M's Miner (Ant/SP) Monitor v5.2: alerts,auto/mass/scheduled reboot/mobile miner - page 61.

taipo

full member

Activity: 238

Merit: 100

Kia ora!

Quote from: rileyminer on May 14, 2014, 09:05:51 PM

Quote

I would be surprised if Ants weren't already in commonly available exploit packages.

to serve what purpose ? again - all they could do is point the S1 to their own pool for their benefit - or try and fk it up - either way you are going to know - especially with the monitoring tool you created...

its not like your not going to know

There are a number of cunning things an exploit could do:
- syphon off small enough percentages of hashrate via a hack into the firmware, small enough that one wouldn't notice.
- syphon off all the hashrate during the hours a user is expected to be asleep. a lot of this can be learnt via the Antminer logs, time settings if an attacker has access, to the user it would look like the pool was down for 4 or 5 hours.
- update the firmware in the miner with an attackers own hacked version
- upload some javascript to the antminer web interface that exploited vulnerabilities in a browser so that when the user logs in their wallet data is stolen and more...

rileyminer

newbie

Activity: 32

Merit: 0

ok if you want to get technical - what process (or service) do you think is actually listening to port 80 in OpenWRT running on the Ant S1 ?

because an exploit has to communicate across a specific port (to a specific service that's listening)

anyone ?

taipo

full member

Activity: 238

Merit: 100

Kia ora!

Quote from: rileyminer on May 14, 2014, 08:54:31 PM

how do you know that opening up external access is not common ?

What I 'know' is, anything, having been served online, will have been attacked, and unless its the miracle app ( for which there are only a few that have never had an exploit found in them ), will have at some point been exploited or had some weakness found in it. OpenWRT is no exception to this and has been exploited dozens of times and continues to have security vulnerabilities found in it - as is the case with any application serving on the internet. OpenWRT's implementation in routers have been exploited as well, on the odd occasion resulting in the router itself taking the blame rather than OpenWRT itself. A quick search of google will show you that.

However there have been no reports of security exploits on Antminers. Nowhere in the Antminer docs do they give instruction to, or mention the idea of, opening up external ports to Antminers, because they are not needed to mine.

That doesn't mean that its not a done thing, it only alludes to a statement that its not common.

So its not a matter of 'knowing', its a matter of 'inferring' from anecdotal stuff....

rileyminer

newbie

Activity: 32

Merit: 0

Quote

I would be surprised if Ants weren't already in commonly available exploit packages.

to serve what purpose ? again - all they could do is point the S1 to their own pool for their benefit - or try and fk it up - either way you are going to know - especially with the monitoring tool you created...

its not like your not going to know

and thanks again for your efforts - I can check the status of my ant S1s anywhere !

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: rileyminer on May 14, 2014, 08:54:31 PM

how do you know that opening up external access is not common ? - how many people want to know the status of their S1s when they are not home - lots I imagine - (temp, hash rate etc) - pretty interesting things

and why would Bitmain deviate so much from a standard OpenWRT build - makes no sense

But I agree a strong password is important

And to:

Quote

+1

Which means it'll be pounded until they crash it or find the password.

I do not recommend having your Ants accessible externally.

again they have to find your Ant S1 first - if you dont use port 80 - you've already decreased your risk of getting hit exponentially

Im leaving mine accessible externally and will report back If (and I dont expect when) I have any problem from intruders

I agree with the port 80 comment. However, port scanners work by looking for any open port and then querying them to see what response you get. I would be surprised if Ants weren't already in commonly available exploit packages.

M

rileyminer

newbie

Activity: 32

Merit: 0

how do you know that opening up external access is not common ? - how many people want to know the status of their S1s when they are not home - lots I imagine - (temp, hash rate etc) - pretty interesting things

and why would Bitmain deviate so much from a standard OpenWRT build - makes no sense

But I agree a strong password is important

And to:

Quote

+1

Which means it'll be pounded until they crash it or find the password.

I do not recommend having your Ants accessible externally.

again they have to find your Ant S1 first - if you dont use port 80 - you've already decreased your risk of getting hit exponentially

Im leaving mine accessible externally and will report back If (and I dont expect when) I have any problem from intruders

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: taipo on May 14, 2014, 08:47:51 PM

Opening your ants up to external access is not common, so we can infer that the implementation of OpenWRT by BITMAIN has not been stress tested in that manner in the same way other devices like implementations on routers would have.

From a users perspective, a strong password is about all you can do.

+1

Which means it'll be pounded until they crash it or find the password.

I do not recommend having your Ants accessible externally.

M

taipo

full member

Activity: 238

Merit: 100

Kia ora!

Opening your ants up to external access is not common, so we can infer that the implementation of OpenWRT by BITMAIN has not been stress tested in that manner in the same way other devices like implementations on routers would have.

From a users perspective, a strong password is about all you can do.

rileyminer

newbie

Activity: 32

Merit: 0

Im pretty sure we would of heard of it by now and OpenWRT (the OS) is used for lots of other devices - https://openwrt.org/

taipo

full member

Activity: 238

Merit: 100

Kia ora!

Quote from: rileyminer on May 14, 2014, 08:19:57 PM

and no one is going to give a crap about any portfw other than 80 with sniffing
its not like your not going to know your hashrate is going down because someone pointed your S1 to their own pool

Sure, if you feel that way about it then at least make sure your password is a strong one. But if enough Antminer S1 users start allowing external access to their miners via port forwarding, then you can guaran-fkn-tee it that if there is a vulnerability in the authentication process then someone will write an exploit to create havoc for them.

rileyminer

newbie

Activity: 32

Merit: 0

Hows that easier than M'sAntMonitor ?

I looked for a tutorial on setting it up with the S1 and didn't see any (I do already have it running with Minepeon as a plugin)

With MantMonitor 1.X - you just plug in the IP and the port (and the username and password) and portfw thru the FW

====

and no one is going to give a crap about any portfw other than 80 with sniffing

Quote

I am not sure, but I do not think the antminer firmware has been put through the ringer of being externally attacked

its not like your not going to know your hashrate is going down because someone pointed your S1 to their own pool

mstrongbow

sr. member

Activity: 322

Merit: 250

3D Printed!

Quote from: rileyminer on May 14, 2014, 07:47:26 PM

I'm not sure if everyone knows this - but you can also connect to your S1's portforwarded thru your firewall (externally)
(again Im running 1.2 but works with all versions)

when you go to add an ip address - this works:

externalIPaddress:port

eg: myexternalipaddress:8090 (then portfw 8090 to the IP of your internal ANT S1 and port 80)

eg2: (for dyndns or similar) myants1.dyndns.org:8090

(so you can connect to your S1's even when not at home)

Much easier with this...

http://www.multiminerapp.com/

https://bitcointalksearch.org/topic/multiminer-any-miner-any-where-on-any-device-free-open-source-cross-platform-248173

taipo

full member

Activity: 238

Merit: 100

Kia ora!

I am not sure, but I do not think the antminer firmware has been put through the ringer of being externally attacked ( due to most users running them via their internal LANs ), so would not depend on its security, even if the password was a 'difficult' one. If you are going to allow external access to your antminers via port forwarding, you are going to at least.....want to have an extremely difficult password.

See: http://www.safepasswd.com for examples of strong passwords.

rileyminer

newbie

Activity: 32

Merit: 0

I'm not sure if everyone knows this - but you can also connect to your S1's portforwarded thru your firewall (externally)
(again Im running 1.2 but works with all versions)

when you go to add an ip address - this works:

externalIPaddress:port

eg: myexternalipaddress:8090 (then portfw 8090 to the IP of your internal ANT S1 and port 80)

eg2: (for dyndns or similar) myants1.dyndns.org:8090

(so you can connect to your S1's even when not at home)

BillTech

sr. member

Activity: 296

Merit: 250

Quote from: mstrongbow on May 14, 2014, 01:19:53 PM

Here's that screenshot...

mines the same as well even after deleting reg keys

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: taipo on May 14, 2014, 06:54:17 PM

Quote from: mdude77 on May 14, 2014, 06:38:40 PM

Quote from: mstrongbow on May 14, 2014, 01:19:53 PM

Here's that screenshot...

Thanks. That's not how it looks for me. Something went terribly wrong.

Mine looks the same.

Looks like I'll be basically rolling back the changes I made in 1.3.

Thanks for the feedback.

M

taipo

full member

Activity: 238

Merit: 100

Kia ora!

Quote from: mdude77 on May 14, 2014, 06:38:40 PM

Quote from: mstrongbow on May 14, 2014, 01:19:53 PM

Here's that screenshot...

Thanks. That's not how it looks for me. Something went terribly wrong.

Mine looks the same.

rileyminer

newbie

Activity: 32

Merit: 0

Quote

If you are comfortable editing the registry, close the apps, go to hkey_current_user\software\mantmonitor. Delete the fontsize, height, and width keys. Then restart the app and see what happens.

I did this - and no change - still looks messed up

great app tho - Im running 1.2 and its working well - thanks for making it

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: mstrongbow on May 14, 2014, 01:19:53 PM

Here's that screenshot...

Thanks. That's not how it looks for me. Something went terribly wrong.

If you are comfortable editing the registry, close the apps, go to hkey_current_user\software\mantmonitor. Delete the fontsize, height, and width keys. Then restart the app and see what happens.

I suspect if you change the font size and resize it things go awry, but I don't know yet.

I intend to make some significant UI changes in the next version to save on screen real estate, add S2 support (since there are a LOT more values there), and I'll likely remove the font size change since it doesn't seem to be behaving consistently for everyone.

M

mdude77

legendary

Activity: 1540

Merit: 1001

Quote from: taipo on May 14, 2014, 04:36:40 PM

Quote from: mdude77 on May 14, 2014, 04:33:38 PM

It parses the output of the web page(s). S2 support isn't there yet. Coming soon, though.

M

If you ever think of buying an S2 and need a coupon, let me know, I have a spare.

Thanks. I have a S2 now. I just need the time to make the changes.

M

Topic: M's Miner (Ant/SP) Monitor v5.2: alerts,auto/mass/scheduled reboot/mobile miner - page 61. (Read 209500 times)