Author

Topic: Questionable connections from Mining Pools (Read 569 times)

newbie
Activity: 50
Merit: 0
August 19, 2012, 05:10:24 AM
#1
At the outset I will state that I am NOT some Network security Guru. So on that basis my approach is very simple.
 If I see connections into my LAN from the WAN and I did not initiate that connection or I cannot explain that connection, I terminate it! - if something I need stops working as a consequence, I re-evaluate.
Over the last couple of months I have noticed an increasing number of unexplained connections, many from “amazonaws” and other shit sources. My Router’s connection table was showing over 200 established connections running continuously. I started trying to terminate these amazonaws and other connections by blocking IP ranges in the Router Firewall. I could not stop these connections. I then realised that these connections were actually being initiated from inside my LAN by my two Miners.
I use CGMiner and in my config I had Ozco as primary, Deepbit as secondary and BTC Guild as tertiary. As an experiment I removed DeepBit and BTC Guild from the CGMiner config and re-started the Miners. All the extraneous connections that I had been trying to terminate were gone except for one. That was named as something like  “eu.server.antiddos.91.223.77.253“ Even after removing Deepbit from the config and restarting CGMiner this still appeared as a established connection. The Router showed that after a Router restart this connection never received incoming traffic, but it appeared to initiate the connection from inside my LAN and send a small amount of data out.  This “antiddos.91.223.77.253“(Edit srv-u253.antiddos.eu (91.223.77.253)) address is associated with DeepBit according to IP Look-Up. I dont know what this connection was or does but it is now stopped “in and out” on the Firewall IP Tables. I dont know where to uninstall this from!

The end result is that from over 200 established connections before I now have 42 clearly identifiable and explainable established connections and all works as before.
Except I no longer have back-up pool diversity Ozco is now primary and secondary, so the search is on for a Pool or Pools that wont fill my LAN with F--cking rubbish!

(Edit) It appears that BTCGuild is the source of the amazonaws, as soon as BTCGuild is replaced in the CGMiner config and CGMiner is restarted the amazonaws connections restart.


Jump to: