has the work started, otherwise, it might still take another month with the limited time I have.  The other part that needs to be addressed is the different parameters each card needs for each algorithm and the N factor as well are all going to be different.

[phzi]

i am probably doing something wrong, but i cant sniff anything from my datacenters.

What does tcpdump show?  Run it briefly and then terminate.  Take note if there are any packets filtered by the interface - this would likely indicate that there is a lot you could be sniffing but don't have your server configured correctly.

This is exactly what I am working on for YACMiner (which does scrypt, n-scrypt, and scrypt-chacha) - the server specifies the algorithm and the parameters, and the miner switches to that.

Awesome - look forward to seeing your implementation.  I recall seeing a few of your github commits before.

It's a lot more complicated on the miner side as the way cgminer/yacminer et.al. are written is to initialize for an algorithm one time when the program starts.  It's taking a lot more re-engineering than I anticipated to get to a point where the algorithm can be specified at the pool level even initially, let alone after the program is already running.

Ya, requires multiple kernel support, kernel loading/unloading.  And very likely a re-write of the config system to support multiple card configs for different algorithms.

I've got hte details in the plan on the wiki for YACMiner, and if there are any coders who can contribute, there is a fork that has the work started, otherwise, it might still take another month with the limited time I have.  The other part that needs to be addressed is the different parameters each card needs for each algorithm and the N factor as well are all going to be different.

Ya, I would say anytime you need a different kernel, you probably need a config.  In an ideal system, right now I could see having a separate GPU config for scrypt(1024, 1, 1), scrypt(2048, 1, 1), scrypt(4096, 1, 1), scrypt-chacha([various n]), and sha3 kekkek. Imagine being able to hot-swap between kernels like that.  Of course, a pool utilizing this would need to take into consideration the (potentially heavy) time cost of loading/unloading kernels, and a slower "shifting" pool that prefers to leave miners on the same algorithm would probably make sense.

I keep meaning to look into a buffer size implementation I saw recently - removed the need to specify thread-concurrency, and sounded beneficial/more accurate.  Need to find that branch again and do some testing soon.

[gaalx]

all fluttercoin - orphan?! wherefore???

[utahjohn]

Thanks again to Kalroth for quick semi-tested update (working fine for me).  In order to defeat these client.reconnect attacks this must be publicly announced to all who can be notified.  Also all miner developers need to be made aware of "no-client-redirect".  I have been unable to find a contact address for Veox/Sgminer.
A pool/client authentication protocol is a great idea but again will cause a lot of work for pool and client developers in co-operation.  For the good of the mining community please do what you can to get these ideas into production.  +1 to ThirtyBird for his work, I like the idea of hot-switching to different kernels for alternative scrypt coins  ... Enough rambling for tonight

[phzi]

Also all miner developers need to be made aware of "no-client-redirect".  I have been unable to find a contact address for Veox/Sgminer.

You did not look very hard then - the obvious place being sgminer's source repo on github. Sgminer has supported no-client-redirect for 3 days now.
https://github.com/veox/sgminer/commit/01b3f70b63d530e222d647de1a87ae4716e6ab0e

It is also a trivial patch to apply yourself to almost any cgminer derivative.

[utahjohn]

This announce was not on webpage a few hours ago (perhaps my ISP caches pages?) and I could not find contact address in the README.  Thanks for the heads up.  The wording of the announce is from Kalroth's repository ... who said Veox used to follow my repository. As this is open source there is nothing wrong with that and Veox gave credit to Kalroth

 I am a winblowz (server 2008 R2 Enterprise) user and do not have a compiler so I am reliant on devs to post winblowz binaries.
I have LMDE in a virtualbox on my day to day use machine but miner box is running winblowz.  Still not comfortable enough with Linux to use it on production miner.

[utahjohn]

Another dumbass question: Has anyone run multiple instances of miner clients and had it stay stable.  I want to use seperate cards in same box so I can try Vertcoin.  I realize I might have to upgrade memory capacity for that box.  I know cgminer has an option to select cards to use ... just have not dug into it yet and do not want to make my mining box unstable trying this.

[forcefedvr6]

How do I verify what IP addresses my pools are connected to in cgminer,  and then how do I know that those are the correct ones?

Create a table of your configured mining server host names and what their ip addresses and tcp port numbers should be (there are always subject to change, but only legitimately by the server operators), and learn how to use your operating system's netstat command to view a list of currently active tcp connections.  For wafflepool search for tcp connection on appropriate ip address and port 3333.  Should that line disappear from the list and your miner is still reporting that it is actively mining (and not having shifted to one of your other backup pools), then that would be indicative of a hash theft attack.

