Community discussions

MikroTik App
 
User avatar
genesispro
Member Candidate
Member Candidate
Topic Author
Posts: 148
Joined: Fri Mar 14, 2014 12:33 pm

Block crypto currency mining

Fri Apr 20, 2018 12:17 pm

I have a building with 100+ users.
The landlord (our customer) has detected unusual increase in power bills and he is trying to detect and fail proof if possible crypto currency mining that could be increasing significantly the power usage in his building.
Is there a way to detect and block that kind of traffic?
Possibly add also a script that would add such users in a black (interface) list?
 
p3rad0x
Long time Member
Long time Member
Posts: 606
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: Block crypto currency mining

Wed Apr 25, 2018 4:47 pm

First you will have to test and see what kind of traffic a mining app or device generates.

From there you can start playing with firewalls.

The packets sent and received is also most probably encrypted.
There you go then you touched something ;-) : it only takes a change in wind direction to screw with your nat :-)
 
anavds
newbie
Posts: 38
Joined: Wed Apr 04, 2018 2:47 pm

Re: Block crypto currency mining

Wed Apr 25, 2018 5:25 pm

Good question as I have asked this question myself silently.
A start is to ensure one has an AV that looks at this type of malware.
Another layer is to add extensions to browsers such as NOCOIN etc.......

Finally what can be done at the HEX level?
Reading this article it appears some DPI programming is possible and perhaps there are some Mikrotik experts (not me) that can state if possible or not.
Lastly create a blacklist, that perhaps monthly via a script goes and gets an available list...........
https://thehackernews.com/2018/02/crypt ... hreat.html
 
User avatar
genesispro
Member Candidate
Member Candidate
Topic Author
Posts: 148
Joined: Fri Mar 14, 2014 12:33 pm

Re: Block crypto currency mining

Thu Apr 26, 2018 3:13 pm

What I am doing so far is use a list of crypto domains 2000+ added to a firewall list and using it to monitor or block traffic towards these servers.
The problem is that if that domain is in a shared hosting also the other domains hosted in that server would be affected

Who is online

Users browsing this forum: damji98, mcgoebel and 68 guests