i use opendns to do my dns lookups
opendns says 'You tried to visit eligius.st, which is not loading.'
Topic: Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB - page 187. (Read 1061445 times)
Looks like the site is down right now.
Any Eligius admins aware?
Page loads fine for me... seems to be more stable than yesterday... Any Eligius admins aware?
Looks like the site is down right now.
Any Eligius admins aware?
Any Eligius admins aware?
what to do?
No it is not down
Try: 50.16.187.58
If they were targeting specific servers, they wouldn't be redirecting Bitcoin miners to a scrypt server - kinda pointless 
No if you look at google for "46.28.205.80 p2pool" you can still see it was running Bitcoin P2Pool node. But it is/was running Wordcoin pool to... http://bitinfocharts.com/worldcoin/nodes/switzerland/unknown.html That IP found at lest 1 block if you look for "46.28.205.80 blockchain" in google.
Interesting hypothesis. I wonder if all of those attacked are running full Bitcoin nodes at the same public IP addresses?
I have never run a bitcoin node, so have little insight as to what can be harvested by way of intel from the relayed traffic. But I don't think that running a node would make you any more or less susceptible to this type of attack.
All bitcoin nodes are discoverable due to the peer-to-peer nature of the network. It would take some time and effort, but it would not be difficult to get a large list of bitcoin node IP's. And IP's running bitcoin nodes are probably more likely to be mining than IP's not running bitcoin nodes.
If they were targeting specific servers, they wouldn't be redirecting Bitcoin miners to a scrypt server - kinda pointless
Gawd, well that pretty much sums it up.
Yeah, I didn't realize that it was a redirect to a scrypt pool. Interesting. That shows that this is a pretty indiscriminate stratum attack, nothing about particular coins or pools. Which, in one way, is comforting; in another way, it's not, since it implies that some fairly major routers are being tapped somehow.
Or... maybe somebody did some IP recon with heartbleed on this forum? People logged in to this forum are obviously more likely to be miners than the Internet population at large. Scrape a bunch of IP addresses and try those.... hmm. But again, you'd think that such an attacker would at least have an SHA256 pool set up.
More than 3hr, No block found from ELigius
Nothing unusual there. Miners seem to be mining fine. This 'appears' to be just a website issue.
Looks like the site is down right now.
Any Eligius admins aware?
Any Eligius admins aware?
what to do?
More than 3hr, No block found from ELigius
Interesting hypothesis. I wonder if all of those attacked are running full Bitcoin nodes at the same public IP addresses?
I have never run a bitcoin node, so have little insight as to what can be harvested by way of intel from the relayed traffic. But I don't think that running a node would make you any more or less susceptible to this type of attack.
If they were targeting specific servers, they wouldn't be redirecting Bitcoin miners to a scrypt server - kinda pointless
Gawd, well that pretty much sums it up.
Miners are still connecting to stratum and mining, that's all I care about. Well, that and the payouts. 
FYI,
It appears that google's DNS does not have an "A" record for eligius.st.
Amazon's DNS resolves correctly.
Just got:
"Server not found
Firefox can't find the server at eligius.st."
Prompted me to do a little checking.
kinda looks like somebody is screwing around with a DNS re-direct/kill.
50.16.187.58 works just fine, BTW.
Inquiring minds wanna' know.
It appears that google's DNS does not have an "A" record for eligius.st.
Amazon's DNS resolves correctly.
Just got:
"Server not found
Firefox can't find the server at eligius.st."
Prompted me to do a little checking.
kinda looks like somebody is screwing around with a DNS re-direct/kill.
50.16.187.58 works just fine, BTW.
Inquiring minds wanna' know.
Looks like the site is down right now.
Any Eligius admins aware?
Any Eligius admins aware?
Edit: well ... OK I'm stupid now aren't I 
I think we tried to say that several times, in various different ways
Is port 12234 no longer available? I have been using it for Leaserig.net for some time and last night I could no longer connect to it. Now port 3334
works for leaserig. Any thoughts?
works for leaserig. Any thoughts?
I recall wizkid posting a few weeks back that the special KNC port was going away soon to reduce the failsafe blocks. Here's the post:
https://bitcointalksearch.org/topic/m.6178552
If they were targeting specific servers, they wouldn't be redirecting Bitcoin miners to a scrypt server - kinda pointless
Attack has nothing to do with DNS. So no...
