[aprssig] UNDEFINED?

spam8mybrain spam8mybrain at yahoo.com
Thu Apr 30 11:55:18 EDT 2020


Is it coming from a single client IP address, or do they have a botnet driving this?
    
Since UNDEFINED is not a valid callsign, can the backbone servers blacklist this?Perhaps the servers need a patch so that the callsign-SSID has to look semi-legitimate (digits and letters, part preceding a hyphen limited to 6 or 7 characters, etc.). Of course, that level of hardening would be easy for the evil one to work around by just forging a legitimate callsign. But let's not document it, since legitimate users would never be hindered by the constraint.Andrew, KA2DDOauthor of YAAC

-------- Original message --------
From: John Langner WB2OSZ <wb2osz at comcast.net> 
Date: 4/30/20  10:49  (GMT-05:00) 
To: aprssig at lists.tapr.org 
Subject: [aprssig] UNDEFINED? 

This looks like a deliberate attack, not an innocent accidentalmisconfiguration.It appears to be scanning thru a large number of T2 servers, around theworld. The location is bouncing all over the place, perhaps to thwartduplicate removal and fill up the database.At  http://ontario.aprs2.net:14501/   we find:187.210.189.241	UNDEFINED	true	gpserver  corget.cn	No filterset	0d1h0m4.17s	121	2,402	7,676	184,425	21	5120d0h0m4.249s2400 packets per hour to the Ontario server alone.  This might be an attempt at a denial of service attack._______________________________________________aprssig mailing listaprssig at lists.tapr.orghttp://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20200430/27fd2a19/attachment.html>


More information about the aprssig mailing list