[Dxspider-support] Security problem
Darren G0TSM
spider at g0tsm.com
Thu Mar 31 21:18:16 BST 2005
Can you add a password to the sysops call?, that would stop someone logging
in and causing havoc.
Darren
At 19:46 31/03/2005, you wrote:
>I have an even better idea. Don't bump a user or node unless it's a connect
>from the same IP address.
>
>Mike, W1NR
>
>-----Original Message-----
>From: dxspider-support-bounces at dxcluster.org
>[mailto:dxspider-support-bounces at dxcluster.org] On Behalf Of Mike McCarthy,
>W1NR
>Sent: Thursday, March 31, 2005 1:48 PM
>To: 'The DXSpider Support list'
>Subject: RE: [Dxspider-support] Security problem
>
>The original AK1A cluster as I recall would simply increment your SSID if
>you got dropped and logged in again. This happened quite a bit during
>contests on VHF 1200 baud packet. At the very least, there should be some
>sort of "lock" that does not allow nodes and the cluster operator call sign
>to be bumped.
>
>Yes I got the IP address and traced it to APNIC (Asia Pacific region). It
>is in my firewall to get dropped. Considering the number of "attacks"
>logged by my firewall from IP addresses in this region, I am tempted to
>block the entire 61 network at my firewall.
>
>Mike, W1NR
>
>
>-----Original Message-----
>From: dxspider-support-bounces at dxcluster.org
>[mailto:dxspider-support-bounces at dxcluster.org] On Behalf Of Ian J Maude
>Sent: Thursday, March 31, 2005 1:21 PM
>To: The DXSpider Support list
>Subject: Re: [Dxspider-support] Security problem
>
>On Thu, 2005-03-31 at 11:26 -0500, Mike McCarthy, W1NR wrote:
> > Yesterday someone, either deliberately or accidentally, succeeded in
> > disconnecting my console login and my main node feeds by logging in as
> > those call signs. I just discovered that the build I am running,
> > 59.34, bumps existing users AND NODES off of the cluster should a
> > duplicate login be performed with that call sign. This should be
> > prevented somehow as it opens the entire community to abuse. It never
>allowed this before.
>Dirk made this change under a LOT of pressure to do so from sysops on this
>list. The opposite was that if a user lost connection, he/she could not
>login again for up to 15 minutes. Did you capture the IP address of the
>culprit? If you can, ban his address.
>
>Ian
>
>--
>Ian Maude G0VGS Morecambe Lancs UK | ian at gb7mbc.net Sysop of GB7MBC, the
>Morecambe Bay Cluster Running Linux and DXSpider | K2 #4044
>
>DX and Cluster forums at http://www.gb7mbc.net/forum/
>
>
>_______________________________________________
>Dxspider-support mailing list
>Dxspider-support at dxcluster.org
>http://www.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
>_______________________________________________
>Dxspider-support mailing list
>Dxspider-support at dxcluster.org
>http://www.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
>_______________________________________________
>Dxspider-support mailing list
>Dxspider-support at dxcluster.org
>http://www.tobit.co.uk/mailman/listinfo/dxspider-support
More information about the Dxspider-support
mailing list