-
xmrpow
This guy on nano pool is now having 58 mhs and 45000 workers. Do you think this is a botnet. In my opinion the slope for it is too constant.
-
sech1
xmrpow probably attacking servers/VMs or exploiting some cloud compute
-
hyc
do we know the nanopool operators? can we ask them for the IP addresses of some of these workers?
-
xmrpow
sech1: Could be possible, but personally im sceptical about this theory. Wouldnt data center ops recognize that?
-
xmrpow
hyc: i think they wont provide the ips. Wouldnt be good for their business.
-
sech1
They're not very cooperating. I tried to report a botnet once there, and the answer was "Can you please, provide IP of infected servers, used for mining with this address? Also, please, provide configurations used for mining"
-
sech1
So unless the botnet is running on your server, you can't report it
-
xmrpow
sech1 hmm... Could sb fake a nonce pattern?
-
sech1
if they use the same nonce iteration algorithm then yes of course
-
xmrpow
So how could sb check if randomx has been broken?
-
sech1
by checking profitability per kh/s?
-
xmrpow
Thought there might exist some other indicator...
-
xmrpow
60mhs... And still growing.
-
gethh
it some cloud fraud, I bet, no fluctuations like botnet
-
sech1
I wonder how long this guy is going to last
-
sech1
this scale is noticeable even for the biggest cloud providers
-
sech1
61 MH/s already
-
gethh
unless the cloud provider pretends not to know where it gets those credit card money from :)
-
xmrpow
How far do you think this thing is potentially going to scale up?
-
hyc
still wondering why it was flat on the weekend, and only increasing on weekdays
-
hyc
that's not the pattern of someone using idle office computers
-
xmrpow
hyc: We are going to see what is happening this weekend. As long as this guy is still ramping up...
-
xmrpow
I rly dont understand why this guy is not using his own daemon....
-
xmrpow
Might be intentional.
-
hyc
60MH, yeah he could run his own
-
xmrpow
why paying 1% fee
-
xmrpow
?
-
hyc
or the guy is just not very sophisticated. script kiddy doing remote installs
-
xmrpow
and nobody is recognizing it?
-
hyc
yeah that's just weird
-
xmrpow
Not very sript kiddy like.
-
hyc
then again, the hash rates per worker are low. maybe he's using only 1 thread per machine and no one sees the perf hit
-
UkoeHB_
or he found an equally unsophisticated victim
-
xmrpow
I think they are not running on aws...
-
hyc
AWS cpu time costs too much
-
xmrpow
hyc: i thought in datacenters intel has much higher market shares until epyc came. Some of the machine are hitting 7khs. On one thread?
-
hyc
ah it mostly looked like 840, 1680Hs when I looked
-
xmrpow
i dont have average values but if you sort the workers there are some mining above 2khs
-
xmrpow
3000 thousand workers are above 3khs
-
xmrpow
sorry 3000
-
kinghat[m]
-
hyc
would expect those to have already been cleaned up
-
hyc
and again, they don't fit the usage pattern seen here
-
hyc
office PCs are probably only powered on 8 hours/day. 24/7 usage has to be servers only.
-
kinghat[m]
got ya
-
xmrpow
hyc: or some asic ;) But I rly hope it isnt...
-
hyc
lol
-
xmrpow
Then we would be screwed
-
jwinterm
nobody ever turns their computers off at my lab
-
jwinterm
we are genuinely encouraged to leave them on for overnight security patches and whatnot
-
hyc
interesting
-
hyc
but business PCs already have remote management engines, that can turn them on via ethernet commands
-
xmrpow
jwinterm: So many of them?
-
jwinterm
we probably have 10-15k wired LAN PCs
-
jwinterm
plus super computers
-
xmrpow
ok. Which one?
-
jwinterm
but just generally I doubt office workers turn off their desktops, hashrate might even drop during daytime when they're actually using CPU
-
jwinterm
not that excel and chrome uses that much cpu
-
hyc
yeah, RAM is the bigger factor probably
-
jwinterm
xmrpow, sierra is the big boy now
-
xmrpow
jwinterm: Dont you have some load monitoring system?
-
xmrpow
for the office pcs?
-
jwinterm
probably, I don't work in IT
-
jwinterm
maybe not, I don't know
-
xmrpow
ok
-
jwinterm
I run simulations overnight on desktop sometimes and no one ever yells at me
-
-
kinghat[m]
interestingly, cpu-world.com has banned me because it thinks im a botnet?
-
kinghat[m]
i was visiting the site but i was manually checking for xeons
-
kinghat[m]
nothing automated
-
kinghat[m]
never seen that before
-
kinghat[m]
sorry, bot*, not botnet.
-
xmrpow
So we all agree that i has to be some datacenter?
-
hyc
fits best, yeah
-
xmrpow
Because of the average hashrate of each miner it either has to be some older hardware or not full load like you said
-
geonic
-
geonic
^ thoughts on this?
-
geonic
Are there any objective criteria for increasing minimum RAM requirements in the future?
-
hyc
obviously if we raise them too much, only servers in data centers will be able to participate
-
selsta
IMO botnets are just a side effect of decentralization, a bit like ASIC miners who have free access to electricity.
-
selsta
If you have a decentralized system where everyone can join and mine then it will be difficult to avoid.
-
selsta
best thing you can do is reach out to AV providers to include randomx heuristics
-
geonic
I’d appreciate it if we could bump it up to 64gb, which is what I have. That way I’d solo mine a block once a month instead of once a year :)
-
geonic
and jwinterm’s nuclear-powered botnet would be cut off... it’s a win-win
-
hyc
my laptop has only 32GB. So I will vote no. :P
-
geonic
lol
-
geonic
Would it be useful if miners signaled the amount of RAM present on a machine?
-
hyc
if they know why we want to know, they will start lying and underreporting
-
geonic
Could it be built into the daemon in a tamper-proof way? Just thinking out loud
-
geonic
might be useful to have data like that to guide future adjustments to the pow like minimum thresholds
-
hyc
it's also unfriendly to assume that someone running a miner is happy to have 100% of their RAM get used by the miner
-
geonic
that’s for sure
-
jwinterm
lol implying my nuclear powered botnet doesn't have infintie ram
-
geonic
dammit