mdude77 (OP)
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
May 15, 2014, 01:57:14 AM |
|
how do you know that opening up external access is not common ? - how many people want to know the status of their S1s when they are not home - lots I imagine - (temp, hash rate etc) - pretty interesting things and why would Bitmain deviate so much from a standard OpenWRT build - makes no sense But I agree a strong password is important And to: +1
Which means it'll be pounded until they crash it or find the password.
I do not recommend having your Ants accessible externally. again they have to find your Ant S1 first - if you dont use port 80 - you've already decreased your risk of getting hit exponentially Im leaving mine accessible externally and will report back If (and I dont expect when) I have any problem from intruders I agree with the port 80 comment. However, port scanners work by looking for any open port and then querying them to see what response you get. I would be surprised if Ants weren't already in commonly available exploit packages. M
|
I mine at Kano's Pool because it pays the best and is completely transparent! Come join me!
|
|
|
rileyminer
Newbie
Offline
Activity: 32
Merit: 0
|
|
May 15, 2014, 02:05:51 AM |
|
I would be surprised if Ants weren't already in commonly available exploit packages. to serve what purpose ? again - all they could do is point the S1 to their own pool for their benefit - or try and fk it up - either way you are going to know - especially with the monitoring tool you created... its not like your not going to know and thanks again for your efforts - I can check the status of my ant S1s anywhere !
|
|
|
|
taipo
Full Member
Offline
Activity: 238
Merit: 100
Kia ora!
|
|
May 15, 2014, 02:17:48 AM |
|
how do you know that opening up external access is not common ?
What I 'know' is, anything, having been served online, will have been attacked, and unless its the miracle app ( for which there are only a few that have never had an exploit found in them ), will have at some point been exploited or had some weakness found in it. OpenWRT is no exception to this and has been exploited dozens of times and continues to have security vulnerabilities found in it - as is the case with any application serving on the internet. OpenWRT's implementation in routers have been exploited as well, on the odd occasion resulting in the router itself taking the blame rather than OpenWRT itself. A quick search of google will show you that. However there have been no reports of security exploits on Antminers. Nowhere in the Antminer docs do they give instruction to, or mention the idea of, opening up external ports to Antminers, because they are not needed to mine. That doesn't mean that its not a done thing, it only alludes to a statement that its not common. So its not a matter of 'knowing', its a matter of 'inferring' from anecdotal stuff....
|
|
|
|
rileyminer
Newbie
Offline
Activity: 32
Merit: 0
|
|
May 15, 2014, 02:25:36 AM |
|
ok if you want to get technical - what process (or service) do you think is actually listening to port 80 in OpenWRT running on the Ant S1 ?
because an exploit has to communicate across a specific port (to a specific service that's listening)
anyone ?
|
|
|
|
taipo
Full Member
Offline
Activity: 238
Merit: 100
Kia ora!
|
|
May 15, 2014, 02:28:34 AM |
|
I would be surprised if Ants weren't already in commonly available exploit packages. to serve what purpose ? again - all they could do is point the S1 to their own pool for their benefit - or try and fk it up - either way you are going to know - especially with the monitoring tool you created... its not like your not going to know There are a number of cunning things an exploit could do: - syphon off small enough percentages of hashrate via a hack into the firmware, small enough that one wouldn't notice. - syphon off all the hashrate during the hours a user is expected to be asleep. a lot of this can be learnt via the Antminer logs, time settings if an attacker has access, to the user it would look like the pool was down for 4 or 5 hours. - update the firmware in the miner with an attackers own hacked version - upload some javascript to the antminer web interface that exploited vulnerabilities in a browser so that when the user logs in their wallet data is stolen and more...
|
|
|
|
rileyminer
Newbie
Offline
Activity: 32
Merit: 0
|
|
May 15, 2014, 02:33:06 AM |
|
what part of OpenWRT exactly - what service do you think they would be exploiting ? you can imagine whatever you want but technically be realistic - how do you think this would go down and would the WebServer (uhttpd) even run javascript ?
|
|
|
|
taipo
Full Member
Offline
Activity: 238
Merit: 100
Kia ora!
|
|
May 15, 2014, 02:38:54 AM |
|
Webservers do not run javascript, browsers do. Webservers serve web pages with varying levels of permissions needed to access, edit and delete those files, as well as the same for directories. Directories are just folders on a computer. The login form is just a simple web post form which if there is a security vulnerability in it, could be exploited by unauthenticated attackers allowing attackers to execute arbitrary commands with root privileges.
