[Dxspider-support] Here we are again (huge flooding)

Iain Philipps iain.philipps at 77hz.net
Mon Feb 17 10:12:31 GMT 2025 

Andrea,

You have misunderstood. Legitimate spots are *not* being discarded.

Because:->  most of the traffic sent today is very likely fake. <-



 


73 de WR3D




 

From: Dxspider-support <dxspider-support-bounces at tobit.co.uk> On Behalf Of IZ2LSC via Dxspider-support
Sent: 17 February 2025 10:09
To: The DXSpider Support list <dxspider-support at tobit.co.uk>
Cc: IZ2LSC <iz2lsc.andrea at gmail.com>
Subject: Re: [Dxspider-support] Here we are again (huge flooding)

 

Kin, 

how many legitimate spots is senderverify=2 discarding during normal conditions?

I understood this is still work in progress as from Dirk email he got 60% of spots dropped. This is not fine:

 

"

The result I got for a morning's traffic (the natural result of a grepdbg on today's log with sendverify set) is:


        60.22 (%)

Or to put it another way, most of the traffic sent today is very likely fake.

Houston, we have a problem...

"

 

Andrea

 

-->

 

 

On Mon, Feb 17, 2025 at 8:45 AM Kin via Dxspider-support <dxspider-support at tobit.co.uk <mailto:dxspider-support at tobit.co.uk> > wrote:

Hi,

>From the last attack I have seen the following:
* Link crashes with partners. With greater impact on those with less hw
resources.
* Delays of up to 5 minutes in sending spots to users in some of the larger
nodes.
* More affected on Windows than on Linux.
* On my node with 'set/var $DXProt::senderverify 2' the behaviour was as
expected, no forged spots were fake.
        grep -i "bad spot" 047.dat | wc -l
        287005 <-- EA4URE-2
        381899 <-- EA3CV-2

        1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by
N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node SM4ONW-14, DUMPED
        1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by
N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node SP6MI-2, DUMPED
        1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by
N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node PA0ESH-3, DUMPED
        1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by
N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node GB7NHR, DUMPED
        1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by
N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node PI1LAP-1, DUMPED

  On my other node without enabling this feature, thousands of them were
received.
* The attack was based on varying the fields: spotted, comment, spotter,
spotter ip and source node.
* It appears that the spots were not sent from the source nodes listed in
the spots. I have verified that the ones where my node appears as the source
node, did not come from my node, so I think that this must have happened to
most of them.

My own conclusions
* Dirk's algorithm was successful for nodes that used $DXProt::senderverify
to remove dupes.
* If the attack had been without 'dupes', it could not have been stopped.
* The flood of spots that inundated the network clearly affected nodes with
fewer resources, with a less efficient OS or with a sw other than spider.

Kin EA3CV




_______________________________________________
Dxspider-support mailing list
Dxspider-support at tobit.co.uk <mailto:Dxspider-support at tobit.co.uk> 
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250217/ee62e4ce/attachment-0001.htm>

More information about the Dxspider-support mailing list