So....
did anyone investigate the possibility that the API for pool manipulation was being abused? If can modify peoples pool settings to create a pool with specific settings and then switch to that pool - which probably points at an http URL which then sends the stratum reconnect command to point to whatever the wallet address is at the time...
this, in theory could be done via javascript in your browser, miner monitoring software, malware, etc.
this tactic seems much easier than a large-scale man in the middle attack.
anyone whose miner is currently redirected and is running the curses interface, hit "S" for settings, then hit "W" for write. Write it out to some config file and view it. If it has more information in it than you put into it, post it here for people to evaluate.
Topic: [POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com - page 128. (Read 465668 times)
March 24, 2014, 04:49:18 PM
March 24, 2014, 04:48:11 PM
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining):
Code:
{"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]}I had set up packet capture on the outside of my firewall, and was dying to get a client.reconnect message and a connection to a rogue server followed by mining.notify messages, but I never received one. If you happen to track one down, please do share what you find here as I will be reading!
It would be great to find a miner who was keeping share logs AND actually solved a block, as then we could trace it to a wallet address, perhaps seeing how much they were able to siphon and where it might ultimately have ended up.
March 24, 2014, 04:22:45 PM
If anyone has packet captures of work packets sent after their client was hijacked, could you post or send them? I'd be curious to see what they were mining. If it's DOGE, I'm also set up to extract the payout address from the coinbase parameters. A packet should look like this (I think this was an old packet capture from Clevermining):
Code:
{"id":null,"method":"mining.notify","params":["3a61","34d9b767ab5f9e4270ca11e6f823da99af2b6da089d7cb21490c3cce4831ac63","01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2703780702062f503253482f0436221c5308","0d2f6e6f64655374726174756d2f0000000001241b6d23db1200001976a914312f0edfb1647e2f9ddbc6a0faacf3c3c8d1d21588ac00000000",["e8c40423f1291090ace9ac3a88469cf61561ad9b0f06de877f9309b846264b9b","446dea3005104d328824ae1d93b6b26d6c18c69ed6cf3d5aa8a585eeebea534a","032c4da808bf500177768605095431ee58b2773e6397db02e93eae0db86952a4","d5e6cc3bc5dc96786f97cf42a07dff996ac4b9e572844300a0065c719d9ef186","5d7d235e26d856e1bb70ea2b669fa50b6ecf3256fc26ff0ac52d2ea2de4f5c08","2ab06ed0f757226b38213aeeaca5281d013f38259cc22ae04721ab35534d83fe","f66308601f97700e503e8cea31e8d1b57f34530054a222b4bb6f99015fd462a3"],"00000002","1b33c012","531c2247",true]} March 24, 2014, 04:15:27 PM
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
You deserve to freeze if you couldn't be bothered with a failover!
Hey, I had 3 failovers configured! Unfortunately those were the other 3 WP servers
And of course now that I bothered to set up a 5th pool mining LTC the EU pool is back up, I'm just plain bad luck. EDIT: And down again. Up, and down and up, and down and up, and down and up - and down. Wasn't there some trashy song in the 90s about this?Multipools falling like flies, coincidentally at the same time as others on this forum announced they'd take them (and lots of other stuff) down. How mysterious.
Kalroth cgminer for sure and sgminer I think have a configurable delay for how long to wait before returning back to a failed server that is back up again -- just in case you are bouncing around and don't like it happening.
March 24, 2014, 04:00:40 PM
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
You deserve to freeze if you couldn't be bothered with a failover!
Hey, I had 3 failovers configured! Unfortunately those were the other 3 WP servers
And of course now that I bothered to set up a 5th pool mining LTC the EU pool is back up, I'm just plain bad luck. EDIT: And down again. Up, and down and up, and down and up, and down and up - and down. Wasn't there some trashy song in the 90s about this?Multipools falling like flies, coincidentally at the same time as others on this forum announced they'd take them (and lots of other stuff) down. How mysterious.
March 24, 2014, 03:53:47 PM
My wafflepool stats are showing ~5% of the actual hashrate, which suggests that my rigs might be connecting to it briefly, and then falling back to other pools. Can't access cgminer logs right now to verify though.
March 24, 2014, 03:47:42 PM
March 24, 2014, 03:44:06 PM
Seems to be back up...
March 24, 2014, 03:41:04 PM
Wafflepool : 0.00364643
DogeCoin : 0.00658029
Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
There is no way that Dogecoin profit figure is accurate. You will NOT earn that much from a Doge pool.DogeCoin : 0.00658029
Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
As for WafflePool, it is being DDOSed and we aren't finding any blocks, so of course the.profitability figure is falling.
