Pages:
Author

Topic: Stealth mining (Read 250 times)

member
Activity: 203
Merit: 37
January 21, 2023, 09:32:52 PM
#24
The topic is stealth mining.

...
snip
...
i.e. as I already said, it's an oxymoron.

I don't know if there is a definition for 'Stealth mining' that's agreed upon.

What I meant when I came up with the thread title was something like this:

"How can I prevent someone obtaining my ISP's data about my internet habits and then deduct that I have been mining Bitcoin for so-and-so-long, maybe even allowing estimates of how many Sats I might have stacked?"

I want to prevent future blackmailing and extortion attempts, I want to keep those freshly minted Sats anonymous and have plausible deniability in the sense that I did buy mining equipment, but then did not run it much because I realised that it is losing money (big time!) when calculated in $$.

I have no intention to write my own mining software, but would like to use open source as much as possible. But I doubt that any used or new miner I can buy would run open source software (hopefully I am wrong about that, it's a steep learning curve).
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 21, 2023, 09:07:42 PM
#23
...
Kano seems to be confusing pool with firmware again...

If you trust Braiins you just need to use V2 (only) and its encrypted, instead of clear text v1 which tells everyone what you mine and where.
Of course you also want to obfuscate your DNS queries, so install dnscrypt-proxy in your lan and use that as your DNS.
...
Not sure why you ignored all the points I made.
I guess you didn't want people to take notice of them since they are bad for you Smiley

The topic is stealth mining.

Yet your mining OS and software does things behind the scenes that no one actually knows what it is doing,
since the software doing it is closed source and the extra non stratum data it sends is encrypted,
and it connects to another target, if you don't mine to their pool.

It would make sense that someone who wants to stealth mine, has a single connection that they also know what it is doing.
Instead with your OS and software it has multiple connections and it is also sending extra data.

i.e. as I already said, it's an oxymoron.
member
Activity: 203
Merit: 37
January 21, 2023, 05:48:00 PM
#22
Get a new router that is programmed to only connect via a VPN and use that for mining?

Yes, any router that has VPS support will work, and the whole network will be running under VPN, or get a proper router like Mikrotik and rent a VPS somewhere close to you and route all your packets encrypted through that VPS, and your ISP will see that you are connecting to a server in (Germany, Norway) but they won't know exactly what you are doing, the process won't be simple, you will need to have some networking background and use a bit of googling, it's a matter of setting up some L2TP / IPSEC tunnel with some encryption like AES256, some of those algos are weak but then keep in mind the stronger the slower, so you want to find a sweet spot.

If you don't feel like going all that, just get a VPS router, many TPlinks come with easy-to-set-up VPN interfaces, and no skills are required, but the downside is, your ISP will know that you are using a VPN, they just won't know what those packets have in them unless they want to spend the money and time to decrypt them, which is unlikely.

I can't tell for Solo mining, but with pool mining, connected to a VPS in a different continent, using both SHA1 and AES256, there is exactly 0 issues, no rejected/stale shares, and everything works exactly the same when the connection to the VPS or not, my VPS is in EU which is probably pretty close to the pool's server so that's some info to keep in mind, I would assume if the VPS was in Japan and the pool server was in the U.S, with all the delay I am adding, that would probably trigger some lost shares along the way.

I have also tested the same router with Nord VPN, with almost the exact same results.

Use a mining proxy like Antproxy, connect your miners to that proxy, and install VPN on the PC, and the problem is solved, of course, the downside is that you will need the PC to run 24/7, the proxy isn't 100% stable (I have yet to find a dead stable mining proxy) so you are going to write some scripts to watch it and restart it in case something goes wrong.


Thank you very much, I continue to re-read this and eventually it will make sense.

Looking at the Mikrotik website and all they offer, the explanations of what the various gizmos are for and what they can do is well and truly Gobbledigook for me at this stage.  Grin

Much to learn! This is not a request to explain it further, it's on me to put in the learning work.

