sdjernes
Newbie
Offline
Activity: 49
Merit: 0
|
|
April 27, 2014, 02:49:23 AM |
|
Ok, I have two effected sites and one non effected site. Site 1: Cox Cable Business Connection Omaha, NE Public Subnet Router: Centos 6.x iptables / Hurricane Electric ipv6 tunnel Firewall: Untangle 10.1 Miner Control: MinePeon 2.4.5 w/ bfgminer 3.10.0 Pool effected: Eligius Effected behavior: Miner acts as if it is connected to pool but no data is passed so all mining offline. Pool not effected: Ghash.io Second miner site 1 Avalon 55nm based system CGminer 4.0 This system appeared to be working correctly, but for safety switched its pools temporarily. Site 2 Cox Cable Business Connection Omaha, NE Firewall: SonicWall Miner Control: bfgminer 3.9.0 on Ubuntu 12.04 Unaffected site Charter Cable Residential Service Plattsmouth, NE Firewall: WNDR3700 v2 w/ DD-Wrt Hurricane Electric ipv6 tunnel Miner Control: MinePeon 2.4.5 w/ bfgminer 3.10.0 Unaffected Pool: Eligius I spent the better part of the day investigating this issue. - It's not a pool side hack - No pool servers are or were compromised
- It's not a pool-side close network hack - No datacenter infrastructure is compromised
- It only affects certain clients, is not pool wide, and affects affected clients repeatedly
Presumably there is some issue with some client side routing hardware that is being exploited. Anyone effected, please post how your connected to the net. PC->Router->Cable Modem, etc, with makes/models of such so we can possibly narrow this down.
|
|
|
|
dexX7
Legendary
Offline
Activity: 1106
Merit: 1024
|
|
April 27, 2014, 04:14:17 AM |
|
If I may ask, is there somewhere a more detailed information about transaction processing on Eligius available?
|
|
|
|
soapmodem
|
|
April 27, 2014, 09:15:45 AM |
|
Can we get ssl/https on the website? Thanks.
|
|
|
|
Lucko
|
|
April 27, 2014, 09:37:15 AM |
|
To affect that many pools I think it must be a bug in stratum not MITM...
Surely though, if it were a bug in stratum, ALL pools would be affected. P2pool uses stratum but has no issues at all. Peace. Don't forget it would also affect all users if it was a bug in stratum. It's mostly the same users getting hit each time, and they are a very small subset. EDIT: As Lucko posted, it hit his machines on 4 different pools, at 4 different locations on 2 different ISPs. That makes no sense that it would do that unless it's something specific to him. If the problem was pool side, or even widespread, you'd be seeing *massive* speed fluctuations on pools when these redirects happen. It isn't related to some clients not supporting it, since BTC Guild actually uses client.reconnect for it's public servers. EVERYBODY actively mining on the BTC Guild public stratum servers supports client.reconnect. This is from Ghash. I would say this is a *massive* speed fluctuation. Over 2 Ph... 54922 Open 3 minutes 14.77 Ph/s 4.44 Th/s 6978842649 179680 0.030% 780 (0.43%) 718536943 54921 2014-04-27 09:30:29 12 minutes 14.81 Ph/s 3.83 Th/s 6978842649 647190 0.026% 0 (0%) 2500000094 54920 2014-04-27 09:18:24 11 minutes 17.02 Ph/s 4.48 Th/s 6978842649 658320 0.026% 640 (0.10%) 2500001879 But this time I jumped to backup pool since I blocked IP at router so that works
|
|
|
|
eleuthria
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
April 27, 2014, 09:48:46 AM |
|
This is from Ghash. I would say this is a *massive* speed fluctuation. Over 2 Ph... 54922 Open 3 minutes 14.77 Ph/s 4.44 Th/s 6978842649 179680 0.030% 780 (0.43%) 718536943 54921 2014-04-27 09:30:29 12 minutes 14.81 Ph/s 3.83 Th/s 6978842649 647190 0.026% 0 (0%) 2500000094 54920 2014-04-27 09:18:24 11 minutes 17.02 Ph/s 4.48 Th/s 6978842649 658320 0.026% 640 (0.10%) 2500001879 But this time I jumped to backup pool since I blocked IP at router so that works Considering Ghash has a history of losing private farm or public pool connectivity on a regular basis, I'd hardly use them as a reference point.
|
RIP BTC Guild, April 2011 - June 2015
|
|
|
Bitcoin.Greece
|
|
April 27, 2014, 09:50:16 AM |
|
is there any way to manage the difficulty of the miner manually ?
|
Get a VPN - Protect yourself
|
|
|
Lucko
|
|
April 27, 2014, 09:55:14 AM |
|
This is from Ghash. I would say this is a *massive* speed fluctuation. Over 2 Ph... 54922 Open 3 minutes 14.77 Ph/s 4.44 Th/s 6978842649 179680 0.030% 780 (0.43%) 718536943 54921 2014-04-27 09:30:29 12 minutes 14.81 Ph/s 3.83 Th/s 6978842649 647190 0.026% 0 (0%) 2500000094 54920 2014-04-27 09:18:24 11 minutes 17.02 Ph/s 4.48 Th/s 6978842649 658320 0.026% 640 (0.10%) 2500001879 But this time I jumped to backup pool since I blocked IP at router so that works Considering Ghash has a history of losing private farm or public pool connectivity on a regular basis, I'd hardly use them as a reference point. Well it happened at the same time my miners jumped... So not so sure...
|
|
|
|
|
PatMan
|
|
April 27, 2014, 10:27:42 AM |
|
This is from Ghash. I would say this is a *massive* speed fluctuation. Over 2 Ph... 54922 Open 3 minutes 14.77 Ph/s 4.44 Th/s 6978842649 179680 0.030% 780 (0.43%) 718536943 54921 2014-04-27 09:30:29 12 minutes 14.81 Ph/s 3.83 Th/s 6978842649 647190 0.026% 0 (0%) 2500000094 54920 2014-04-27 09:18:24 11 minutes 17.02 Ph/s 4.48 Th/s 6978842649 658320 0.026% 640 (0.10%) 2500001879 But this time I jumped to backup pool since I blocked IP at router so that works Considering Ghash has a history of losing private farm or public pool connectivity on a regular basis, I'd hardly use them as a reference point. Considering Ghash has a history. I'd hardly use them as a reference for anything
|
|
|
|
Lucko
|
|
April 27, 2014, 10:39:06 AM |
|
This is from Ghash. I would say this is a *massive* speed fluctuation. Over 2 Ph... 54922 Open 3 minutes 14.77 Ph/s 4.44 Th/s 6978842649 179680 0.030% 780 (0.43%) 718536943 54921 2014-04-27 09:30:29 12 minutes 14.81 Ph/s 3.83 Th/s 6978842649 647190 0.026% 0 (0%) 2500000094 54920 2014-04-27 09:18:24 11 minutes 17.02 Ph/s 4.48 Th/s 6978842649 658320 0.026% 640 (0.10%) 2500001879 But this time I jumped to backup pool since I blocked IP at router so that works Considering Ghash has a history of losing private farm or public pool connectivity on a regular basis, I'd hardly use them as a reference point. Considering Ghash has a history. I'd hardly use them as a reference for anything Again. The drop happened the same time my miners jumped to pirate pool but then moved to backup since I blocked that IP on router. Now it could be just a coincidence but it would have to be a big one... 2Ph/s is big even at Ghash stranded. But this time only Ghash miners were affected. The rest didn't jumped.
|
|
|
|
Lucko
|
|
April 27, 2014, 12:09:16 PM |
|
Kano how do you explain other pools with this issue? Same thing? Hacked?
|
|
|
|
KNK
|
|
April 27, 2014, 12:26:29 PM |
|
The drop happened the same time my miners jumped to pirate pool but then moved to backup since I blocked that IP on router. Doesn't that mean, that it's not just 'stratum client.reconnect'? I mean if it's redirect the miner should switch back to main pool (with some delay), not remain on backup ... what's you pool strategy?
|
|
|
|
Lucko
|
|
April 27, 2014, 12:30:50 PM |
|
The drop happened the same time my miners jumped to pirate pool but then moved to backup since I blocked that IP on router. Doesn't that mean, that it's not just 'stratum client.reconnect'? I mean if it's redirect the miner should switch back to main pool (with some delay), not remain on backup ... what's you pool strategy? Strategy is Failover... Just switching off and back on the pool doesn't help. You get reconnected to pirate again. You need to restart miner software... And since I have IP blocked pool shows as dead and goes to first backup pool. EDIT: Well now that I think about it. Since I implemented this block IP redirect happened only once. And I was looking at the miner and started restarts at once. It might not be a case now that IP is blocked and you lost pool conection. Will see if it will work without restart...
|
|
|
|
Lucko
|
|
April 27, 2014, 12:47:28 PM |
|
It might even happened more then once and I didn't notice since I was reconnected... Need to start logging... A also asked ISP to look into possibility they were hacked... But they told me it would take some time...
|
|
|
|
Luke-Jr
Legendary
Offline
Activity: 2576
Merit: 1186
|
|
April 27, 2014, 01:13:06 PM |
|
Also, forgot to mention. You are clueless for not even knowing how your clone miner works, I'd guess since a lot of this code is simply copied (as is this link) and no understanding of it is involved when you do that? https://github.com/luke-jr/bfgminer/blob/bfgminer/miner.c#L8516i.e. the pool doesn't need to be using the X-Stratum header for a MITM attack to simply add it to the connect reply. You can continue to make yourself look like a fool on some other thread. Go away.
|
|
|
|
AFox
|
|
April 27, 2014, 06:34:30 PM |
|
It's been since the 9th March that I didn't receive any NMC. Is it normal ?
My NMC address configured on Eligius : NFBmYQHSPP4dUgRFP4YJ6kSMgRYRpvcaEr
|
|
|
|
spooderman
Legendary
Offline
Activity: 1652
Merit: 1029
|
|
April 27, 2014, 06:40:08 PM |
|
Yes it's been a long time since I got any NMC.
|
Society doesn't scale.
|
|
|
sly5am
|
|
April 27, 2014, 06:53:18 PM |
|
I think getting this mining redirect hack fixed is more important than the 10 bucks of namecoin im missing since March 8th. Hopefully wizkid fixes the merged mining payout problem after this more important issue.
|
|
|
|
AFox
|
|
April 27, 2014, 06:58:17 PM |
|
I think getting this mining redirect hack fixed is more important I didn't know about that hack. Yes, it's more important to fix that first.
|
|
|
|
dexX7
Legendary
Offline
Activity: 1106
Merit: 1024
|
|
April 27, 2014, 08:04:56 PM |
|
If I may ask, is there somewhere a more detailed information about transaction processing on Eligius available?
Rephrased: is there an open source code or similar? Say I want to modify my nodes such that they map Eligius' mining policy. What would be the best way to do so?
|
|
|
|
|