Helium miners Hotspot miners

SOLVED
JacoboLevy
Getting noticed

Helium miners Hotspot miners

Hello to all.

 

I was wondering if there is any way that the MX can identify Helium Miners or a way to automatically disable them once they hit the network. 

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

According to the guide it uses tcp/44158.  You should be able to block that port.

https://intercom.help/heliumnetwork/en/articles/3207912-troubleshooting-network-connection-issues 

View solution in original post

7 REPLIES 7
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @JacoboLevy , if you have the Advanced Security license you should be able to block Crypto Mining using the AMP feature.  Set it to Blocking mode I believe 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Inderdeep
Kind of a big deal
Kind of a big deal

@DarrenOC : I am not getting this question. Is that crypto-mining? 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com

Helium is a crypto currency, Helium Miners are a some-kind of wifi router and you get paid In Helium installing a wifi router on any network you own sharing your bandwidth and depending on the amount of users/traffic that you generate or serve is how much you get paid.

 

Of the 70+ organizations with Meraki that we manage just today we found 3 devices (the where all in an executive offices kind of business) so not too much of a scare but at the same time that was discovered i had members in one of the locations complaining of dropped zoom calls so no clue if it was related or not.

 

Also generated a concern that if someone adds it to a secure network (lets say Law Office or other) what guarantees are there that the said user can’t get in.

PhilipDAth
Kind of a big deal
Kind of a big deal

According to the guide it uses tcp/44158.  You should be able to block that port.

https://intercom.help/heliumnetwork/en/articles/3207912-troubleshooting-network-connection-issues 

Cmiller
Building a reputation

I finally got the ones I purchased back in November last year and added them to my Meraki networks. Helium asks you to allow outgoing connections to 443 and 22 and to open port 44158 for the miner work correctly. Both My Meraki networks identified the device correctly as a Helium-Hotspot. 

This one is connected via WiFi with no port forwarding

CleanShot 2021-06-30 at 14.41.03.png

 This one was setup wired and has the correct port forwarding enabled (DMZ for this guy) and I see a whole lot more connections going through it (sadly it is a MUCH slower pipe connecting it so not much more data)

CleanShot 2021-06-30 at 14.43.24.png

 

The above is correct, if you disallow mining in the content filter, it stopped it from reaching the cloud.

BrianPay
Comes here often

Would you mind telling me how to correctly setup my helium miner with port forwarding in the Meraki dashboard? 

If I was you I would put it outside my network, free open-source things tend to create some sort of fear in me, or is it because all my networks need to be tightly secured.

But if you want to continue, you can create a reservation for your device on the MX, and then do a 1:1 nat from one of your Public Static IP's from your stack to the device, if you have no public statics IPs just do the reservation for the device and then make sure to open port 44158 to that and you should be all set. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels