SSL Connection - Githubissues

JuicyPasta / Claymore-No-Fee-Proxy

Removes Claymore's 1-2% mining fee

137 stars 60 forks source link

SSL Connection #17

Closed TheDarkCryptoMiner closed 7 years ago

TheDarkCryptoMiner commented 7 years ago

It seems claymore is actually connecting to a SSL Servers.

Running wireshark without claymore and using pure Ethminer, and then with claymore, there is a distinct difference. Anyway to MitM the SSL? - I have trust issues, and with this SSL running. :(

I checked - 9.6 and 9.7 are the same.

Also, I see routed DNS packets and connections, which makes me think he is running his own DNS comparisons.

drdada commented 7 years ago

I did the same with 9.7 on my rig lab and i saw nothing (No SSL and no DNS queries). Can you give me the ip:port and more infos ?

TheDarkCryptoMiner commented 7 years ago

This is coming in data 185.60.216.35 192.168.1.147 TLSv1.2 85 Encrypted Alert 185.60.216.35 192.168.1.147 TLSv1.2 100 Application Data

No ports mentioned on the Tls ones, so I can only assume port 443.

IP NSLookup doesn't resolve.

The following one does: D:\Mining>nslookup 50.17.232.169 Server: google-public-dns-a.google.com Address: 8.8.8.8 Name: ec2-50-17-232-169.compute-1.amazonaws.com Address: 50.17.232.169

Some of the others I have ruled out and checked them as they were running all the time (msnbot etc.)

drdada commented 7 years ago

185.60.216.35 is facebook The second ip is krxd.net (tracker, webtool and CDN provider)

If you have others suspicions, don't hesitate to share it. I suggest you to remove all the unwanted services on your computer to avoid unwanted traffic. I recommand the use of Process Monitor. Track the claymore process and check if you see some TCP entry with port other than your pool.

TheDarkCryptoMiner commented 7 years ago

Thanks for that - not sure why nslookup never resolved those. More interestingly why facebook is on the machine. No windows apps or google extensions etc. Will checkout the process monitor tool :)

TheDarkCryptoMiner commented 7 years ago

Should I close this? - it seems to be ok - not having any issues.

I wrote a C# implementation if you would like it to accompany the python one - getting 16-31ms response times without the networking priority tweak

drdada commented 7 years ago

I close it for you 👍 Don't hesitate to investigate if you doubt about something (and share it).

For your C# Project, i'm curious to see it. Feel free to send me a PM on gitter.