Author

Topic: [POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com - page 118. (Read 465769 times)

newbie
Activity: 52
Merit: 0
Hi!
Due to the fact that the profits are a little down here on waffle, i have (epic) splited my hash power with Clevermining.

5 Mhash each one... Lets see who wins the profit battle...

LPC

Tried that for sometime, but ended 100% on waffle.
CM reject % is huge and the hash they report doesn't match what I can see on the miners.
Point is, the profit they declare and the one you see don't match.

A.
full member
Activity: 129
Merit: 100
Hi!
Due to the fact that the profits are a little down here on waffle, i have (epic) splited my hash power with Clevermining.

5 Mhash each one... Lets see who wins the profit battle...

LPC
hero member
Activity: 630
Merit: 500
Good day all.  And I am back to mining on waffle now that the DDOS and reconnect has been solved.  I prefer to mine multiple coins and have given back 30% of my hashrate to waffle.
newbie
Activity: 4
Merit: 0
phzi -

Maybe I'm misunderstanding your posts, but it seems you think network switches forward packets to all physical ports? I think you mean "hubs". Google "switch vs hub" and you'll see what I mean.
newbie
Activity: 56
Merit: 0
i am probably doing something wrong, but i cant sniff anything from my datacenters.
What does tcpdump show?  Run it briefly and then terminate.  Take note if there are any packets filtered by the interface - this would likely indicate that there is a lot you could be sniffing but don't have your server configured correctly.
100753 captured 100753 recieved 0 dropped
and all of them were my two ssh connections for few minutes while tcpdumping.
member
Activity: 101
Merit: 10

How do I verify what IP addresses my pools are connected to in cgminer,  and then how do I know that those are the correct ones?

Create a table of your configured mining server host names and what their ip addresses and tcp port numbers should be (there are always subject to change, but only legitimately by the server operators), and learn how to use your operating system's netstat command to view a list of currently active tcp connections.  For wafflepool search for tcp connection on appropriate ip address and port 3333.  Should that line disappear from the list and your miner is still reporting that it is actively mining (and not having shifted to one of your other backup pools), then that would be indicative of a hash theft attack.


Thanks,  got it.

I also upgraded to kalroth  so I can use the new switch,  so hopefully it won't be an issue to begin with.

hero member
Activity: 630
Merit: 500
Another dumbass question: Has anyone run multiple instances of miner clients and had it stay stable.  I want to use seperate cards in same box so I can try Vertcoin.  I realize I might have to upgrade memory capacity for that box.  I know cgminer has an option to select cards to use ... just have not dug into it yet and do not want to make my mining box unstable trying this.
hero member
Activity: 630
Merit: 500
This announce was not on webpage a few hours ago (perhaps my ISP caches pages?) and I could not find contact address in the README.  Thanks for the heads up.  The wording of the announce is from Kalroth's repository ... who said Veox used to follow my repository. As this is open source there is nothing wrong with that Smiley and Veox gave credit to Kalroth Smiley

 I am a winblowz (server 2008 R2 Enterprise) user and do not have a compiler so I am reliant on devs to post winblowz binaries.
I have LMDE in a virtualbox on my day to day use machine but miner box is running winblowz.  Still not comfortable enough with Linux to use it on production miner.
hero member
Activity: 700
Merit: 500
Also all miner developers need to be made aware of "no-client-redirect".  I have been unable to find a contact address for Veox/Sgminer.
You did not look very hard then - the obvious place being sgminer's source repo on github. Sgminer has supported no-client-redirect for 3 days now.
https://github.com/veox/sgminer/commit/01b3f70b63d530e222d647de1a87ae4716e6ab0e

It is also a trivial patch to apply yourself to almost any cgminer derivative.
hero member
Activity: 630
Merit: 500
Thanks again to Kalroth for quick semi-tested update (working fine for me).  In order to defeat these client.reconnect attacks this must be publicly announced to all who can be notified.  Also all miner developers need to be made aware of "no-client-redirect".  I have been unable to find a contact address for Veox/Sgminer.
A pool/client authentication protocol is a great idea but again will cause a lot of work for pool and client developers in co-operation.  For the good of the mining community please do what you can to get these ideas into production.  +1 to ThirtyBird for his work, I like the idea of hot-switching to different kernels for alternative scrypt coins  ... Enough rambling for tonight Smiley
sr. member
Activity: 411
Merit: 250
all fluttercoin - orphan?! wherefore???
hero member
Activity: 700
Merit: 500
i am probably doing something wrong, but i cant sniff anything from my datacenters.
What does tcpdump show?  Run it briefly and then terminate.  Take note if there are any packets filtered by the interface - this would likely indicate that there is a lot you could be sniffing but don't have your server configured correctly.

This is exactly what I am working on for YACMiner (which does scrypt, n-scrypt, and scrypt-chacha) - the server specifies the algorithm and the parameters, and the miner switches to that.
Awesome - look forward to seeing your implementation.  I recall seeing a few of your github commits before.
It's a lot more complicated on the miner side as the way cgminer/yacminer et.al. are written is to initialize for an algorithm one time when the program starts.  It's taking a lot more re-engineering than I anticipated to get to a point where the algorithm can be specified at the pool level even initially, let alone after the program is already running.
Ya, requires multiple kernel support, kernel loading/unloading.  And very likely a re-write of the config system to support multiple card configs for different algorithms.
I've got hte details in the plan on the wiki for YACMiner, and if there are any coders who can contribute, there is a fork that has the work started, otherwise, it might still take another month with the limited time I have.  The other part that needs to be addressed is the different parameters each card needs for each algorithm and the N factor as well are all going to be different.
Ya, I would say anytime you need a different kernel, you probably need a config.  In an ideal system, right now I could see having a separate GPU config for scrypt(1024, 1, 1), scrypt(2048, 1, 1), scrypt(4096, 1, 1), scrypt-chacha([various n]), and sha3 kekkek. Imagine being able to hot-swap between kernels like that.  Of course, a pool utilizing this would need to take into consideration the (potentially heavy) time cost of loading/unloading kernels, and a slower "shifting" pool that prefers to leave miners on the same algorithm would probably make sense.

I keep meaning to look into a buffer size implementation I saw recently - removed the need to specify thread-concurrency, and sounded beneficial/more accurate.  Need to find that branch again and do some testing soon.
hero member
Activity: 693
Merit: 500
Can scrypt n coins be mined on a pool like this ?
during DDOS, I tried script-n. can not be parallel to mine and then it requires individual settings. perhaps in time we need to convince, pw, another pool on a script-n.
The real work that needs to be done is extending the stratum implementation to also pass the value of N to the sgminer (and have sgminer understand).  Then a pool could switch between different scrypt-n coins.

I did some vertcoin mining while WafflePool was being DDoS'd, and I am planning to stay long on vertcoin for now - I think it's likely to do quite well as scrypt ASIC power ramps up.  Already, vertcoin is consistently more profitable to mine then LTC by my calculations (and we are still at the very beginning of the scrypt ASIC era).

This is exactly what I am working on for YACMiner (which does scrypt, n-scrypt, and scrypt-chacha) - the server specifies the algorithm and the parameters, and the miner switches to that.  It's a lot more complicated on the miner side as the way cgminer/yacminer et.al. are written is to initialize for an algorithm one time when the program starts.  It's taking a lot more re-engineering than I anticipated to get to a point where the algorithm can be specified at the pool level even initially, let alone after the program is already running.  I've got hte details in the plan on the wiki for YACMiner, and if there are any coders who can contribute, there is a fork that has the work started, otherwise, it might still take another month with the limited time I have.  The other part that needs to be addressed is the different parameters each card needs for each algorithm and the N factor as well are all going to be different.

newbie
Activity: 1
Merit: 0
Hello,

I'm a newbie to mining but reading around I have managed to configure my rig to what I think is a satisfactory level although stability is still questionable. I have decided that Wafflepool is a very good multipool (a million times better than the first one I tried) and I hope to be here for the long run.

Recently I have noticed a high number of disconnects on my connection to Wafflepool:

 Pool 0  | CD:1044 A:326144 R:3072 RTT:522ms Q:15/75 DC:17

This was over 13 hours and is over 3-9 times higher than my other pools. Is this a normal level of disconnects? With all this talk of hijacking should I be worried?

I am using Kalroth's cgminer but have not built the latest version with the --no-client-reconnect option. Is that worth doing or will that break things and stop me reconnecting after a disconnect?
newbie
Activity: 56
Merit: 0
any proves that you can sniff my traffic if i give you an ip? not just some virtual hoster that you managed to get it working 5 years ago?
Of course I can't sniff your traffic arbitrarily.  You can only view traffic on the wire where you are located - so, if you have a server in a data center on the same switch as a pool, for example, you could view all the traffic inbound to the pool.

And OVH is far from a "virtual hoster" - they are one of the largest private data center providers in the world.

---

This is all pretty basic networking stuff.  You want a demo of sniffing packets?  Connect two machines to the same network switch, fire up wireshark on one machine and start monitoring (can filter based on the other machine's IP if you want), and then go to a few websites on the second machine.

---

Confirmation from an OVH employee, written last month, suggesting that intercepting traffic was still possible at OVH (they claim they are updating their switch configuration with a feature that prevent this):
https://forum.ovh.us/showthread.php/306-Misdirected-traffic-on-dedicated-server

It looks like in the case of OVH, some form of DoS attack may be necessary to knock the intended host offline in order to intercept tcp headers.  That OVH employee post certainly confirms in my mind that, when combined with another server at a host that fails to implement BCP38, the attack method I proposed is definitely possible.
pretty basic stuff to see the traffic of all of your neighbores at your datacenter? i am probably doing something wrong, but i cant sniff anything from my datacenters. do i have to name the hosters to prove i cant sniff no one around me?
hero member
Activity: 700
Merit: 500
any proves that you can sniff my traffic if i give you an ip? not just some virtual hoster that you managed to get it working 5 years ago?
Of course I can't sniff your traffic arbitrarily.  You can only view traffic on the wire where you are located - so, if you have a server in a data center on the same switch as a pool, for example, you could view all the traffic inbound to the pool.