As has been the case several times in the history of OpenWrt
|
|
|
|
rileyminer
Newbie
Offline
Activity: 32
Merit: 0
|
|
May 15, 2014, 02:44:38 AM |
|
ok - this is the version of uhttpd thats running on one of my Ant S1s (2013-09-13) - post a link where you can prove this version is vulnerable to anything. (because now we are being specific) - this is the only process (or service) listening on port 80 - http://wiki.openwrt.org/doc/howto/http.uhttpdagain it easy to argue in general terms - but we need to be specific (and discuss whats actually running on the S1s)
|
|
|
|
mdude77 (OP)
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
May 15, 2014, 03:01:40 AM |
|
I would be surprised if Ants weren't already in commonly available exploit packages. to serve what purpose ? again - all they could do is point the S1 to their own pool for their benefit - or try and fk it up - either way you are going to know - especially with the monitoring tool you created... its not like your not going to know There are a number of cunning things an exploit could do: - syphon off small enough percentages of hashrate via a hack into the firmware, small enough that one wouldn't notice. - syphon off all the hashrate during the hours a user is expected to be asleep. a lot of this can be learnt via the Antminer logs, time settings if an attacker has access, to the user it would look like the pool was down for 4 or 5 hours. - update the firmware in the miner with an attackers own hacked version - upload some javascript to the antminer web interface that exploited vulnerabilities in a browser so that when the user logs in their wallet data is stolen and more... What he said. Also, once inside your network, your firewall is breached. Everything inside your network is now accessible through the compromised Ant. Unless you put your Ants in a DMZ.. M
|
I mine at Kano's Pool because it pays the best and is completely transparent! Come join me!
|
|
|
taipo
Full Member
Offline
Activity: 238
Merit: 100
Kia ora!
|
|
May 15, 2014, 03:06:06 AM |
|
ok - this is the version of uhttpd thats running on one of my Ant S1s (2013-09-13) - post a link where you can prove this version is vulnerable to anything. (because now we are being specific) - this is the only process (or service) listening on port 80 - http://wiki.openwrt.org/doc/howto/http.uhttpdagain it easy to argue in general terms - but we need to be specific (and discuss whats actually running on the S1s) No, 'we' are not going to go there sorry, the debate was not about whether there is an actual exploit for the antminer s1 login page, but rather that the implementation of OpenWrt has probably not been tested enough in the wild on the Antminer for anyone to fully trust it by opening up a port to allow external access. Probably need to agree to disagree on that one. Anyone wanting to do so, make sure your passwords are hard to guess.
|
|
|
|
mdude77 (OP)
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
May 15, 2014, 03:10:52 AM |
|
I just published v1.4. v1.4 - Removed the ability to resize the font. It caused problems for too many people. - Removed the ability to control how many browser instances you want to use. It's back to as it was in 1.2, fixed at 3. This also caused problems for some people. - Redid the Ant grid to massively reduce the amount of space the fields take up. - Added the ability to hide columns in the Ant grid. Screenshot how it looks it my side with everything enabled: Download link: MAntMonitor14.zipA couple things of note: - These UI changes should work as is with S2s. That's coming soon, out of time for tonite. - With my S2, and warm weather coming on, I reached electricity, noise, and heat saturation. I've sold all my S1s except for one. In retrospect I should have kept 2, because now I can't test this with more than one S1. I'll need to rely on you guys to tell me if it works or not. M
|
I mine at Kano's Pool because it pays the best and is completely transparent! Come join me!
|
|
|
terrapinflyer
|
|
May 15, 2014, 03:22:19 AM |
|
I just published v1.4. v1.4 - Removed the ability to resize the font. It caused problems for too many people. - Removed the ability to control how many browser instances you want to use. It's back to as it was in 1.2, fixed at 3. This also caused problems for some people. - Redid the Ant grid to massively reduce the amount of space the fields take up. - Added the ability to hide columns in the Ant grid. Screenshot how it looks it my side with everything enabled: [img ]http://www.mdude.org/mantmonitor14.jpg[/img ] Download link: MAntMonitor14.zipA couple things of note: - These UI changes should work as is with S2s. That's coming soon, out of time for tonite. - With my S2, and warm weather coming on, I reached electricity, noise, and heat saturation. I've sold all my S1s except for one. In retrospect I should have kept 2, because now I can't test this with more than one S1. I'll need to rely on you guys to tell me if it works or not. M Just wanted to say thanks to mdude7 for this great tool. Please keep up the great work!
|
|
|
|
|
mstrongbow
Sr. Member
Offline
Activity: 322
Merit: 250
3D Printed!
|
|
May 15, 2014, 04:21:59 AM |
|
Hows that easier than M'sAntMonitor ? I looked for a tutorial on setting it up with the S1 and didn't see any (I do already have it running with Minepeon as a plugin) With MantMonitor 1.X - you just plug in the IP and the port (and the username and password) and portfw thru the FW ==== and no one is going to give a crap about any portfw other than 80 with sniffing I am not sure, but I do not think the antminer firmware has been put through the ringer of being externally attacked its not like your not going to know your hashrate is going down because someone pointed your S1 to their own pool MultiMiner is more than just a "monitor" but it can act as a stand alone monitor for your miners. With the mobile app you can control your devices from anywhere! You can switch coins/pools etc. Give it a try mate
|
|
|
|
mstrongbow
Sr. Member
Offline
Activity: 322
Merit: 250
3D Printed!
