I'm new to this, I don't know if they do or don't, I should read up on stratum to have a better understanding of how it works and sniff the traffic to understand what's being sent over the wire. Can someone can explain how the hijacked work is redirected/attributed to someone else? Please excuse my inexperience/lack of understanding. From what I've read in this thread it sounds like work is hijacked and sent to another pool, is that correct? Is the theory that the stats pages are being attacked to mask what's happening to miners by preventing them from seeing their stats?
Regarding the MiTM attack that some users reported, are those users able to see the payout address used by sniffing the outgoing packets? Is there a white list of Eligius IPs I can configure in my routers for mining traffic or any other addresses other than the one reported to block?
Why in the world should outgoing packets contain payout address?