[Dxspider-support] Here we are again (huge flooding)

Mon Feb 17 12:53:17 GMT 2025

Keith:
1. Yes, your log shows there were obviously fake spotters and I understand
the need to stop that. As Rudy points out, I'm just asking to be careful
how we do this to not kill off big contestors or big DXpeditions which
generate a lot of legitimate traffic.
2. "I very much doubt that HH3DX was on over 50 frequencies at the same
time." Totally agree! That's why I was throwing out the "once per band per
X time" idea.
3. "Do you actually know that CR3DX was on those frequencies at that time?"
No, because Kin didn't put the time in his log snippet (at least not in a
form I could read). However, I did work CR3DX on five bands during the
contest - two bands were within two minutes of each other.
-David, N9KT

On Mon, Feb 17, 2025 at 6:58 AM Keith, G6NHU via Dxspider-support <
dxspider-support at tobit.co.uk> wrote:

> David,
>
> See the screenshot I just linked to where it’s clearly obvious they were
> fake spots.  The callsign that submitted them was fake, the IP addresses
> were faked and the originating nodes were faked.  These spots were 100%
> fraudulently injected into the network.
>
> Do you actually know that CR3DX was on those frequencies at that
> time?  That’s just a very small cross section of the submitted fake spots.
>
> Let me remind you of this capture I took yesterday which is much the same
> - Hundreds of spots submitted at the same time by variations of the same
> callsign, all via different nodes and all on different frequencies.  I very
> much doubt that HH3DX was on over 50 frequencies at the same time.
>
> 73 Keith G6NHU
>
> 1739695055^(progress) SPOT: HH3DX on 28430.0 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@DH1TW-2 '' route:
> 1739695058^(progress) SPOT: HH3DX on 7058.4 @ 0837Z by
> LX5NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@K1AX-11 '55' route:
> 1739695059^(progress) SPOT: HH3DX on 7118.3 @ 0837Z by
> LX3NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@VE2REA 'good signal' route:
> 1739695059^(progress) SPOT: HH3DX on 3635.7 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@CS5ARLC-1 '59 Here' route:
> 1739695059^(progress) SPOT: HH3DX on 3678.0 @ 0837Z by
> LX2NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KM3T-10 '59 Here' route:
> 1739695059^(progress) SPOT: HH3DX on 7128.1 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IT9OBK-6 '55' route:
> 1739695059^(progress) SPOT: HH3DX on 21072.2 @ 0837Z by
> LX2NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@VE7CC-1 'sorry' route:
> 1739695060^(progress) SPOT: HH3DX on 21180.6 @ 0837Z by
> LX7NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@SV1KP-9 '' route:
> 1739695060^(progress) SPOT: HH3DX on 3599.2 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IK6XMI-12 'SES' route:
> 1739695060^(progress) SPOT: HH3DX on 21235.9 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IV3BVK-5 'strng here' route:
> 1739695061^(progress) SPOT: HH3DX on 3514.1 @ 0837Z by
> LX4NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@F5MZN-3 'tnx 73s.' route:
> 1739695061^(progress) SPOT: HH3DX on 14084.7 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@GB7RAU '' route:
> 1739695061^(progress) SPOT: HH3DX on 3622.6 @ 0837Z by
> LX6NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@SQ3MZM-3 '' route:
> 1739695061^(progress) SPOT: HH3DX on 28264.1 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KD4WLE-3 'tnx QSO' route:
> 1739695061^(progress) SPOT: HH3DX on 3688.4 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@F5UGQ-2 '' route:
> 1739695061^(progress) SPOT: HH3DX on 14177.6 @ 0837Z by
> LX0NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA3KZ-5 'pilup!!!' route:
> 1739695061^(progress) SPOT: HH3DX on 7036.7 @ 0837Z by
> LX5NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@VE3TOK-1 'award' route:
> 1739695061^(progress) SPOT: HH3DX on 14066.9 @ 0837Z by
> LX5NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA1RCF-5 'tnx qso' route:
> 1739695061^(progress) SPOT: HH3DX on 3671.5 @ 0837Z by
