[aprssig] China Has Hijacked WA8LMF.com !! 2

david vanhorn kc6ete at gmail.com
Mon Sep 27 18:26:13 EDT 2021


Back in the day (80's) I was designing credit card terminals for Verifone,
and we bought error decks from Magtek, which contained every sort of card
encoding problem there was, and one card with 100% good encoding.   Nobody
locked down that one card number either.  Legend has it that when that
number got issued to a person, their first bill had to be delivered by
truck.   Thousands of people in the industry had these decks, and we all
put test transactions out to the banks using that number.  $1, $1,000,000,
$123456..   It adds up!

On Mon, Sep 27, 2021 at 4:21 PM Kenneth Finnegan <
kennethfinnegan2007 at gmail.com> wrote:

> Looking at Internet Archive, it looks like wa8lmf.com has been dead for
> months if not years with various domain parking on it:
>
> http://web.archive.org/web/20210609210446/http://www.wa8lmf.com/
>
> So the lesson here is to make sure that you don't let the registration for
> any domains you care about expire and sit unregistered for a long time,
> because these sorts of sites will sweep them up if there's any decent
> number of links to them... they probably weren't banking on your APRS
> comment back in the day, but here we are.
>
> *I strongly suspect that this domain registration has nothing to do with
> BG0GE accidentally gatewaying their TNC test runs onto the APRS-IS*. I've
> emailed them directly to stop I-gating the LMF CD.
>
> The lesson here is that we shouldn't have released a test CD with real
> callsigns recorded on it. I pity anyone who got swept up on that CD since
> their packets from back in the day are periodically I-gated back to APRS-IS
> when someone accidentally plays the CD into their I-gate. It happens
> regularly, and causes all sorts of confusion (in my case today celebration
> that the N6CP-1 digi is back online after being dead for 15 years). Someone
> running it on loop for several days is less common than a single run, but
> understandable.
> --
> Kenneth Finnegan
> http://blog.thelifeofkenneth.com/
>
>
> On Mon, Sep 27, 2021 at 2:43 PM Andrew Pavlin via aprssig <
> aprssig at lists.tapr.org> wrote:
>
>> No, because the obnoxious individual could just change his APRS-IS server
>> login callsign, generate the corresponding passcode, and do it under a
>> different I-gate identity. The only way would be to ban Stephen's own
>> callsign (and there's no central authority in the APRS-IS backbone to
>> enforce such a blacklist), and Stephen would have to change his callsign
>> (and then the jerk could just look the new one up in the FCC public records
>> and do it again).
>>
>> The APRS-IS backbone has a fundamental security flaw (discussed on this
>> mailing list a few years ago), which basically allows anybody (licensed
>> amateur radio operator or not) to connect to it, because the security is so
>> weak and the program for generating passcodes is publicly available
>> (including to people of weak morals and unsavory habits, such as the
>> obnoxious individual that is harassing Stephen). Although the SSL
>> certificate alternative works, the issue with "who is the gatekeeper?"
>> would eventually end us all up in the same situation, because the authority
>> for the evil operator would verify their identity and let them in, or the
>> authentication data would be stolen or otherwise compromised. The sole
>> present "gatekeeper" for SSL access to APRS-IS is the ARRL, which does not
>> necessarily sit well with amateur radio operators in other nations. How do
>> we decide which other identification authorities to trust? And how do we
>> get it done at a reasonable cost for amateurs? And how do we deal with
>> phasing out the old insecure mechanism without breaking thousands of
>> amateur radio operators running old computers and software that can't
>> handle the new authentication scheme?
>>
>> As for the domain name, once someone "owns" a name, it's very hard to get
>> them to release it unless they don't lock it down against being released or
>> otherwise modified in the top-level domain name servers and registrars. Now
>> that Stephen's domain name is controlled by a Chinese registrar and locked
>> down there, he's out of luck to get it back unless he can prove theft of a
>> valid registration elsewhere to the satisfaction of that Chinese registrar.
>>
>> Andrew, KA2DDO
>> author of YAAC
>>
>> On Monday, September 27, 2021, 05:10:13 PM EDT, david vanhorn <
>> kc6ete at gmail.com> wrote:
>>
>>
>> Is there a way to drop his packets?
>>
>>
>> On Mon, Sep 27, 2021 at 2:19 PM Stephen H Smith via aprssig <
>> aprssig at lists.tapr.org> wrote:
>>
>> On 9/27/2021 12:51 PM, WA8LMF via groups.io wrote:
>>
>> For about a week now, looking up WA8LMF on findu.com or aprs.fi   has
>> yielded a map showing my location as being in Los Angeles.  (Rather than my
>> current location in Haslett in central Michigan.)
>>
>> This is due to the igate  BG0GE-6 in Xi'an China constantly igating a
>> playback of the APRS Test CD I created over 16 years ago.  This CD was
>> intended for direct audio playback into TNCs for testing; not for
>> over-the-air transmission. One of the tracks on the CD is a recording of
>> me, off-the-air, doing a 20-mile drive test around the San Gabriel Valley
>> east of Los Angeles.
>>
>>
>>  BG0GE has now upped the transmit rate into the APRS-IS  to once every 10
>> seconds, apparently in response to my once a minute beaconing of the
>> correct posit.  Further, he is including the Chinese porn site URL in his
>> comment/status field.
>>
>> A portion of APRS.fi's raw packet log:
>>
>> 2021-09-27 13:19:56 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Rate limited (< 5 sec)]*
>> 2021-09-27 13:20:03 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXV,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\!n^_>/]"4v} *[Location
>> changes too fast (adaptive limit)]*
>> 2021-09-27 13:20:08 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXV,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\.nh_>/]"4w}
>> 2021-09-27 13:20:14 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXU,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\7nh_>/]"4x}
>> 2021-09-27 13:20:19 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXU,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\An,_>/]"4y}
>> 2021-09-27 13:20:24 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXU,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\Cl"_>/]"4y}
>> 2021-09-27 13:20:30 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXT,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\Pn^_>/]"4y}
>> 2021-09-27 13:20:35 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXT,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\]n^_>/]"4z}
>> 2021-09-27 13:20:40 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXT,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\fn^_>/]"4{}
>> 2021-09-27 13:20:45 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXS,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.\sn^_>/]"4z}
>> 2021-09-27 13:20:51 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXS,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.]<0x1c>nT^>/]"4z}
>> 2021-09-27 13:20:56 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXR,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.]$n^_>/]"4z}
>> 2021-09-27 13:20:57 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Rate limited (< 5 sec)]*
>> 2021-09-27 13:21:01 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXR,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.]1nT^>/]"4{} *[Location
>> changes too fast (adaptive limit)]*
>> 2021-09-27 13:21:12 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXQ,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.]FnT_>/]"4{}
>> 2021-09-27 13:21:17 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPTXQ,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'.]Gl"W>/]"4{}
>> 2021-09-27 13:21:56 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Location changes too fast (adaptive limit)]*
>> 2021-09-27 13:22:03 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,WIDE1-1,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:>202337zhttp://wa8lmf.com
>> 2021-09-27 13:22:57 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Duplicate position packet]*
>> 2021-09-27 13:23:56 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Duplicate position packet]*
>> 2021-09-27 13:24:57 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Duplicate position packet]*
>> 2021-09-27 13:25:56 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Duplicate position packet]*
>> 2021-09-27 13:26:47 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>STPYXT,WIDE2-2,qAR,BG0GE-6
>> <https://aprs.fi/?c=raw&limit=&call=BG0GE-6>:'._<0x1d>l#?>/]"7,} *[Location
>> changes too fast (adaptive limit)]*
>> 2021-09-27 13:26:57 EDT: *WA8LMF
>> <https://aprs.fi/?c=raw&limit=&call=WA8LMF>*>APU25N,TCPIP*,qAC,T2USANW:=/8qp_9/pH>  BBG0GE-6 Igate In China Disrupting My Posit!
>> *[Location changes too fast (adaptive limit)]*
>>
>>
>>
>> _______________________________________________
>> aprssig mailing list
>> aprssig at lists.tapr.org
>> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
>>
>>
>>
>> --
>> K1FZY (WA4TPW) SK  9/29/37-4/13/15
>> _______________________________________________
>> aprssig mailing list
>> aprssig at lists.tapr.org
>> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
>> _______________________________________________
>> aprssig mailing list
>> aprssig at lists.tapr.org
>> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
>>
>

-- 
K1FZY (WA4TPW) SK  9/29/37-4/13/15
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20210927/16857cad/attachment.html>


More information about the aprssig mailing list