Thanks,  got it.

I also upgraded to kalroth  so I can use the new switch,  so hopefully it won't be an issue to begin with.

[lagster]

i am probably doing something wrong, but i cant sniff anything from my datacenters.

What does tcpdump show?  Run it briefly and then terminate.  Take note if there are any packets filtered by the interface - this would likely indicate that there is a lot you could be sniffing but don't have your server configured correctly.

100753 captured 100753 recieved 0 dropped
and all of them were my two ssh connections for few minutes while tcpdumping.

[tboy32]

phzi -

Maybe I'm misunderstanding your posts, but it seems you think network switches forward packets to all physical ports? I think you mean "hubs". Google "switch vs hub" and you'll see what I mean.

[utahjohn]

Good day all.  And I am back to mining on waffle now that the DDOS and reconnect has been solved.  I prefer to mine multiple coins and have given back 30% of my hashrate to waffle.

[LPCobris]

Hi!
Due to the fact that the profits are a little down here on waffle, i have (epic) splited my hash power with Clevermining.

5 Mhash each one... Lets see who wins the profit battle...

LPC

[azebro]

Hi!
Due to the fact that the profits are a little down here on waffle, i have (epic) splited my hash power with Clevermining.

5 Mhash each one... Lets see who wins the profit battle...

LPC

Tried that for sometime, but ended 100% on waffle.
CM reject % is huge and the hash they report doesn't match what I can see on the miners.
Point is, the profit they declare and the one you see don't match.

A.

[lagster]

Hi!
Due to the fact that the profits are a little down here on waffle, i have (epic) splited my hash power with Clevermining.

5 Mhash each one... Lets see who wins the profit battle...

LPC

Tried that for sometime, but ended 100% on waffle.
CM reject % is huge and the hash they report doesn't match what I can see on the miners.
Point is, the profit they declare and the one you see don't match.

A.

cm reject rate is 5%-15% and if you subtract it from their (probably pretty fake profit meter) you will see ~"spherical ltc in vacuum" profitability. and you can just switch to ghio with 0% fee for ltc mining with 0 rejects. but seems that sfire moved to cm. probably it is a little better. i am curious what his reject rate in mh is at cm. 10 times my all rigs combined or may be 100*Me? ))

[comeonalready]

Hi!
Due to the fact that the profits are a little down here on waffle, i have (epic) splited my hash power with Clevermining.

5 Mhash each one... Lets see who wins the profit battle...

LPC

Tried that for sometime, but ended 100% on waffle.
CM reject % is huge and the hash they report doesn't match what I can see on the miners.
Point is, the profit they declare and the one you see don't match.

A.

cm reject rate is 5%-15% and if you subtract it from their (probably pretty fake profit meter) you will see ~"spherical ltc in vacuum" profitability. and you can just switch to ghio with 0% fee for ltc mining with 0 rejects. but seems that sfire moved to cm. probably it is a little better. i am curious what his reject rate in mh is at cm. 10 times my all rigs combined or may be 100*Me? ))

I happened to catch sfire's reject rate here after the stratum code change, and many of his workers were reporting anywhere from 4-11% stale, so he was definitely taking advantage of poolwaffle's earlier 'accept most stales' policy. The new stratum code is much more fair to all.

[zneww]

All multipools will be around the same profit. If they are bad, it will be lower. CM and WP are around the same profits. No use in halfing your hash,just pick one and let it be. Theere is NO miracle pool that will bring you back to ~0.01BTC/Mh/Day....not happening. Stick with a pool. We have to wait this shit out.

[suchmoon]

Another dumbass question: Has anyone run multiple instances of miner clients and had it stay stable.  I want to use seperate cards in same box so I can try Vertcoin.  I realize I might have to upgrade memory capacity for that box.  I know cgminer has an option to select cards to use ... just have not dug into it yet and do not want to make my mining box unstable trying this.

Yes, that can be done. I had an experimental box that ran vertminer, cgminer HVC fork, and sgminer for scrypt each on its own 270X card. "device" option allows you to specify which cards to use, and "remove-disabled" hides the cards you don't use (so that multiple instances don't interfere with each other). Also check "api-port" - you might want to specify different ports if you are using some kind of monitoring software, and set up said software accordingly. I would suggest to tune the miners one at a time, and only start multiple ones when you are sure they work properly.