<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">My personal interpretation- N0LPT trying to find a reliable cluster node. Spotting CR3DX is a total waste of time.<div><br></div><div>My suggestion is to carefully examine what happens when a logger sends a spot. This past weekend was only a preview of what will happen during ARRL SSB in just a few weeks. Follow the spot from the moment it gets generated by the logger until it reaches several clusters.<br><div><br></div><div>Rudy N2WQ</div><div><br id="lineBreakAtBeginningOfSignature"><div dir="ltr"><div><span style="background-color: rgba(255, 255, 255, 0);">Sent using a tiny keyboard. Please excuse brevity, typos, or inappropriate autocorrect.</span></div><div><br></div></div><div dir="ltr"><br><blockquote type="cite">On Feb 17, 2025, at 6:42 AM, Keith, G6NHU via Dxspider-support <dxspider-support@tobit.co.uk> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<title></title>
<div name="messageBodySection">
<div dir="auto"><span style="font-family:Arial;font-size: 16px">Rudy, look at this: </span><a style="font-family:Arial;font-size: 16px" href="http://i.imgur.com/b9Xkx3h.png" target="_blank">http://i.imgur.com/b9Xkx3h.png</a><span style="font-family:Arial;font-size: 16px"> (I have to link to it because it’s too large to send through the list).</span><span style="font-size: 16px"><br></span><span style="font-size: 16px"><br></span><span style="font-family:Arial;font-size: 16px">Of course they’re bad spots. They were submitted at exactly the same time via variations of the same callsign, via variations of the IP address and allegedly from nodes that the submitter wasn’t connected to.</span><span style="font-size: 16px"><br></span><span style="font-size: 16px"><br></span><span style="font-family:Arial;font-size: 16px">At a glance you might think they look legitimate but look closely and there are many reasons why they’re fake. It’s the same with the list of </span><span style="font-family:Arial;font-size: 16px">HH3DX spots I posted yesterday.</span><span style="font-size: 16px"><br></span><span style="font-size: 16px"><br></span><span style="font-family:Arial;font-size: 16px">73 Keith G6NHU</span><span style="font-size: 16px"><br></span><span style="font-size: 16px"><br></span></div>
</div>
<div name="messageReplySection">On 17 Feb 2025 at 11:33 +0000, Rudy Bakalov via Dxspider-support <dxspider-support@tobit.co.uk>, wrote:<br>
<blockquote type="cite" style="border-left-color: grey; border-left-width: thin; border-left-style: solid; margin: 5px 5px;padding-left: 10px;">Excuse my ignorance. I operated during the contest and didn’t experience bad spots more than usual. Granted, my consumption of spots is 100% via the N1MM bandmap and AMQ windows; no staring at a Telnet window.<br>
<br>
I don’t believe even for a moment that CR3DX is a fake spot. They are well equipped, very loud, and don’t need spotting, real or fake.<br>
<br>
My question is if spots generated by loggers show spotter IP of the logger computer instead of the node they connect to. If this is the case, you will see a 10X explosion of such spots in just a couple of weeks during ARRL SSB.<br>
<br>
If you need data points to analyze, spots from VE3EID were 100 legitimate, automatically generated by N1MM while making S&P QSOs. The logger IP address would be a Starlink address and originating node VE3EID-1<br>
<br>
Rudy N2WQ<br>
<br>
Sent using a tiny keyboard. Please excuse brevity, typos, or inappropriate autocorrect.<br>
<br>
<br>
<blockquote type="cite">On Feb 17, 2025, at 2:44 AM, Kin via Dxspider-support <dxspider-support@tobit.co.uk> wrote:<br>
<br>
Hi,<br>
<br>
From the last attack I have seen the following:<br>
* Link crashes with partners. With greater impact on those with less hw<br>
resources.<br>
* Delays of up to 5 minutes in sending spots to users in some of the larger<br>
nodes.<br>
* More affected on Windows than on Linux.<br>
* On my node with 'set/var $DXProt::senderverify 2' the behaviour was as<br>
expected, no forged spots were fake.<br>
grep -i "bad spot" 047.dat | wc -l<br>
287005 <-- EA4URE-2<br>
381899 <-- EA3CV-2<br>
<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 14089.6 by<br>
N3LPT-3(70.139.124.201)@SM4ONW-14 User N3LPT-3 not on node SM4ONW-14, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 7025.0 by<br>
N0LPT-3(70.139.201.124)@SP6MI-2 User N0LPT-3 not on node SP6MI-2, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 28431.4 by<br>
N3LPT-3(70.139.124.201)@PA0ESH-3 User N3LPT-3 not on node PA0ESH-3, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 21132.3 by<br>
N5LPT-3(70.124.139.201)@GB7NHR User N5LPT-3 not on node GB7NHR, DUMPED<br>
1739707974^(*) PCPROT: Bad Spot CR3DX on 28438.0 by<br>
N0LPT-3(70.201.139.124)@PI1LAP-1 User N0LPT-3 not on node PI1LAP-1, DUMPED<br>
<br>
On my other node without enabling this feature, thousands of them were<br>
received.<br>
* The attack was based on varying the fields: spotted, comment, spotter,<br>
spotter ip and source node.<br>
* It appears that the spots were not sent from the source nodes listed in<br>
the spots. I have verified that the ones where my node appears as the source<br>
node, did not come from my node, so I think that this must have happened to<br>
most of them.<br>
<br>
My own conclusions<br>
* Dirk's algorithm was successful for nodes that used $DXProt::senderverify<br>
to remove dupes.<br>
* If the attack had been without 'dupes', it could not have been stopped.<br>
* The flood of spots that inundated the network clearly affected nodes with<br>
fewer resources, with a less efficient OS or with a sw other than spider.<br>
<br>
Kin EA3CV<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Dxspider-support mailing list<br>
Dxspider-support@tobit.co.uk<br>
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support<br></blockquote>
<br>
<br>
_______________________________________________<br>
Dxspider-support mailing list<br>
Dxspider-support@tobit.co.uk<br>
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support<br></blockquote>
</div>
<span>_______________________________________________</span><br><span>Dxspider-support mailing list</span><br><span>Dxspider-support@tobit.co.uk</span><br><span>https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</span><br></div></blockquote></div></div></body></html>