[aprssig] UNDEFINED?
spam8mybrain
spam8mybrain at yahoo.com
Thu Apr 30 11:55:18 EDT 2020
Is it coming from a single client IP address, or do they have a botnet driving this?
Since UNDEFINED is not a valid callsign, can the backbone servers blacklist this?Perhaps the servers need a patch so that the callsign-SSID has to look semi-legitimate (digits and letters, part preceding a hyphen limited to 6 or 7 characters, etc.). Of course, that level of hardening would be easy for the evil one to work around by just forging a legitimate callsign. But let's not document it, since legitimate users would never be hindered by the constraint.Andrew, KA2DDOauthor of YAAC
-------- Original message --------
From: John Langner WB2OSZ <wb2osz at comcast.net>
Date: 4/30/20 10:49 (GMT-05:00)
To: aprssig at lists.tapr.org
Subject: [aprssig] UNDEFINED?
This looks like a deliberate attack, not an innocent accidentalmisconfiguration.It appears to be scanning thru a large number of T2 servers, around theworld. The location is bouncing all over the place, perhaps to thwartduplicate removal and fill up the database.At http://ontario.aprs2.net:14501/ we find:187.210.189.241 UNDEFINED true gpserver corget.cn No filterset 0d1h0m4.17s 121 2,402 7,676 184,425 21 5120d0h0m4.249s2400 packets per hour to the Ontario server alone. This might be an attempt at a denial of service attack._______________________________________________aprssig mailing listaprssig at lists.tapr.orghttp://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20200430/27fd2a19/attachment.html>
More information about the aprssig
mailing list