|
|
May 15, 2014, 04:24:33 AM |
|
I just published v1.4. v1.4 - Removed the ability to resize the font. It caused problems for too many people. - Removed the ability to control how many browser instances you want to use. It's back to as it was in 1.2, fixed at 3. This also caused problems for some people. - Redid the Ant grid to massively reduce the amount of space the fields take up. - Added the ability to hide columns in the Ant grid. Screenshot how it looks it my side with everything enabled: [img ]http://www.mdude.org/mantmonitor14.jpg[/img ] Download link: MAntMonitor14.zipA couple things of note: - These UI changes should work as is with S2s. That's coming soon, out of time for tonite. - With my S2, and warm weather coming on, I reached electricity, noise, and heat saturation. I've sold all my S1s except for one. In retrospect I should have kept 2, because now I can't test this with more than one S1. I'll need to rely on you guys to tell me if it works or not. M Just wanted to say thanks to mdude7 for this great tool. Please keep up the great work! +1 Thanks a bunch!
|
|
|
|
mstrongbow
Sr. Member
Offline
Activity: 322
Merit: 250
3D Printed!
|
|
May 15, 2014, 05:02:36 AM |
|
Hmm, I had just installed v1.4, which looks very nice by the way! Anyways, one of my Ants was not showing up. After a couple changes I decided to check the Ant manually... After the password entry screen, I get this message... /usr/lib/lua/luci/dispatcher.lua:448: Failed to execute function dispatcher target for entry '/'. The called action terminated with an exception: /usr/lib/lua/luci/sauth.lua:87: Session data invalid! stack traceback: [C]: in function 'assert' /usr/lib/lua/luci/dispatcher.lua:448: in function 'dispatch' /usr/lib/lua/luci/dispatcher.lua:195: in function </usr/lib/lua/luci/dispatcher.lua:194> I posted up my issue over here... https://bitcointalk.org/index.php?topic=344970.msg6737300#msg6737300I am not sure if the monitor had anything to do with my issue but figured it would be worth a shot since some of the search results were stating the api access or something is at fault.
|
|
|
|
BillTech
|
|
May 15, 2014, 06:57:59 AM |
|
dig the new ver no window issues so far however its not rebooting the ants on XX for me
|
|
|
|
mdude77 (OP)
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
May 15, 2014, 09:33:27 AM |
|
Some of those fields seem to be misreporting their data... Looks right to me. I didn't explain what the fields are: HWE% = hardware error percentage (unchanged from prior versions) Pools: one letter for each, U = up, D = down, N = N/a Fans: fan speeds Temps: temp speeds Status: how many Xs there are per chain. 0X is what you want! M
|
I mine at Kano's Pool because it pays the best and is completely transparent! Come join me!
|
|
|
mdude77 (OP)
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
May 15, 2014, 09:35:55 AM |
|
Hmm, I had just installed v1.4, which looks very nice by the way! Anyways, one of my Ants was not showing up. After a couple changes I decided to check the Ant manually... After the password entry screen, I get this message... /usr/lib/lua/luci/dispatcher.lua:448: Failed to execute function dispatcher target for entry '/'. The called action terminated with an exception: /usr/lib/lua/luci/sauth.lua:87: Session data invalid! stack traceback: [C]: in function 'assert' /usr/lib/lua/luci/dispatcher.lua:448: in function 'dispatch' /usr/lib/lua/luci/dispatcher.lua:195: in function </usr/lib/lua/luci/dispatcher.lua:194> I posted up my issue over here... https://bitcointalk.org/index.php?topic=344970.msg6737300#msg6737300I am not sure if the monitor had anything to do with my issue but figured it would be worth a shot since some of the search results were stating the api access or something is at fault. I've seen that as well. Only way I was able to get around it was to power cycle the Ant. Once I saw it because the Ant was acting flaky. Another time I saw it after I tried manually entering the credentials in the URL to save going through the logon screen. I had no luck whatsoever with that (credentials in the URL), so I stuck with the proven working routine and haven't seen it since. M
|
I mine at Kano's Pool because it pays the best and is completely transparent! Come join me!
|
|
|
mdude77 (OP)
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
May 15, 2014, 09:38:40 AM |
|
dig the new ver no window issues so far however its not rebooting the ants on XX for me
Are you sure you have Xs? I realize now some people might be reading "0X 0X" as "OX OX" and interpreting the X as bad. It's in fact the number of Xs (a zero X instead of 'O' X), so 0X 0X is good. M
|
I mine at Kano's Pool because it pays the best and is completely transparent! Come join me!
|
|
|
|