I'm also considering walking into my local gaming supply shop and ask the geek running it if he can sell me the stuff I need.
member
Activity: 203
Merit: 37
January 21, 2023, 05:40:37 PM
#21
Are you sure the vpn server is closest to Singapore?

I tried all of the Braiins Stratum V1 mining server options in the 'Connect a miner' list. The ping time for Singapore is better than the others, but it does not result in a better hashing rate.
Quote

If you trust Braiins you just need to use V2 (only) and its encrypted, instead of clear text v1 which tells everyone what you mine and where.
Can I choose Stratum V2 even if I don't run Braiins OS at this stage?

Quote
Of course you also want to obfuscate your DNS queries, so install dnscrypt-proxy in your lan and use that as your DNS.
I'll have to learn about that.
Quote

Remember that the VPN server knows who you are, and with V1 everything between that and the pool is in the clear for anyone to see.

Don't worry, i can tell you where else the miner is connecting (drumroll): it connects to Braiins Pool using V2 for the dev fee. We can provide you a list of domain names for whitelisting in case you need (pm), you can block everything else.
Does that apply to a miner running Braiins OS only?

[/quote]

Thanks for all the explanations! Some of it sounds like Bohemian villages for now, but that's changing rapidly thanks to all the help offered in this forum!

legendary
Activity: 2030
Merit: 1573
CLEAN non GPL infringing code made in Rust lang
January 21, 2023, 09:04:25 AM
#20
Are you sure the vpn server is closest to Singapore?

Kano seems to be confusing pool with firmware again...

If you trust Braiins you just need to use V2 (only) and its encrypted, instead of clear text v1 which tells everyone what you mine and where.
Of course you also want to obfuscate your DNS queries, so install dnscrypt-proxy in your lan and use that as your DNS.

Remember that the VPN server knows who you are, and with V1 everything between that and the pool is in the clear for anyone to see.

Don't worry, i can tell you where else the miner is connecting (drumroll): it connects to Braiins Pool using V2 for the dev fee. We can provide you a list of domain names for whitelisting in case you need (pm), you can block everything else.

Now if Kano added V2 to kanominer and kanopool, his comments would be moot. There is an independent (Not Braiins) open source reference implementation and all...
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 20, 2023, 09:55:32 PM
#19
Brains doesn't just connect to the pool you use.
If you mine to somewhere else, it will also connect to them and fail if it can't connect to them.
It also sends encrypted non-stratum data about your miner.

If you want to stealth mine, then you can't use any third party firmware, they all connect elsewhere or wont work.

I'm very unsure if I understand what you mean.

Do you mean that this applies only if I use Braiins OS to operate my miners?

And in any case, if all my traffic goes through a VPN, does it still matter if it connects elsewhere?

Well what's the point of stealth mining, if the miner is connecting to other places you don't know,
and sending other encrypted data you don't know,
coz it's closed source and you can't tell even what else it's doing.

Seems a bit of an oxymoron.
member
Activity: 203
Merit: 37
January 20, 2023, 09:36:00 PM
#18
When solo mining at home:
First, your miner has to send the full block to your bitcoin.
Then you bitcoin has to process that block completely (if you don't have a fast CPU that can take a while - a lot more than 100ms)
and then send it out to the network nodes it's connected to.
Then every node you send it to, has to process that block before sending it off to the other nodes they're connected to.
Then somewhere in those multiple steps it must get to the work generators of the large pools, so they will process that block and switch to your new block.

This entire process is not 100ms unless you spend a lot of money on hardware, network and world wide connectivity.

Of course there's also the issue that the block you were working on could already have been stale, if your bitcoin is slow to get, and process, block changes from the large pools ...

So for solo mining, you must run your own node on a fast and well connected computer.

Compared to the time needed to process the found block repeatedly, does the ping time matter much?
member
Activity: 203
Merit: 37
January 20, 2023, 09:30:22 PM
#17
Brains doesn't just connect to the pool you use.
If you mine to somewhere else, it will also connect to them and fail if it can't connect to them.
It also sends encrypted non-stratum data about your miner.

If you want to stealth mine, then you can't use any third party firmware, they all connect elsewhere or wont work.

I'm very unsure if I understand what you mean.

Do you mean that this applies only if I use Braiins OS to operate my miners?

And in any case, if all my traffic goes through a VPN, does it still matter if it connects elsewhere?
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 20, 2023, 08:27:42 PM
#16
Brains doesn't just connect to the pool you use.
If you mine to somewhere else, it will also connect to them and fail if it can't connect to them.
It also sends encrypted non-stratum data about your miner.

If you want to stealth mine, then you can't use any third party firmware, they all connect elsewhere or wont work.
member
Activity: 203
Merit: 37
January 20, 2023, 07:59:52 PM
#15
I'm currently mining via VPN, so I did some pinging tests:

The ping times seem to be reasonably good for some pools, but slow for others:
~snip~

That's not the way how to ping the stratum server/pool Kano has its own guide before I don't know where it is right now but you can try to check my guide below on how to ping stratum pools or a pool with ports, not just the website itself because you are directly pinging 80/443 HTTP/HTTPS ports.

- https://bitcointalksearch.org/topic/m.52084230

I don't understand what the difference would be.

Braiins gives this address to connect miners at the Singapore pool location:  stratum+tcp://sg.stratum.braiins.com:3333
 
But the miner wants sg.stratum.braiins.com:3333 to actually connect and work.

And I'm pinging this exact same address that is used for mining.

Code:
--- sg.stratum.braiins.com ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19033ms
rtt min/avg/max/mdev = 145.907/173.786/466.150/71.413 ms

When I use the full address provided by Braiins in their instructions, then the pinging does not work, just like the mining does not work:
Code:
ping -c20 stratum+tcp://sg.stratum.braiins.com:3333
ping: stratum+tcp://sg.stratum.braiins.com:3333: Name or service not known

Code:
ping -c20 stratum+tcp://sg.stratum.braiins.com
ping: stratum+tcp://sg.stratum.braiins.com: Name or service not known
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
January 20, 2023, 07:14:34 PM
#14
I'm currently mining via VPN, so I did some pinging tests:

The ping times seem to be reasonably good for some pools, but slow for others:
~snip~

That's not the way how to ping the stratum server/pool Kano has its own guide before I don't know where it is right now but you can try to check my guide below on how to ping stratum pools or a pool with ports, not just the website itself because you are directly pinging 80/443 HTTP/HTTPS ports.

- https://bitcointalksearch.org/topic/m.52084230
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
January 16, 2023, 04:23:01 PM
#13
Get a new router that is programmed to only connect via a VPN and use that for mining?

Yes, any router that has VPS support will work, and the whole network will be running under VPN, or get a proper router like Mikrotik and rent a VPS somewhere close to you and route all your packets encrypted through that VPS, and your ISP will see that you are connecting to a server in (Germany, Norway) but they won't know exactly what you are doing, the process won't be simple, you will need to have some networking background and use a bit of googling, it's a matter of setting up some L2TP / IPSEC tunnel with some encryption like AES256, some of those algos are weak but then keep in mind the stronger the slower, so you want to find a sweet spot.

If you don't feel like going all that, just get a VPS router, many TPlinks come with easy-to-set-up VPN interfaces, and no skills are required, but the downside is, your ISP will know that you are using a VPN, they just won't know what those packets have in them unless they want to spend the money and time to decrypt them, which is unlikely.

I can't tell for Solo mining, but with pool mining, connected to a VPS in a different continent, using both SHA1 and AES256, there is exactly 0 issues, no rejected/stale shares, and everything works exactly the same when the connection to the VPS or not, my VPS is in EU which is probably pretty close to the pool's server so that's some info to keep in mind, I would assume if the VPS was in Japan and the pool server was in the U.S, with all the delay I am adding, that would probably trigger some lost shares along the way.

I have also tested the same router with Nord VPN, with almost the exact same results.

Use a mining proxy like Antproxy, connect your miners to that proxy, and install VPN on the PC, and the problem is solved, of course, the downside is that you will need the PC to run 24/7, the proxy isn't 100% stable (I have yet to find a dead stable mining proxy) so you are going to write some scripts to watch it and restart it in case something goes wrong.

legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 15, 2023, 07:25:49 PM
#12
When solo mining at home:
First, your miner has to send the full block to your bitcoin.
Then you bitcoin has to process that block completely (if you don't have a fast CPU that can take a while - a lot more than 100ms)
and then send it out to the network nodes it's connected to.
Then every node you send it to, has to process that block before sending it off to the other nodes they're connected to.
Then somewhere in those multiple steps it must get to the work generators of the large pools, so they will process that block and switch to your new block.

This entire process is not 100ms unless you spend a lot of money on hardware, network and world wide connectivity.

Of course there's also the issue that the block you were working on could already have been stale, if your bitcoin is slow to get, and process, block changes from the large pools ...
member
Activity: 203
Merit: 37
January 15, 2023, 05:33:21 PM
#11


I'm just hashing at about 10TH/s and I cannot spot a difference when I connect to a slower vs a faster ping-response pool address.


The question is, what will happen if you find a block with your miner. Do you have the proper connection to get it fast enough to the nodes, so the block will not be orphaned?

This only applies to solo mining, correct?

I obviously have much more to learn about mining and networking etc.

To how many other nodes do I need to send a found block if I were solo mining?

Assuming I only have to send it once, and a block size of 1Mb , while measuring my upload speed as 11Mbps, does that mean it would take less than 100ms to upload one block?

And if so, then I figure that I would have to be rather unlucky for someone else to find a block during this 1/10th of a second.

1 block every 10min on average would mean the chance is about 10min * 60s * 10deciseconds => a 1 in 6000 chance that my block will get orphaned.

The above math may be entirely wrong, happy to be told how badly wrong I understand it all!
hero member
Activity: 1050
Merit: 642
Magic
January 15, 2023, 10:29:26 AM
#10


I'm just hashing at about 10TH/s and I cannot spot a difference when I connect to a slower vs a faster ping-response pool address.


The question is, what will happen if you find a block with your miner. Do you have the proper connection to get it fast enough to the nodes, so the block will not be orphaned?
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 15, 2023, 07:15:50 AM
#9
Stratum mining (not braiins) is about 15Mbytes a day per pool connection.

It's not bandwidth, it's latency that matters from you to the pool or you to the rest of the world if you aren't using a pool.
member
Activity: 203
Merit: 37
January 15, 2023, 05:40:03 AM
#8
Is more data flow required when your hash rate is higher?

I'm just hashing at about 10TH/s and I cannot spot a difference when I connect to a slower vs a faster ping-response pool address.

Could it be that a fast connection is much more important when hashing at high rates?
hero member
Activity: 1050
Merit: 642
Magic
January 15, 2023, 05:14:51 AM
#7
Maybe its better to mine in a different location (like a hosting provider) if it is not possible to mine in your place? If you get a bad connection this could greatly affect your mining results as it was said above and there are great hosting services around.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 15, 2023, 02:46:26 AM
#6
Well you'd need a pool that reports some sort of average for that.
e.g. on my pool the average is currently 0.08%


If your miner itself is also dropping shares (which is a really bad idea) then your 0.2% number is even worse.
I can't really tell from that info.
member
Activity: 203
Merit: 37
January 14, 2023, 11:14:42 PM
#5
You can do that there are some routers that can able to set up a VPN or are compatible with OpenVPN or you can make a server with PFsense that includes OpenVPN this one only need extra PC with memory and HDD.

But take note of what kano said above, however, you can do some tests just make sure that the IP of the VPN you are trying to connect must be near your country to get a lesser ping and most of the pools have 3 different ports and pool server US, EU and ASIA you can test them one by one until you found a pool server with better ping. Most recommended latency is below 150ms if above on that you will get a high pool rejection rate.

I'm not sure how to tell from my pool stats if there is any problem due to VPN delays.

Do I interpret the numbers below correctly when I say there are about 0.2% stale shares? And if so, is that an acceptable number?


Pages:
Jump to: