Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Pools
Re: [6600Th] Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB (New Thread)
by
anth0ny
on 26/04/2014, 14:14:28 UTC
Quote from: kano on April 26, 2014, 12:33:23 PM
Well then let me put it in clearer terms for you then since you are unable to understand or explain it or even suggest a solution Smiley

Anyone still mining here is at risk and there is no way to mitigate it with the current setup.

Disabling client.redirect doesn't solve the initial connect redirect issue (since that's not stratum)
So if it really is as bad as a MITM then you are screwed anyway until you can stop the MITM or move your pool somewhere else.

It's a lot easier to insert a single TCP packet (containing a client.redirect command) in one direction than it is to intercept an entire TCP connection in both directions.

Whether or not you want to call the former a MITM attack is another matter. Really the attacker in that case isn't (necessarily) in the middle, she just pretends to be.

Quote from: kano on April 26, 2014, 07:27:56 AM
Not only that, but it would be important for Eligius to let us know what the data centre is that is doing or allowing one of their employees to do this MITM attack, so that we all know to not use that data centre.

By the way, neither requires being in the data centre of the server.  The latter (which I'd call a true MITM attack) just requires being somewhere in the middle (hence the name).

The former (which is probably more likely) doesn't even require that. It just requires correctly guessing TCP sequence numbers and spoofing of the source address. See, e.g., http://www.thegeekstuff.com/2012/01/tcp-sequence-number-attacks/

In any case, I think we have our answer to the question as to why the DOS is/was going on (*). Be careful what you wish for...

(*) Step 2: "[The attacker] floods Host B with new requests causing a Denial of service attack to stop Host B from communicating with A."