[aprssig] Universal APRS messaging
steve at dimse.com
Sun Oct 19 20:47:45 EDT 2008
On Oct 19, 2008, at 7:42 PM, Lynn W. Deffenbaugh (Mr) wrote:
> It was my understanding that most IGate software by default only gates
> Internet to RF for those stations "recently" heard "local" to the
It doesn't matter who the message is to, the responsibility for the
content of the message goes to the IGate operator.
> If the IGate operator doesn't gate anything but the defaults, are
> risks I've not thought of?
I think so. Person xyz (ham or not, doesn't matter) doesn't like me,
I'm an IGate operator, and W4zzz is a nearby digi. xyz has a linux or
mac system, or a Windows telnet program.
then he types in
user K4HG passwd 28817 vers telnet
(28817 is really my password, like I say it is public anyway so why
not make the example real) - this gives him a validated connection
under my call.
then he types in a message with profanity, sends it to the local digi,
which means my IGate will transmit it
K4HG>APRS,TCPIP::W4zzz :Insert your favorite profane text here
What has happened?
The message appears on the APRS IS. It is addressed to a digi my IGate
considers local, so it is transmitted by me on RF. xyz did not violate
Part 97, but I sure did. Maybe you can make a case xyz is guilty of
identity theft, because K4HG is a unique piece of personal ID. So
instead of the above he sends his first name as a login and call
user XYZ passwd 29115 vers anything
then the message is
XYZ>APRS,TCPIP::W4zzz :Insert your favorite profane text here
Now he has done ABSOLUTELY nothing wrong, but I have violated Part 97.
I am responsible for EVERYTHING my IGate transmits, and anyone can
make it transmit anything anonymously. That is the risk that every
Igate operator needs to understand.
I've had 5 emails already from people who could not find the
algorithm, here is a perl program to figure the password for any call
$call = uc("$ARGV".chr(0));
$hash = 0x73e2;
$i = 0;
$len = length($call);
$hash ^= ord(substr($call,$i++,1)) * 256;
$hash ^= ord(substr($call,$i++,1));
print ($hash & 0x7fff);
Anyone that thinks this compromises the security of the APRS IS
already has their head in the sand!
More information about the aprssig