And OVH is far from a "virtual hoster" - they are one of the largest private data center providers in the world.

---

This is all pretty basic networking stuff.  You want a demo of sniffing packets?  Connect two machines to the same network switch, fire up wireshark on one machine and start monitoring (can filter based on the other machine's IP if you want), and then go to a few websites on the second machine.

---

A forums post made by an OVH tech that was written last month, suggests that intercepting traffic was definitely still possible at OVH (they claim they are updating their switch configuration with a feature that prevent this):
https://forum.ovh.us/showthread.php/306-Misdirected-traffic-on-dedicated-server

It looks like in the case of OVH, some form of DoS attack may be necessary to knock the intended host offline in order to intercept tcp headers.  That OVH employee post certainly confirms in my mind that, when combined with another server at a host that fails to implement BCP38, the attack method I proposed is definitely possible.
newbie
Activity: 56
Merit: 0
Here is how I would attempt to execute such an attack, based on :
- buy a server in the same data center as a large pool
- sniff packets intended for the pool (this used to be possible on OVH if you were on the same subnet as the intended host, probably still is)
is this really possible? i mean of course it is possible if you are working in that datacenter, but for outsider and only knowing pool ip..?
It's definitely possible.
any proves that you can sniff my traffic if i give you an ip? not just some virtual hoster that you managed to get it working 5 years ago?
so no one else think of ghash when looking for place where they have given their address and probably some more information to get listed?
so was anyone of those who got redirected not having a static ip and never mined at ghash?
hero member
Activity: 700
Merit: 500
Which pools were you connected to?

Sniffing details about packets.... I am not sure if this is possible, as the ethernet switch would prevent sniffing a traffic meant for a different port.

But you know... One could sniff the traffic also on Internet exchanges or redirect the traffic on BGP level - just to catch the traffic.

One cannot reasonably expect that Internet traffic would be hidden - as it is not.
WafflePool West - I removed all other pools from the config.  I do not believe this is a at all related to a rogue pool.

Switches, by very nature of the equipment, cannot isolate traffic to a specific port without the use of VLANs.  Routing requests based on IP data (Transport layer - layer 4 in the OSI model) requires a "ROUTER" - switches function only on the data link layer (layer 2), aka MAC addresses.  Suffice to say, a switch does not generally know what port a packet is intended for.

I know from personal experience that you used to be able to sniff traffic at OVH in their France datacenter.  I doubt this has changed.

It could be someone with access to some significant backbone routers - but I highly doubt that.

And if you don't mind saying where are you mining Vertcoin ?
I went solo (found 1 block) and some p2pool.

Yeh I was just reading it can't be mined alongside normal script coins on a pool, And there's not enough of them for a multicoin pool yet, At least I don't think.
Kinda.  Scrypt-Adaptive-N is fully backwards compatible with Scrypt.  "Scrypt" PoW is simply with N=10.  It wouldn't be difficult to automatically switch between scrypt and scrypt-n coins, although different intensity values would likely be desirable.  The main things that needs to be done, is to have stratum pass the value of N along with work - this will ultimately be necessary for ease of use with adaptive-n coins anyway, as the value of N is of course adaptive (changes - in the case of vertcoin, increasing periodically over time).

The latest version of SGMiner already supports Nscrypt by simply specifying --nfactor in your config.
member
Activity: 93
Merit: 10
- sniff packets intended for the pool (this used to be possible on OVH if you were on the same subnet as the intended host, probably still is)

Which pools were you connected to?

Sniffing details about packets.... I am not sure if this is possible, as the ethernet switch would prevent sniffing a traffic meant for a different port.

But you know... One could sniff the traffic also on Internet exchanges or redirect the traffic on BGP level - just to catch the traffic.

One cannot reasonably expect that Internet traffic would be hidden - as it is not.
member
Activity: 84
Merit: 10
Please give me Bitcoins so I can buy more food
I did some vertcoin mining while WafflePool was being DDoS'd, and I am planning to stay long on vertcoin for now - I think it's likely to do quite well as scrypt ASIC power ramps up.  Already, vertcoin is consistently more profitable to mine then LTC by my calculations (and we are still at the very beginning of the scrypt ASIC era).

Where is it possible to sell the new scrypt n coins ?

And if you don't mind saying where are you mining Vertcoin ?

(Edit nevermind looks like Vertcoin is on Cryptsy)
Jump to: