[Dxspider-support] Here we are again (huge flooding)

Luigi IK5ZUK ik5zuk at tiscali.it
Mon Feb 17 13:22:45 GMT 2025 

Hello all,
please could someone clarify me what's the difference between set 
senderverify to 2 or 3 ?

TIA,
73 Luigi IK5ZUK


Il 17/02/2025 11:35, IZ2LSC via Dxspider-support ha scritto:
> Iain,
> if 60% of the traffic is fake and senderverify=2
>
> then pc61 is dumped (discarded)
> as per Dirk mail.
> If set to 1, pass it onward to other nodes. If set to 2 and it's a 
> PC61 then dump it. If set to 3 then just dump it.
>
> Can you clarify where I misunderstood ?
>
> -->
>
>
> On Mon, Feb 17, 2025 at 11:12 AM Iain Philipps 
> <iain.philipps at 77hz.net> wrote:
>
>     Andrea,
>
>     You have misunderstood. Legitimate spots are **not** being discarded.
>
>     Because:-> most of the traffic sent today is very likely fake. <-
>
>
>     73 de WR3D
>
>
>     *From:*Dxspider-support <dxspider-support-bounces at tobit.co.uk> *On
>     Behalf Of *IZ2LSC via Dxspider-support
>     *Sent:* 17 February 2025 10:09
>     *To:* The DXSpider Support list <dxspider-support at tobit.co.uk>
>     *Cc:* IZ2LSC <iz2lsc.andrea at gmail.com>
>     *Subject:* Re: [Dxspider-support] Here we are again (huge flooding)
>
>     Kin,
>
>     how many legitimate spots is senderverify=2 discarding during
>     normal conditions?
>
>     I understood this is still work in progress as from Dirk email he
>     got 60% of spots dropped. This is not fine:
>
>     "
>
>     The result I got for a morning's traffic (the natural result of a
>     grepdbg on today's log with sendverify set) is:
>
>
>             60.22 (%)
>
>     Or to put it another way, most of the traffic sent today is very
>     likely fake.
>
>     Houston, we have a problem...
>
>     "
>
>     Andrea
>
>     -->
>
>     On Mon, Feb 17, 2025 at 8:45 AM Kin via Dxspider-support
>     <dxspider-support at tobit.co.uk> wrote:
>
>         Hi,
>
>         From the last attack I have seen the following:
>         * Link crashes with partners. With greater impact on those
>         with less hw
>         resources.
>         * Delays of up to 5 minutes in sending spots to users in some
>         of the larger
>         nodes.
>         * More affected on Windows than on Linux.
>         * On my node with 'set/var $DXProt::senderverify 2' the
>         behaviour was as
>         expected, no forged spots were fake.
>                 grep -i "bad spot" 047.dat | wc -l
>                 287005 <-- EA4URE-2
>                 381899 <-- EA3CV-2
>
>                 1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by
>         N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node
>         SM4ONW-14, DUMPED
>                 1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by
>         N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node
>         SP6MI-2, DUMPED
>                 1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by
>         N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node
>         PA0ESH-3, DUMPED
>                 1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by
>         N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node
>         GB7NHR, DUMPED
>                 1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by
>         N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node
>         PI1LAP-1, DUMPED
>
>           On my other node without enabling this feature, thousands of
>         them were
>         received.
>         * The attack was based on varying the fields: spotted,
>         comment, spotter,
>         spotter ip and source node.
>         * It appears that the spots were not sent from the source
>         nodes listed in
>         the spots. I have verified that the ones where my node appears
>         as the source
>         node, did not come from my node, so I think that this must
>         have happened to
>         most of them.
>
>         My own conclusions
>         * Dirk's algorithm was successful for nodes that used
>         $DXProt::senderverify
>         to remove dupes.
>         * If the attack had been without 'dupes', it could not have
>         been stopped.
>         * The flood of spots that inundated the network clearly
>         affected nodes with
>         fewer resources, with a less efficient OS or with a sw other
>         than spider.
>
>         Kin EA3CV
>
>
>
>
>         _______________________________________________
>         Dxspider-support mailing list
>         Dxspider-support at tobit.co.uk
>         https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250217/1cbf7eb0/attachment.htm>

More information about the Dxspider-support mailing list