March 24, 2014, 03:33:41 PM
Wafflepool : 0.00364643
DogeCoin : 0.00658029
Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
DogeCoin : 0.00658029
Wafflepool = GOOD FOR HARDWARE BUT BIG IDIOT FOR PROFIT !
March 24, 2014, 03:04:31 PM
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
You deserve to freeze if you couldn't be bothered with a failover!
March 24, 2014, 01:56:00 PM
any news???/ when pool will be ok
March 24, 2014, 01:50:37 PM
Still, this sucks, my place is ice cold. Damn winter came back right when the DDOS started and kept my rig from heating, it's a conspiracy I tell you, and they're out to kill me.
March 24, 2014, 01:10:51 PM
The price really does matter on how many different IPs he wishes to protect and any other custom services.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
You're just talking about the mechanic of offering a security product. In reality, the product is worth as much as, or at least proportional to value of assets it protects.
In this case, WP should calculate what is a loss since there are no miners and act accordingly.
And again, it is difficult to hand out the money when the pool is small (and there is no plenty of miners). But the pool was huge and handing out such an amount of money is not a problem.
Unless someone thinks - that DDOS attack will go away someday. Miners, too.
Another important consideration is that wafflepool is really only thought of as huge because it usually hosts one huge miner who contributes 20-25GH/s of the pool's total hashpower of 35GH/s, give or take. And that huge miner has shown that he is willing to actively move that power around to wherever it best suits him at the moment. It complicates the decision.
March 24, 2014, 01:02:37 PM
The price really does matter on how many different IPs he wishes to protect and any other custom services.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
You're just talking about the mechanic of offering a security product. In reality, the product is worth as much as, or at least proportional to value of assets it protects.
In this case, WP should calculate what is a loss since there are no miners and act accordingly.
And again, it is difficult to hand out the money when the pool is small (and there is no plenty of miners). But the pool was huge and handing out such an amount of money is not a problem.
Unless someone thinks - that DDOS attack will go away someday. Miners, too.
March 24, 2014, 12:06:43 PM
May I suggest Prolexic?
as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection.
Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better.
Thanks for the numbers. They're actually not as high as I thought they would be, but still high enough to raise pool fees.
I have four backup pools configured, and the ones with the lower fees are generally first on my list, provided they have a good operator and a proven track record of payout per hashrate (which many people around here know I prefer to refer to as BTC/MHD!)
The price really does matter on how many different IPs he wishes to protect and any other custom services.
The more regional servers you have the more it will cost. But once again Prolexic offers quotes based on what
the customer wants and you can dicker with them a bit. Essentially 1200 dollars for an IP or two is what it will
take money wise to get your foot in the door. 3-5 regional servers? double/triple it.
March 24, 2014, 11:58:59 AM
May I suggest Prolexic?
as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection.
Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better.
Thanks for the numbers. They're actually not as high as I thought they would be, but still high enough to raise pool fees.
I have four backup pools configured, and the ones with the lower fees are generally first on my list, provided they have a good operator and a proven track record of payout per hashrate (which many people around here know I prefer to refer to as BTC/MHD!)
March 24, 2014, 11:52:28 AM
May I suggest Prolexic?
as a previous pool operator waffle will have to choke up 1000-3000K per month for proper DDOS protection.
Cloudflare was a joke. I tried it. Prolexic, which I got a quote and never went through with, appears to be better.
March 24, 2014, 10:58:35 AM
People ddos for many reasons, this is likely a competitor trying to drive miners away from waffle. They probably figure if they frustrate the miners enough, then they will jump ship. This used to be a very common tactic when doge was beginning to get super popular...
Or most likely - the global hash rate increases - thus pushing profits down. If someone mines at the right pool (not necessary a profit switching one) - everyone else is in shit, but the smart guy mines some extra profits.
I expect DDOSes will continue to be executed.
I don't think that the ddos would stop if poolwaffle put on a condom. For one, how would the attackers even know?
All joking aside, most ddos attackers eventually get bored and move onto another target. ddos protection services often cost a lot of money, and poolwaffle would likely have to raise fees significantly in order to employ them. And that would send many miners elsewhere too. Wafflepool is a good pool with a good operator and this situation is only temporary and mining software can automatically switch to backup pools for when these attacks do occur.
March 24, 2014, 10:53:40 AM
May I suggest Prolexic?
Jump to: