[Dxspider-support] Here we are again (huge flooding)

David Spoelstra davids at mediamachine.com
Mon Feb 17 11:46:49 GMT 2025 

Comment:

>From the log snippet, I see that CR3DX was spotted on four bands during the
ARRL DX CW contest. That's correct. They are a large multi-multi and WERE
on four bands at the same time. And, they weren't self-spotting. As a small
pistol contestor, when I run assisted mode I'm very grateful for the spots
so I can find and verify stations quickly.

My concern is that if you kill these legitimate spots, what happens during
a contest or if a large DXpedition gets on and runs four bands at once?
Will their spots get killed because it's flooding? Or are you killing them
because they don't come from legitimate spotters (which I understand)?

Personally, I'd like to see at least ONE spot per band or mode get through
every X minutes even if it's NOT from a legitimate spotter. Especially
during a contest or DXpedition.

-David, N9KT

On Mon, Feb 17, 2025 at 2:45 AM Kin via Dxspider-support <
dxspider-support at tobit.co.uk> wrote:

> Hi,
>
> From the last attack I have seen the following:
> * Link crashes with partners. With greater impact on those with less hw
> resources.
> * Delays of up to 5 minutes in sending spots to users in some of the larger
> nodes.
> * More affected on Windows than on Linux.
> * On my node with 'set/var $DXProt::senderverify 2' the behaviour was as
> expected, no forged spots were fake.
>         grep -i "bad spot" 047.dat | wc -l
>         287005 <-- EA4URE-2
>         381899 <-- EA3CV-2
>
>         1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by
> N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node SM4ONW-14,
> DUMPED
>         1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by
> N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node SP6MI-2, DUMPED
>         1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by
> N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node PA0ESH-3, DUMPED
>         1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by
> N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node GB7NHR, DUMPED
>         1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by
> N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node PI1LAP-1, DUMPED
>
>   On my other node without enabling this feature, thousands of them were
> received.
> * The attack was based on varying the fields: spotted, comment, spotter,
> spotter ip and source node.
> * It appears that the spots were not sent from the source nodes listed in
> the spots. I have verified that the ones where my node appears as the
> source
> node, did not come from my node, so I think that this must have happened to
> most of them.
>
> My own conclusions
> * Dirk's algorithm was successful for nodes that used $DXProt::senderverify
> to remove dupes.
> * If the attack had been without 'dupes', it could not have been stopped.
> * The flood of spots that inundated the network clearly affected nodes with
> fewer resources, with a less efficient OS or with a sw other than spider.
>
> Kin EA3CV
>
>
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250217/429d604e/attachment.htm>

More information about the Dxspider-support mailing list