public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: slush <slush@centrum.cz>
To: Luke Dashjr <luke@dashjr.org>
Cc: "bitcoin-development@lists.sourceforge.net"
	<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Miners MiTM
Date: Fri, 8 Aug 2014 02:29:31 +0200	[thread overview]
Message-ID: <CAJna-HjzMO68KSXYG++X-8vzQCLurkrAAhfrVo9-AbaoYdqZhw@mail.gmail.com> (raw)
In-Reply-To: <201408072345.45363.luke@dashjr.org>

[-- Attachment #1: Type: text/plain, Size: 1771 bytes --]

AFAIK the only protection is SSL + certificate validation on client side.
However certificate revocation and updates in miners are pain in the ass,
that's why majority of pools (mine including) don't want to play with
that...

slush


On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <luke@dashjr.org> wrote:

> On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote:
> > Hi there,
> >
> > I was wondering if you guys have come across this article:
> >
> > http://www.wired.com/2014/08/isp-bitcoin-theft/
> >
> > The TL;DR is that somebody is abusing the BGP protocol to be in a
> position
> > where they can intercept the miner traffic. The concerning point is that
> > they seem to be having some degree of success in their endeavour and
> > earning profits from it.
> >
> > I do not understand the impact of this (I don't know much about BGP, the
> > mining protocol nor anything else, really), but I thought it might be
> worth
> > putting it up here.
>
> This is old news; both BFGMiner and Eloipool were hardened against it a
> long
> time ago (although no Bitcoin pools have deployed it so far). I'm not
> aware of
> any actual case of it being used against Bitcoin, though - the target has
> always been scamcoins.
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

[-- Attachment #2: Type: text/html, Size: 2598 bytes --]

  reply	other threads:[~2014-08-08  0:30 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-07 23:02 [Bitcoin-development] Miners MiTM Pedro Worcel
2014-08-07 23:45 ` Luke Dashjr
2014-08-08  0:29   ` slush [this message]
2014-08-08  0:37     ` Christopher Franko
2014-08-08  1:07       ` Pedro Worcel
2014-08-08  2:22         ` slush
2014-08-08  1:01     ` Luke Dashjr
2014-08-08  9:53       ` Mike Hearn
2014-08-08 18:21         ` Jeff Garzik
2014-08-08 18:27           ` Luke Dashjr
2014-08-08 18:34           ` Laszlo Hanyecz
2014-08-09 12:15             ` Sergio Lerner
2014-08-08  3:18     ` Jeff Garzik
2014-08-08  9:42     ` Mike Hearn
2014-08-09 19:39       ` Troy Benjegerdes
2014-08-09 19:31   ` Troy Benjegerdes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAJna-HjzMO68KSXYG++X-8vzQCLurkrAAhfrVo9-AbaoYdqZhw@mail.gmail.com \
    --to=slush@centrum.cz \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=luke@dashjr.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox