Detection Prevention

M4T edited this page Jul 18, 2017 · 2 revisions

Detection Prevention

In order to be 100% Crystal clear, here are my observations for detecting software:
All of this was tested with Claymore ETH Dual 9.7 (WIN)

Observations

  • Localhost detection: When your fake pool ip address is set as localhost (127.0.0.1) or in your LAN. Claymore display a warning because he detected a local pool. You will have more stale shares! It's like Claymore willingly increase the stale share (clues #7 )
  • Reported Hashrate: You can't rely on the reported hashrate! Claymore can fake this number. Better check the 24h AVG hashrate. NB: Depending on the pool difficulty, you will provide more or less shares.
  • Network analysis: Claymore contact the pool only with his port. There are no ping, HTTP(S), telnet attempt to proof the pool authenticity.

Claymore's fact:

  • In his readme we can find: Attempts to cheat and remove dev fee will cause a bit slower mining speed (same as "-nofee 1") though miner will show same hashrate. Miner cannot just stop if cheat is detected because creators of cheats would know that the cheat does not work and they would find new tricks. If miner does not show any errors or slowdowns, they are happy.
    So he will try to detect our software and hide it as it maximum. (Or it's just psychological manipulation)
  • Following the readme, the devfee is working with the same pool as you set to mine.
  • DevFee is always taken in ETH (or ETC,EXP if specified)
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.