[Dxspider-support] Another flooding of forged spots

Mikel EA2CW ea2cw at gautxori.com
Mon Feb 10 10:13:54 GMT 2025 

I'm afraid that it is not possible to altere the structure of a packet 
type, due to retro compatibility problems...

By the way, I've been thinking in our last incidents, and researching a 
bit (I am not at the level of Kin and others).

I have already noticed that even you detect that malicious traffic is 
comming from a certain node (supossely), when you change it to normal 
user instead node (with set/user XXX1XXX command) after a while, when 
you check it, it has recovered the status of node!!! (using the 
stat/user command you can see the magic transformation)

So, I have not already clear how to "block" -temporalily or forever"- a 
node. Tried to use some combinations of set/lock, set/isolate, etc.

I don't want to have it trying to connect me continously, or accepting 
packets that come from it from 3rd parties.

Any idea?

73 de Mikel EA2CW | AE2CW

El 10/2/25 a las 9:48, IZ2LSC via Dxspider-support escribió:
> I think we all agree that these spots were deliberately forged by 
> someone that has nothing more interesting to do.
> Now, how can we track the entry point? I mean, the first legitimate node 
> that received these spots and forwarded to the rest of the network?
> Can we add an option in the PC61 (or PC11) to "record route" the path 
> that every spot is doing?
> I.e. every node append to the pc61 message his call and ip?
> 
> Andrea
> 
> -->
> 
> 
> On Mon, Feb 10, 2025 at 8:55 AM Kin via Dxspider-support <dxspider- 
> support at tobit.co.uk <mailto:dxspider-support at tobit.co.uk>> wrote:
> 
>     I think it's safe to say that this is not a software glitch, it's an
>     attempt to manipulate the spots to make it difficult to know which
>     is the ‘good/real’ spot.____
> 
>     __ __
> 
>     Kin____
> 
>     __ __
> 
>     *De:*Dxspider-support <dxspider-support-bounces at tobit.co.uk
>     <mailto:dxspider-support-bounces at tobit.co.uk>> *En nombre de *Danilo
>     Brelih via Dxspider-support
>     *Enviado el:* lunes, 10 de febrero de 2025 8:47
>     *Para:* Kin via Dxspider-support <dxspider-support at tobit.co.uk
>     <mailto:dxspider-support at tobit.co.uk>>
>     *CC:* Danilo Brelih <s50u at s50e.si <mailto:s50u at s50e.si>>
>     *Asunto:* Re: [Dxspider-support] Another flooding of forged spots____
> 
>     __ __
> 
>     Kin via Dxspider-support je 10.2.2025 ob 8:16 napisal:____
> 
>         Here you can see the patterns perfectly:____
> 
>         ____
> 
>         1739128184^(chan) <- I VE7CC-1 PC61^7038.2^OZ6P^09-
>         Feb-2025^1909Z^RTTY^S51J-2^S50CLX^95.159.226.41^H48^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^14250.2^OZ6P^09-
>         Feb-2025^1909Z^UP UP UP!^S51J-2^F6BVP-3^95.159.41.226^H59^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^7034.8^OZ6P^09-
>         Feb-2025^1909Z^award^S51J-2^PB4PT-8^95.159.226.41^H20^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^28220.7^OZ6P^09-
>         Feb-2025^1909Z^55^S51J-2^EA4RCH-5^95.41.159.226^H81^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^7116.9^OZ6P^09-
>         Feb-2025^1909Z^UP^S51J-2^CX2SA-8^95.226.159.41^H18^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^21447.4^OZ6P^09-
>         Feb-2025^1909Z^UP^S51J-2^SM4ONW-7^95.159.41.226^H67^~____
> 
> 
>     The last pattern illustrates that what happens has no correlation
>     with the usability of N1MM+ contest software.
> 
>     I can confirm as the spotter below is my "client" and he was
>     connected to my cluster all weekend long with some spots sent. I am
>     checking my logs and what I notice is that although it has changed
>     some connections between LOCAL ISP access via adsl/mobile but never
>     connect outside the ORIGIN cluster of spots sent. He's SSID used was
>     always the same for all sent spots only his IP has changed two,
>     three times. So only the first spot is correct and all the others
>     are the work of the dirty script of forged spots we know from
>     previous years or a bug somewhere in one of the cluster programs on
>     the network?____
> 
>     1739128184^(chan) <- I VE7CC-1 PC61^7038.2^OZ6P^09-
>     Feb-2025^1909Z^RTTY^S51J-2^S50CLX^95.159.226.41^H48^~____
> 
>     CU Dan____
> 
>     -- 
>     S50CLX DX Cluster <https://s50clx.infrax.si>____
> 
>     _______________________________________________
>     Dxspider-support mailing list
>     Dxspider-support at tobit.co.uk <mailto:Dxspider-support at tobit.co.uk>
>     https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>     <https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support>
> 
> 
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

More information about the Dxspider-support mailing list