Pages:
Author

Topic: Wonder who this solominer is? 88.6.216.9 (Read 60490 times)

member
Activity: 518
Merit: 10
October 30, 2018, 12:39:46 PM
Very interested to find out what this IP is.  Been looking at it, and the way the transactions work, paired with the size makes me fear it's a botnet.  The easiest way to run a botnet without a pool:  Make a special server that distributes a wallet address, a hash of the previous block, and the current difficulty, and let the bot do all its own work instead of the grabbing work from bitcoind.

It would be one hell of a botnet.  Looking at blocks in last 24 hours unless it is on one monster lucky spree it would need to have ~1800 GH/s.  Since average CPU is maybe 1 MH/s (unless it is a botnet which just targets i-7 nodes) we are talking 1.8 million active nodes.
hero member
Activity: 658
Merit: 500
Key pair signing would also enable other things like enabling revocation of transactions. A method could be developed that would enable stolen coins to be recovered or made worthless.

Say a large amont of coins were stolen. If they had a private key assigned, an insurance transaction could be made for the same amount with a revocation key attached to invalidate the transfer after a lengthy confirmation period. As soon as the transaction hits the chain the addresses are block from transferring coins. This could also be challenged by doing another challenge transaction in the same way.  You could add in some security features like requiring a public ip address to broadcast during the entire revocation period to dispute. In that way the source could be traced. For a thief they would not be able to "afford" the chargeback or hide anonymously. It's not free per se to do either so it's not readily abuseable.




You don't need a protocol change to do that if it's already possible to put your information in it.
Just change the extra information to
your name + previous block hash you've mined + sign(your name + previous block hash)
It should be possible to not insert this information so real anonymous mining stays possible.

That won't work but I wasn't suggesting a breaking protocol change but rather an agreed upon optional standard which is fully backwards compatible.

Instead something like pools (optionally) create a public private keypair used for signing (probably should have mechanism for revocation or replacement).
The pool would modify the getwork so that they hash some standardized identifer (should be specific to the block to avoid substitution attack) and sign it.

Yes I was indicating such a system should be optional but sites like blockchain.info could scan the block look for a signature and then verify it w/ the pool's public key.    In cases where the block can't be verified (or no signature is present) blockchain.info and other sites could still try to guestimate the origin by IP address.  As long as the signature is placed somewhere which isn't a breaking change uniformed clients would simply ignore it.

sr. member
Activity: 364
Merit: 250
Might be the supercomputer at Granada's University, I went to see it and it is BIG AS HELL with loads of gpu's
R-
full member
Activity: 238
Merit: 100
Pasta
Did we figure this one out?
donator
Activity: 1218
Merit: 1079
Gerald Davis
You don't need a protocol change to do that if it's already possible to put your information in it.
Just change the extra information to
your name + previous block hash you've mined + sign(your name + previous block hash)
It should be possible to not insert this information so real anonymous mining stays possible.
Anyone can get the previous hash from your pool. It's in the blockchain, after all.

However, publishing some kind of signature based on the block number or hash, signed by a pool's private key would be ideal.

Except in a 51% attack. Smiley

The signature would need to contain something specific to the block (like merkle tree hash).
donator
Activity: 1218
Merit: 1079
Gerald Davis
You don't need a protocol change to do that if it's already possible to put your information in it.
Just change the extra information to
your name + previous block hash you've mined + sign(your name + previous block hash)
It should be possible to not insert this information so real anonymous mining stays possible.

That won't work but I wasn't suggesting a breaking protocol change but rather an agreed upon optional standard which is fully backwards compatible.

Instead something like pools (optionally) create a public private keypair used for signing (probably should have mechanism for revocation or replacement).
The pool would modify the getwork so that they hash some standardized identifer (should be specific to the block to avoid substitution attack) and sign it.

Yes I was indicating such a system should be optional but sites like blockchain.info could scan the block look for a signature and then verify it w/ the pool's public key.    In cases where the block can't be verified (or no signature is present) blockchain.info and other sites could still try to guestimate the origin by IP address.  As long as the signature is placed somewhere which isn't a breaking change uniformed clients would simply ignore it.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
You don't need a protocol change to do that if it's already possible to put your information in it.
Just change the extra information to
your name + previous block hash you've mined + sign(your name + previous block hash)
It should be possible to not insert this information so real anonymous mining stays possible.
Anyone can get the previous hash from your pool. It's in the blockchain, after all.

However, publishing some kind of signature based on the block number or hash, signed by a pool's private key would be ideal.
hero member
Activity: 1596
Merit: 502
You don't need a protocol change to do that if it's already possible to put your information in it.
Just change the extra information to
your name + previous block hash you've mined + sign(your name + previous block hash)
It should be possible to not insert this information so real anonymous mining stays possible.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Honestly we need strongly signed blocks.  It can be optional but I imagine most pools would sign their blocks.  Major farms (GBLSE) would sign blocks to prove their contract's hashing power.  I think a majority of p2pool miners and even some solo miners would strongly sign their blocks. 

While not everyone would sign blocks it would eliminate the false positives and reduce the amount of unknown to the truly unknown.

Strongly signed blocks can be the precursor for more complex pool based services (like 0-confirm surety contracts).
What is the benefit of signed blocks? So we can see who mined it?
Yes. Right now, anyone can put almost anything in the blockchain to "prove" who made a block, but that doesn't stop anyone from putting someone else's info in to masquerade as them. There isn't usually any incentive to do that though, except in the case of something such as a botnet.
And can you imagine the chaos if someone with a moderate sized botnet started posing as a popular pool? It could make it appear that a pool was scamming its miners by not reporting blocks.
I think the major pools should publish the IP addresses that they publish blocks on, so that we can get a handle on who is submitting which blocks even before we start looking at signing.
If they are going to always publish blocks from a specific IP as a way of identification, then they will need to disable relaying functionality, otherwise said botnet would just relay through them.
sr. member
Activity: 336
Merit: 250
Honestly we need strongly signed blocks.  It can be optional but I imagine most pools would sign their blocks.  Major farms (GBLSE) would sign blocks to prove their contract's hashing power.  I think a majority of p2pool miners and even some solo miners would strongly sign their blocks. 

While not everyone would sign blocks it would eliminate the false positives and reduce the amount of unknown to the truly unknown.

Strongly signed blocks can be the precursor for more complex pool based services (like 0-confirm surety contracts).
What is the benefit of signed blocks? So we can see who mined it?
Yes. Right now, anyone can put almost anything in the blockchain to "prove" who made a block, but that doesn't stop anyone from putting someone else's info in to masquerade as them. There isn't usually any incentive to do that though, except in the case of something such as a botnet.
And can you imagine the chaos if someone with a moderate sized botnet started posing as a popular pool? It could make it appear that a pool was scamming its miners by not reporting blocks.
I think the major pools should publish the IP addresses that they publish blocks on, so that we can get a handle on who is submitting which blocks even before we start looking at signing.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Honestly we need strongly signed blocks.  It can be optional but I imagine most pools would sign their blocks.  Major farms (GBLSE) would sign blocks to prove their contract's hashing power.  I think a majority of p2pool miners and even some solo miners would strongly sign their blocks. 

While not everyone would sign blocks it would eliminate the false positives and reduce the amount of unknown to the truly unknown.

Strongly signed blocks can be the precursor for more complex pool based services (like 0-confirm surety contracts).
What is the benefit of signed blocks? So we can see who mined it?
Yes. Right now, anyone can put almost anything in the blockchain to "prove" who made a block, but that doesn't stop anyone from putting someone else's info in to masquerade as them. There isn't usually any incentive to do that though, except in the case of something such as a botnet.
hero member
Activity: 1596
Merit: 502
Honestly we need strongly signed blocks.  It can be optional but I imagine most pools would sign their blocks.  Major farms (GBLSE) would sign blocks to prove their contract's hashing power.  I think a majority of p2pool miners and even some solo miners would strongly sign their blocks. 

While not everyone would sign blocks it would eliminate the false positives and reduce the amount of unknown to the truly unknown.

Strongly signed blocks can be the precursor for more complex pool based services (like 0-confirm surety contracts).
What is the benefit of signed blocks? So we can see who mined it?
donator
Activity: 1218
Merit: 1079
Gerald Davis
Honestly we need strongly signed blocks.  It can be optional but I imagine most pools would sign their blocks.  Major farms (GBLSE) would sign blocks to prove their contract's hashing power.  I think a majority of p2pool miners and even some solo miners would strongly sign their blocks. 

While not everyone would sign blocks it would eliminate the false positives and reduce the amount of unknown to the truly unknown.

Strongly signed blocks can be the precursor for more complex pool based services (like 0-confirm surety contracts).
hero member
Activity: 504
Merit: 502
Its deepbit.
hero member
Activity: 518
Merit: 500

Maybe he's back, but with a different ip-adress: 85.17.27.234.

Look at blockchain:
http://blockchain.info/pools
http://blockchain.info/blocks/85.17.27.234

14 blocks in 24h (like BTC-Guild). This is around 1.5 TH/s.

I only checked a few of those, but they all seem deepbit blocks:
http://blockorigin.pfoe.be/blocklist.php
full member
Activity: 134
Merit: 100
Maybe he's back, but with a different ip-address: 85.17.27.234.

Look at blockchain:
http://blockchain.info/pools
http://blockchain.info/blocks/85.17.27.234

14 blocks in 24h (like BTC-Guild). This is around 1.5 TH/s.

Reverse lookup for that ip places it in the leaseweb datacenter. If anyone has solid proof its a botnet, email it to [email protected].
full member
Activity: 158
Merit: 100
Maybe he's back, but with a different ip-adress: 85.17.27.234.

Look at blockchain:
http://blockchain.info/pools
http://blockchain.info/blocks/85.17.27.234

14 blocks in 24h (like BTC-Guild). This is around 1.5 TH/s.
hero member
Activity: 560
Merit: 500
Ad astra.
I have managed to get my hands on iMine botnet thingy and all it does is connects to a specified pool.
Of course I will not be using it as a botnet as advertised.
Are you able to determine who's code it is based on? Ufasoft, cgminer, etc? Can you tell what language it is written in?
It would appear to be coded in vb6 and uses Ufasoft.

Visual Basic... Not exactly the programming language of choice I would have expected from a hacker.
newbie
Activity: 17
Merit: 0
I have managed to get my hands on iMine botnet thingy and all it does is connects to a specified pool.
Of course I will not be using it as a botnet as advertised.
Are you able to determine who's code it is based on? Ufasoft, cgminer, etc? Can you tell what language it is written in?
It would appear to be coded in vb6 and uses Ufasoft.
hero member
Activity: 697
Merit: 500
Current FPGA are high up front cost and no resale. Either you are doing it for long term and will perhaps break even in a year or two, or you were an early adopter and have a scrooge mcduck pile of coins to cash in to "waste" on them.

The real GPU killer will be when someone gets either super cheap FPGA or an ASIC developed.

So basically if you are in bitcoin for a quick buck then FPGAs, in your mind, make no sense. I agree there, you can't just peddle FPGA miners on eBay. But damn do those $500/month powerbills get scary real fast with GPUs  Grin
Pages:
Jump to: