[Dxspider-support] Here we are again (huge flooding)

[Kin]

Hi,

>From the last attack I have seen the following:
* Link crashes with partners. With greater impact on those with less hw
resources.
* Delays of up to 5 minutes in sending spots to users in some of the larger
nodes.
* More affected on Windows than on Linux.
* On my node with 'set/var $DXProt::senderverify 2' the behaviour was as
expected, no forged spots were fake.
	grep -i "bad spot" 047.dat | wc -l
	287005 <-- EA4URE-2
	381899 <-- EA3CV-2

	1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by
N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node SM4ONW-14, DUMPED
	1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by
N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node SP6MI-2, DUMPED
	1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by
N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node PA0ESH-3, DUMPED
	1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by
N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node GB7NHR, DUMPED
	1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by
N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node PI1LAP-1, DUMPED

  On my other node without enabling this feature, thousands of them were
received.
* The attack was based on varying the fields: spotted, comment, spotter,
spotter ip and source node.
* It appears that the spots were not sent from the source nodes listed in
the spots. I have verified that the ones where my node appears as the source
node, did not come from my node, so I think that this must have happened to
most of them.

My own conclusions
* Dirk's algorithm was successful for nodes that used $DXProt::senderverify
to remove dupes.
* If the attack had been without 'dupes', it could not have been stopped.
* The flood of spots that inundated the network clearly affected nodes with
fewer resources, with a less efficient OS or with a sw other than spider.

Kin EA3CV