<div dir="ltr">Comment:<div><br><div>From the log snippet, I see that CR3DX was spotted on four bands during the ARRL DX CW contest. That's correct. They are a large multi-multi and WERE on four bands at the same time. And, they weren't self-spotting. As a small pistol contestor, when I run assisted mode I'm very grateful for the spots so I can find and verify stations quickly.</div></div><div><br></div><div>My concern is that if you kill these legitimate spots, what happens during a contest or if a large DXpedition gets on and runs four bands at once? Will their spots get killed because it's flooding? Or are you killing them because they don't come from legitimate spotters (which I understand)?</div><div><br></div><div>Personally, I'd like to see at least ONE spot per band or mode get through every X minutes even if it's NOT from a legitimate spotter. Especially during a contest or DXpedition.</div><div><br></div><div>-David, N9KT</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Mon, Feb 17, 2025 at 2:45 AM Kin via Dxspider-support <<a href="mailto:dxspider-support@tobit.co.uk">dxspider-support@tobit.co.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
>From the last attack I have seen the following:<br>
* Link crashes with partners. With greater impact on those with less hw<br>
resources.<br>
* Delays of up to 5 minutes in sending spots to users in some of the larger<br>
nodes.<br>
* More affected on Windows than on Linux.<br>
* On my node with 'set/var $DXProt::senderverify 2' the behaviour was as<br>
expected, no forged spots were fake.<br>
grep -i "bad spot" 047.dat | wc -l<br>
287005 <-- EA4URE-2<br>
381899 <-- EA3CV-2<br>
<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by<br>
N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node SM4ONW-14, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by<br>
N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node SP6MI-2, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by<br>
N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node PA0ESH-3, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by<br>
N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node GB7NHR, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by<br>
N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node PI1LAP-1, DUMPED<br>
<br>
On my other node without enabling this feature, thousands of them were<br>
received.<br>
* The attack was based on varying the fields: spotted, comment, spotter,<br>
spotter ip and source node.<br>
* It appears that the spots were not sent from the source nodes listed in<br>
the spots. I have verified that the ones where my node appears as the source<br>
node, did not come from my node, so I think that this must have happened to<br>
most of them.<br>
<br>
My own conclusions<br>
* Dirk's algorithm was successful for nodes that used $DXProt::senderverify<br>
to remove dupes.<br>
* If the attack had been without 'dupes', it could not have been stopped.<br>
* The flood of spots that inundated the network clearly affected nodes with<br>
fewer resources, with a less efficient OS or with a sw other than spider.<br>
<br>
Kin EA3CV<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Dxspider-support mailing list<br>
<a href="mailto:Dxspider-support@tobit.co.uk" target="_blank">Dxspider-support@tobit.co.uk</a><br>
<a href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" rel="noreferrer" target="_blank">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a><br>
</blockquote></div>