[Dxspider-support] Another flooding of forged spots

Mon Feb 10 13:17:37 GMT 2025

Mikel,

When you don't want to disconnect from a neighbouring node, but you don't want anything coming from it to go out to the rest of the network, or even your traffic to be sent to it, the solution is easy:
set/isolate <partner_node>.

The connection will be established normally, but except for the mechanisms to keep it active, nothing else will flow between the two connected nodes. One of Dirk's wonders.

Kin EA3CV

-----Mensaje original-----
De: Dxspider-support <dxspider-support-bounces at tobit.co.uk> En nombre de Mikel EA2CW via Dxspider-support
Enviado el: lunes, 10 de febrero de 2025 11:14
Para: dxspider-support at tobit.co.uk
CC: Mikel EA2CW <ea2cw at gautxori.com>
Asunto: Re: [Dxspider-support] Another flooding of forged spots

I'm afraid that it is not possible to altere the structure of a packet type, due to retro compatibility problems...

By the way, I've been thinking in our last incidents, and researching a bit (I am not at the level of Kin and others).

I have already noticed that even you detect that malicious traffic is comming from a certain node (supossely), when you change it to normal user instead node (with set/user XXX1XXX command) after a while, when you check it, it has recovered the status of node!!! (using the stat/user command you can see the magic transformation)

So, I have not already clear how to "block" -temporalily or forever"- a node. Tried to use some combinations of set/lock, set/isolate, etc.

I don't want to have it trying to connect me continously, or accepting packets that come from it from 3rd parties.

Any idea?

73 de Mikel EA2CW | AE2CW

El 10/2/25 a las 9:48, IZ2LSC via Dxspider-support escribió:
> I think we all agree that these spots were deliberately forged by 
> someone that has nothing more interesting to do.
> Now, how can we track the entry point? I mean, the first legitimate 
> node that received these spots and forwarded to the rest of the network?
> Can we add an option in the PC61 (or PC11) to "record route" the path 
> that every spot is doing?
> I.e. every node append to the pc61 message his call and ip?
> 
> Andrea
> 
> -->
> 
> 
> On Mon, Feb 10, 2025 at 8:55 AM Kin via Dxspider-support <dxspider- 
> support at tobit.co.uk <mailto:dxspider-support at tobit.co.uk>> wrote:
> 
>     I think it's safe to say that this is not a software glitch, it's an
>     attempt to manipulate the spots to make it difficult to know which
>     is the ‘good/real’ spot.____
> 
>     __ __
> 
>     Kin____
> 
>     __ __
> 
>     *De:*Dxspider-support <dxspider-support-bounces at tobit.co.uk
>     <mailto:dxspider-support-bounces at tobit.co.uk>> *En nombre de *Danilo
>     Brelih via Dxspider-support
>     *Enviado el:* lunes, 10 de febrero de 2025 8:47
>     *Para:* Kin via Dxspider-support <dxspider-support at tobit.co.uk
>     <mailto:dxspider-support at tobit.co.uk>>
>     *CC:* Danilo Brelih <s50u at s50e.si <mailto:s50u at s50e.si>>
>     *Asunto:* Re: [Dxspider-support] Another flooding of forged 
> spots____
> 
>     __ __
> 
>     Kin via Dxspider-support je 10.2.2025 ob 8:16 napisal:____
> 
>         Here you can see the patterns perfectly:____
> 
>         ____
> 
>         1739128184^(chan) <- I VE7CC-1 PC61^7038.2^OZ6P^09-
>         Feb-2025^1909Z^RTTY^S51J-2^S50CLX^95.159.226.41^H48^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^14250.2^OZ6P^09-
>         Feb-2025^1909Z^UP UP 
> UP!^S51J-2^F6BVP-3^95.159.41.226^H59^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^7034.8^OZ6P^09-
>         Feb-2025^1909Z^award^S51J-2^PB4PT-8^95.159.226.41^H20^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^28220.7^OZ6P^09-
>         Feb-2025^1909Z^55^S51J-2^EA4RCH-5^95.41.159.226^H81^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^7116.9^OZ6P^09-
>         Feb-2025^1909Z^UP^S51J-2^CX2SA-8^95.226.159.41^H18^~____
> 
>         1739128186^(chan) <- I VE7CC-1 PC61^21447.4^OZ6P^09-
>         Feb-2025^1909Z^UP^S51J-2^SM4ONW-7^95.159.41.226^H67^~____
> 
> 
>     The last pattern illustrates that what happens has no correlation
>     with the usability of N1MM+ contest software.
> 
>     I can confirm as the spotter below is my "client" and he was
>     connected to my cluster all weekend long with some spots sent. I am
>     checking my logs and what I notice is that although it has changed
>     some connections between LOCAL ISP access via adsl/mobile but never
>     connect outside the ORIGIN cluster of spots sent. He's SSID used was
>     always the same for all sent spots only his IP has changed two,
>     three times. So only the first spot is correct and all the others
>     are the work of the dirty script of forged spots we know from
>     previous years or a bug somewhere in one of the cluster programs on
>     the network?____
> 
>     1739128184^(chan) <- I VE7CC-1 PC61^7038.2^OZ6P^09-
>     Feb-2025^1909Z^RTTY^S51J-2^S50CLX^95.159.226.41^H48^~____
> 
>     CU Dan____
> 
>     -- 
>     S50CLX DX Cluster <https://s50clx.infrax.si>____
> 
>     _______________________________________________
>     Dxspider-support mailing list
>     Dxspider-support at tobit.co.uk <mailto:Dxspider-support at tobit.co.uk>
>     https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>     <https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support>
> 
> 
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

_______________________________________________
Dxspider-support mailing list
Dxspider-support at tobit.co.uk
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support