> LX3NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@WD1L '' route:
> 1739695061^(progress) SPOT: HH3DX on 14144.8 @ 0837Z by
> LX6NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IR5V 'pilup!!!' route:
> 1739695061^(progress) SPOT: HH3DX on 7097.6 @ 0837Z by
> LX4NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KC9AOP-1 '' route:
> 1739695061^(progress) SPOT: HH3DX on 14012.6 @ 0837Z by
> LX4NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@DJ4PK-2 'TKS 5/9' route:
> 1739695061^(progress) SPOT: HH3DX on 3604.5 @ 0837Z by
> LX0NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@UA4CC 'UP UP UP!' route:
> 1739695061^(progress) SPOT: HH3DX on 28681.7 @ 0837Z by
> LX3NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@DB0LJ-6 'thank u 59' route:
> 1739695061^(progress) SPOT: HH3DX on 21058.7 @ 0837Z by
> LX3NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KC5CZZ-2 'Thank you' route:
> 1739695061^(progress) SPOT: HH3DX on 21198.5 @ 0837Z by
> LX3NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IV3BVK-5 'dx' route:
> 1739695061^(progress) SPOT: HH3DX on 14015.9 @ 0837Z by
> LX6NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KD4WLE-4 'Good OP' route:
> 1739695061^(progress) SPOT: HH3DX on 28524.4 @ 0837Z by
> LX6NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@W9BG 'strng here' route:
> 1739695061^(progress) SPOT: HH3DX on 28148.1 @ 0837Z by
> LX5NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@K5DX 'thank u 59' route:
> 1739695061^(progress) SPOT: HH3DX on 3594.6 @ 0837Z by
> LX4NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA2CW-2 '' route:
> 1739695061^(progress) SPOT: HH3DX on 28098.0 @ 0837Z by
> LX3NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@HB9ON-8 '59/73' route:
> 1739695061^(progress) SPOT: HH3DX on 28213.6 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IW1QLH-6 'tnx qso' route:
> 1739695061^(progress) SPOT: HH3DX on 28495.7 @ 0837Z by
> LX7NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KF8I-3 '59 Here' route:
> 1739695061^(progress) SPOT: HH3DX on 7105.1 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@GB7RAU 'tnx QSO' route:
> 1739695061^(progress) SPOT: HH3DX on 21358.8 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IQ5KG-6 'Thank you' route:
> 1739695061^(progress) SPOT: HH3DX on 7142.4 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@GB7BAA 'qsy' route:
> 1739695061^(progress) SPOT: HH3DX on 28023.8 @ 0837Z by
> LX5NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@R2AKT-9 '59/73' route:
> 1739695061^(progress) SPOT: HH3DX on 7117.0 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IZ2LSC-99 '' route:
> 1739695061^(progress) SPOT: HH3DX on 7146.4 @ 0837Z by
> LX6NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@ 'award' route:
> 1739695061^(progress) SPOT: HH3DX on 3545.8 @ 0837Z by
> LX5NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA4FIT-2 'weak signal' route:
> 1739695061^(progress) SPOT: HH3DX on 7028.9 @ 0837Z by
> LX9NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@M0IPU-4 'award' route:
> 1739695062^(progress) SPOT: HH3DX on 28150.2 @ 0837Z by
> LX4NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@JE3YEK 'Good OP' route:
> 1739695062^(progress) SPOT: HH3DX on 21016.2 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@DB0FFS 'UP' route:
> 1739695062^(progress) SPOT: HH3DX on 14302.3 @ 0837Z by
> LX2NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@N6WS-6 'award' route:
> 1739695062^(progress) SPOT: HH3DX on 14138.3 @ 0837Z by
> LX2NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IZ2LSC-97 'dx' route:
> 1739695062^(progress) SPOT: HH3DX on 28535.4 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA4URE-2 '59 PLUS' route:
> 1739695062^(progress) SPOT: HH3DX on 14337.6 @ 0837Z by
> LX0NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@IT9OBK-6 'Good OP' route:
> 1739695062^(progress) SPOT: HH3DX on 21160.3 @ 0837Z by
> LX2NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@KB8PMY-3 'weak signal' route:
> 1739695062^(progress) SPOT: HH3DX on 3693.4 @ 0837Z by
> LX0NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA4FIT-2 '' route:
> 1739695062^(progress) SPOT: HH3DX on 28545.0 @ 0837Z by
> LX1NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@LZ7A '' route:
> 1739695062^(progress) SPOT: HH3DX on 28511.1 @ 0837Z by
> LX6NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@DB0FFS '59 Here' route:
> 1739695062^(progress) SPOT: HH3DX on 14179.9 @ 0837Z by
> LX9NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@EA4URE-5 'TNX 73' route:
> 1739695062^(progress) SPOT: HH3DX on 7144.1 @ 0837Z by
> LX8NX(2001:7e8:f631:a801:3cd2:8551:9b32:5db7)@DL9GTB-1 'TKS 5/9' route:
> On 17 Feb 2025 at 11:47 +0000, David Spoelstra via Dxspider-support <
> dxspider-support at tobit.co.uk>, wrote:
>
> Comment:
>
> From the log snippet, I see that CR3DX was spotted on four bands during
> the ARRL DX CW contest. That's correct. They are a large multi-multi and
> WERE on four bands at the same time. And, they weren't self-spotting. As a
> small pistol contestor, when I run assisted mode I'm very grateful for the
> spots so I can find and verify stations quickly.
>
> My concern is that if you kill these legitimate spots, what happens during
> a contest or if a large DXpedition gets on and runs four bands at once?
> Will their spots get killed because it's flooding? Or are you killing them
> because they don't come from legitimate spotters (which I understand)?
>
> Personally, I'd like to see at least ONE spot per band or mode get through
> every X minutes even if it's NOT from a legitimate spotter. Especially
> during a contest or DXpedition.
>
> -David, N9KT
>
> On Mon, Feb 17, 2025 at 2:45 AM Kin via Dxspider-support <
> dxspider-support at tobit.co.uk> wrote:
>
>> Hi,
>>
>> From the last attack I have seen the following:
>> * Link crashes with partners. With greater impact on those with less hw
>> resources.
>> * Delays of up to 5 minutes in sending spots to users in some of the
>> larger
>> nodes.
>> * More affected on Windows than on Linux.
>> * On my node with 'set/var $DXProt::senderverify 2' the behaviour was as
>> expected, no forged spots were fake.
>>         grep -i "bad spot" 047.dat | wc -l
>>         287005 <-- EA4URE-2
>>         381899 <-- EA3CV-2
>>
>>         1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by
>> N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node SM4ONW-14,
>> DUMPED
>>         1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by
>> N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node SP6MI-2, DUMPED
>>         1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by
>> N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node PA0ESH-3, DUMPED
>>         1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by
>> N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node GB7NHR, DUMPED
>>         1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by
>> N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node PI1LAP-1, DUMPED
>>
>>   On my other node without enabling this feature, thousands of them were
>> received.
>> * The attack was based on varying the fields: spotted, comment, spotter,
>> spotter ip and source node.
>> * It appears that the spots were not sent from the source nodes listed in
>> the spots. I have verified that the ones where my node appears as the
>> source
>> node, did not come from my node, so I think that this must have happened
>> to
>> most of them.
>>
>> My own conclusions
>> * Dirk's algorithm was successful for nodes that used
>> $DXProt::senderverify
>> to remove dupes.
>> * If the attack had been without 'dupes', it could not have been stopped.
>> * The flood of spots that inundated the network clearly affected nodes
>> with
>> fewer resources, with a less efficient OS or with a sw other than spider.
>>
>> Kin EA3CV
>>
>>
>>
>>
>> _______________________________________________
>> Dxspider-support mailing list
>> Dxspider-support at tobit.co.uk
>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250217/b43b122e/attachment-0001.htm>