Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <marek@palatinus.cz>) id 1XFY4P-0007KB-Ad
	for bitcoin-development@lists.sourceforge.net;
	Fri, 08 Aug 2014 00:30:09 +0000
X-ACL-Warn: 
Received: from mail-vc0-f174.google.com ([209.85.220.174])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1XFY4N-0002Z0-6P
	for bitcoin-development@lists.sourceforge.net;
	Fri, 08 Aug 2014 00:30:09 +0000
Received: by mail-vc0-f174.google.com with SMTP id la4so7484875vcb.33
	for <bitcoin-development@lists.sourceforge.net>;
	Thu, 07 Aug 2014 17:30:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to:cc:content-type;
	bh=x7BGLjNTOoPiWXU1vOR/J6cLpaxqCsOlA4BPuf56KX8=;
	b=OmngdCYSfHMapB9bHVl7mpMD/qFcij2hrGph07K+aCcgxnMP8+FIfqEIZXbXjohH7D
	/H/znjbRoAle3uXhXR+b7D+KuE6wM7fgg7Ti7IXTjLsWTrKbQVVgi0zL3HZdSAozCFr9
	qW2tOJjtZIatCBUh34e0opAufOUNmmZIyHX7vGO5wiEurasGoKo3IbyGlQZhx8rzEKKi
	c/Y2swR7e/YucPm3eaQPtPT3yb8BCT9lLv2P9DWq0yifAL8HJQjUE7KuhEteydDkj5DR
	8hiFtB40iugd3ww5+gweQE3ZebwKIN7uZ2Jvg9L9QXQx96FkKCqZaDrxymcdtlWk4ImC
	3lUg==
X-Gm-Message-State: ALoCoQnl4yRsXe5urosl9zE2GqVE9sfAMRkoAEdrSCbY8D3nTU7mOgpggS6Uf0gWFpxKQLfOLeOI
X-Received: by 10.220.167.9 with SMTP id o9mr7293588vcy.8.1407457801461; Thu,
	07 Aug 2014 17:30:01 -0700 (PDT)
MIME-Version: 1.0
Sender: marek@palatinus.cz
Received: by 10.58.173.226 with HTTP; Thu, 7 Aug 2014 17:29:31 -0700 (PDT)
In-Reply-To: <201408072345.45363.luke@dashjr.org>
References: <CAPS+U9-ze_-gcYh1WNVJ5h8AZ8owoQX=8OUgNcKnaxgvjxZATA@mail.gmail.com>
	<201408072345.45363.luke@dashjr.org>
From: slush <slush@centrum.cz>
Date: Fri, 8 Aug 2014 02:29:31 +0200
X-Google-Sender-Auth: NK_5zoxwt5woSY-AEyM446X7Wzw
Message-ID: <CAJna-HjzMO68KSXYG++X-8vzQCLurkrAAhfrVo9-AbaoYdqZhw@mail.gmail.com>
To: Luke Dashjr <luke@dashjr.org>
Content-Type: multipart/alternative; boundary=089e015366884af5ed0500134e1e
X-Spam-Score: 2.7 (++)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(slush[at]centrum.cz)
	1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
	[URIs: dashjr.org]
	1.0 HTML_MESSAGE           BODY: HTML included in message
X-Headers-End: 1XFY4N-0002Z0-6P
Cc: "bitcoin-development@lists.sourceforge.net"
	<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Miners MiTM
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 00:30:09 -0000

--089e015366884af5ed0500134e1e
Content-Type: text/plain; charset=ISO-8859-1

AFAIK the only protection is SSL + certificate validation on client side.
However certificate revocation and updates in miners are pain in the ass,
that's why majority of pools (mine including) don't want to play with
that...

slush


On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <luke@dashjr.org> wrote:

> On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote:
> > Hi there,
> >
> > I was wondering if you guys have come across this article:
> >
> > http://www.wired.com/2014/08/isp-bitcoin-theft/
> >
> > The TL;DR is that somebody is abusing the BGP protocol to be in a
> position
> > where they can intercept the miner traffic. The concerning point is that
> > they seem to be having some degree of success in their endeavour and
> > earning profits from it.
> >
> > I do not understand the impact of this (I don't know much about BGP, the
> > mining protocol nor anything else, really), but I thought it might be
> worth
> > putting it up here.
>
> This is old news; both BFGMiner and Eloipool were hardened against it a
> long
> time ago (although no Bitcoin pools have deployed it so far). I'm not
> aware of
> any actual case of it being used against Bitcoin, though - the target has
> always been scamcoins.
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--089e015366884af5ed0500134e1e
Content-Type: text/html; charset=ISO-8859-1

<div dir="ltr">AFAIK the only protection is SSL + certificate validation on client side. However certificate revocation and updates in miners are pain in the ass, that&#39;s why majority of pools (mine including) don&#39;t want to play with that...<div>

<br></div><div>slush</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 8, 2014 at 1:45 AM, Luke Dashjr <span dir="ltr">&lt;<a href="mailto:luke@dashjr.org" target="_blank">luke@dashjr.org</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Thursday, August 07, 2014 11:02:21 PM Pedro Worcel wrote:<br>
&gt; Hi there,<br>
&gt;<br>
&gt; I was wondering if you guys have come across this article:<br>
&gt;<br>
&gt; <a href="http://www.wired.com/2014/08/isp-bitcoin-theft/" target="_blank">http://www.wired.com/2014/08/isp-bitcoin-theft/</a><br>
&gt;<br>
&gt; The TL;DR is that somebody is abusing the BGP protocol to be in a position<br>
&gt; where they can intercept the miner traffic. The concerning point is that<br>
&gt; they seem to be having some degree of success in their endeavour and<br>
&gt; earning profits from it.<br>
&gt;<br>
&gt; I do not understand the impact of this (I don&#39;t know much about BGP, the<br>
&gt; mining protocol nor anything else, really), but I thought it might be worth<br>
&gt; putting it up here.<br>
<br>
</div></div>This is old news; both BFGMiner and Eloipool were hardened against it a long<br>
time ago (although no Bitcoin pools have deployed it so far). I&#39;m not aware of<br>
any actual case of it being used against Bitcoin, though - the target has<br>
always been scamcoins.<br>
<br>
------------------------------------------------------------------------------<br>
Infragistics Professional<br>
Build stunning WinForms apps today!<br>
Reboot your WinForms applications with our WinForms controls.<br>
Build a bridge from your legacy apps to the future.<br>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=153845071&amp;iu=/4140/ostg.clktrk" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=153845071&amp;iu=/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
</blockquote></div><br></div>

--089e015366884af5ed0500134e1e--