This sounds like the same vulnerability that WeMineLTC released info on a few days ago.
Litecoinforums are down, but here's a bitcointalk link about it:
https://bitcointalksearch.org/topic/annimportant-vulnerability-in-stratum-mining-fix-your-pools-asap-220641
Topic: New SCRYPT! Stratum Flaw found - page 2. (Read 4919 times)
Pool owners running pool software from viperaus or startum etc.. you may be susceptible to a new attack this has been noted on a few pools recently. This may not be affecting all pools but it is definitely worth a mention.
here's the issue a significant fake hash rate may be counted as valid instead of rejected by the vulnerable pool server. I am working with a bunch of pool operators as well as the litecoin dev team at the moment to find the cause of this issue and resolve it.
I Believe the attacker is able to trick the server into accepting shares at a lower difficulty then the server sends out thus causing their hash rate to spike. I am not 100% sure on this which is why i make this post, if you think you pool is affected please join us
Here is what i have suggested so far. Disabling vardiff code and setting the share difficulty cap at 32. This will not be a permanent solution but might potentially stop these attacks until we can find the root cause.
Please take note.
Any pools that has custom coded stratum software will not be affected by this bug this is for pools that are using the same codebase as each other.
The litecoin dev team are not responsible for pool code but they are lending a hand where they can.
I would also like to mention that there is NO issue with the LTC network at all! this is all to do with attacks and exploits on pool software.
if you're a pool op, join us on #unitedminers-2 on freenode.
here's the issue a significant fake hash rate may be counted as valid instead of rejected by the vulnerable pool server. I am working with a bunch of pool operators as well as the litecoin dev team at the moment to find the cause of this issue and resolve it.
I Believe the attacker is able to trick the server into accepting shares at a lower difficulty then the server sends out thus causing their hash rate to spike. I am not 100% sure on this which is why i make this post, if you think you pool is affected please join us
Here is what i have suggested so far. Disabling vardiff code and setting the share difficulty cap at 32. This will not be a permanent solution but might potentially stop these attacks until we can find the root cause.
Please take note.
Any pools that has custom coded stratum software will not be affected by this bug this is for pools that are using the same codebase as each other.
The litecoin dev team are not responsible for pool code but they are lending a hand where they can.
I would also like to mention that there is NO issue with the LTC network at all! this is all to do with attacks and exploits on pool software.
if you're a pool op, join us on #unitedminers-2 on freenode.
Jump to: