[aprssig] APRS-XO proposal
AE5PL Lists
HamLists at ametx.com
Thu Jan 10 13:59:54 EST 2008
It is very easy to write a flood of position packets that vary by just
enough to bypass the duplicate checking. Without some level of
verification, we would have zero protection against this type of DoS
attack. All it takes is one attack and the owners of the various
APRS-IS servers (database and APRS servers) would quickly reconsider
their participation in this gratis network. To look at it and say "no
one would ever do this" is to put your head in the sand like an ostrich
and expect nobody can see you. The verification we use is a low level
security at best but, as pointed out, has at least dissuaded most
excessive abuse. Yes, there has been abuse but the server sysops have
been able to respond because of the verification requirements.
The reason for not doing UDP verification is because there is little
gained and much lost. Yes, there are a couple of IP packets that are
not sent back to the sender. But there is also no verification of
receipt of the packet at the sender end, there is no verification that a
server is even there, and many firewalls block UDP.
Bottom line: UDP is not supported for packet insertion into APRS-IS.
Abuses have occurred. This is a network supported by hams for hams. If
there is such a desire to create this mystical UDP network for all the
world to enjoy, please focus on NOT using APRS-IS out of respect to your
fellow hams that support APRS-IS.
73,
Pete Loveall AE5PL, CISSP
pete at ae5pl dot net
More information about the aprssig
mailing list