[aprssig] UNDEFINED?
spam8mybrain
spam8mybrain at yahoo.com
Thu Apr 30 12:46:42 EDT 2020
Another observation: do backbone servers apply any throttling of clients to keep them under control? If not, what's a reasonable throttle limit that won't break servers like ANSRVR, WHO-IS, CQSRVR, etc.?
I'm wondering if the attacker is bouncing around because he's getting tossed off servers and has to reconnect.Andrew, KA2DDO
-------- Original message --------
From: John Langner WB2OSZ <wb2osz at comcast.net>
Date: 4/30/20 10:49 (GMT-05:00)
To: aprssig at lists.tapr.org
Subject: [aprssig] UNDEFINED?
This looks like a deliberate attack, not an innocent accidentalmisconfiguration.It appears to be scanning thru a large number of T2 servers, around theworld. The location is bouncing all over the place, perhaps to thwartduplicate removal and fill up the database.At http://ontario.aprs2.net:14501/ we find:187.210.189.241 UNDEFINED true gpserver corget.cn No filterset 0d1h0m4.17s 121 2,402 7,676 184,425 21 5120d0h0m4.249s2400 packets per hour to the Ontario server alone. This might be an attempt at a denial of service attack._______________________________________________aprssig mailing listaprssig at lists.tapr.orghttp://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20200430/8fbe6d29/attachment.html>
More information about the aprssig
mailing list