[aprssig] UNDEFINED?

spam8mybrain spam8mybrain at yahoo.com
Thu Apr 30 12:46:42 EDT 2020

Another observation: do backbone servers apply any throttling of clients to keep them under control? If not, what's a reasonable throttle limit that won't break servers like ANSRVR, WHO-IS, CQSRVR, etc.?
I'm wondering if the attacker is bouncing around because he's getting tossed off servers and has to reconnect.Andrew, KA2DDO

-------- Original message --------
From: John Langner WB2OSZ <wb2osz at comcast.net> 
Date: 4/30/20  10:49  (GMT-05:00) 
To: aprssig at lists.tapr.org 
Subject: [aprssig] UNDEFINED? 

This looks like a deliberate attack, not an innocent accidentalmisconfiguration.It appears to be scanning thru a large number of T2 servers, around theworld. The location is bouncing all over the place, perhaps to thwartduplicate removal and fill up the database.At  http://ontario.aprs2.net:14501/   we find:	UNDEFINED	true	gpserver  corget.cn	No filterset	0d1h0m4.17s	121	2,402	7,676	184,425	21	5120d0h0m4.249s2400 packets per hour to the Ontario server alone.  This might be an attempt at a denial of service attack._______________________________________________aprssig mailing listaprssig at lists.tapr.orghttp://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20200430/8fbe6d29/attachment.html>

More information about the aprssig mailing list