Now that I think about it a bit more, of course it wouldn't. Thanks Lucko.
Now, doing such an attact is easy: packets are transmitted somewhat randomly over Internet. An attacker might monitor packets passing trough his node, and detect those who look like stratum packets, and trivially know the IP of the server, the miner and the port number of each.
How widespread is this attack, how many users have been affected so far? Are other pools experiencing the same problem, or just Eligius? If its just Eligius, it could be because an attacker, having discovered the originating IP address and public key ( wallet address ) from intercepting packets that pass through their node, can then go to the users pool stats page and see what their average hashrate is without the need of any authentication ***.
If this is the case, and its just a guess, along with encrypting the connections between miners and servers, the stats feature might need to have authentication added to it as well?
*** assuming that the attacker would be doing this because it would not be worth their time to do a sequencing attack on a user with a low hashrate
Interesting hypothesis. I wonder if all of those attacked are running full Bitcoin nodes at the same public IP addresses?
I am not running a node at my public IP. I have seen this issue on Eligius and on Ghash
Attack has nothing to do with DNS. So no...
Now that I think about it a bit more, of course it wouldn't. Thanks Lucko.
Now, doing such an attact is easy: packets are transmitted somewhat randomly over Internet. An attacker might monitor packets passing trough his node, and detect those who look like stratum packets, and trivially know the IP of the server, the miner and the port number of each.
How widespread is this attack, how many users have been affected so far? Are other pools experiencing the same problem, or just Eligius? If its just Eligius, it could be because an attacker, having discovered the originating IP address and public key ( wallet address ) from intercepting packets that pass through their node, can then go to the users pool stats page and see what their average hashrate is without the need of any authentication ***.
If this is the case, and its just a guess, along with encrypting the connections between miners and servers, the stats feature might need to have authentication added to it as well?
*** assuming that the attacker would be doing this because it would not be worth their time to do a sequencing attack on a user with a low hashrate
Interesting hypothesis. I wonder if all of those attacked are running full Bitcoin nodes at the same public IP addresses?
Attack has nothing to do with DNS. So no...
Now that I think about it a bit more, of course it wouldn't. Thanks Lucko.
Now, doing such an attact is easy: packets are transmitted somewhat randomly over Internet. An attacker might monitor packets passing trough his node, and detect those who look like stratum packets, and trivially know the IP of the server, the miner and the port number of each.
How widespread is this attack, how many users have been affected so far? Are other pools experiencing the same problem, or just Eligius? If its just Eligius, it could be because an attacker, having discovered the originating IP address and public key ( wallet address ) from intercepting packets that pass through their node, can then go to the users pool stats page and see what their average hashrate is without the need of any authentication ***.
If this is the case, and its just a guess, along with encrypting the connections between miners and servers, the stats feature might need to have authentication added to it as well?
*** assuming that the attacker would be doing this because it would not be worth their time to do a sequencing attack on a user with a low hashrate
Anyway it happens to me on BTCGuild, Ghesh and Scryptguild too...
Attack has nothing to do with DNS. So no...
Now that I think about it a bit more, of course it wouldn't. Thanks Lucko.
Now, doing such an attact is easy: packets are transmitted somewhat randomly over Internet. An attacker might monitor packets passing trough his node, and detect those who look like stratum packets, and trivially know the IP of the server, the miner and the port number of each.
How widespread is this attack, how many users have been affected so far? Are other pools experiencing the same problem, or just Eligius? If its just Eligius, it could be because an attacker, having discovered the originating IP address and public key ( wallet address ) from intercepting packets that pass through their node, can then go to the users pool stats page and see what their average hashrate is without the need of any authentication ***.
If this is the case, and its just a guess, along with encrypting the connections between miners and servers, the stats feature might need to have authentication added to it as well?
*** assuming that the attacker would be doing this because it would not be worth their time to do a sequencing attack on a user with a low hashrate
Is port 12234 no longer available? I have been using it for Leaserig.net for some time and last night I could no longer connect to it. Now port 3334
works for leaserig. Any thoughts?
works for leaserig. Any thoughts?
Jump to: