CQ-Contest
[Top] [All Lists]

Re: [CQ-Contest] Spoofed Self spots

To: cq-contest@contesting.com
Subject: Re: [CQ-Contest] Spoofed Self spots
From: "K3IB Peter" <k3sss@townpoint.net>
Reply-to: k3ib@townpoint.net
Date: Tue, 02 Nov 2021 08:13:41 -0400
List-post: <mailto:cq-contest@contesting.com>
hi Steve

This is the internet we're talking about.  Security hasn't been optional for at 
least 20 years.  Somehow ham radio has managed to avoid a significant lack of 
security impact, but this weekend's fraudulent self-spotting issues will, IMHO, 
be viewed as the shot across the bow, even if it was unintentional.

You are right... spotting is like email or DNS... it's everywhere, and 
everybody uses it.  There are a huge number of stakeholders.  But if everyone 
who spots has internet access, then something like SQRL will work.  And as I 
imagine it, you only need to authenticate in order to send spots, not receive 
them.

-peter K3IB



On Mon, Nov 1, 2021, at 23:38, Steve Dyer via CQ-Contest wrote:
> I really hope we don't have to start authenticating to clusters. The 
> hassle to the many global users seems to far exceed the gravity of the 
> problem. Every piece of software that uses clusters would have to 
> implement whatever scheme was used. It would be a mess.
> Steve
> W1SRD
>
> On 11/1/2021 18:10, K3IB Peter wrote:
>> Identifying bad guys by IP addresses is not a thing any more.
>>
>> I can change my home IP address at will.  Good luck getting Comcast to tell 
>> you what IP address was on my router 3 days ago.
>>
>> I can also attack from dozens of countries around the world by using one of 
>> any number of inexpensive VPN services.
>>
>> The best way forward is for clusters to start authenticating their users 
>> with a simple, widely available mechanism like SQRL.
>>
>> -peter K3IB
>>
>>
>>
>>> IIRC, maybe 20 years ago Dave, K1TTT did some pioneering work in
>>> identifying self-spotters, I think through the use of IP addresses  It
>>> may be that the same techniques can be used today - or maybe they can at
>>> least demonstrate that these were *not* self-spots. Dave?
>>>
>>> 73, Pete N4ZR
>>> Check out the new Reverse Beacon Network
>>> web server at<http://beta.reversebeacon.net>.
>>> For spots, please use your favorite
>>> "retail" DX cluster.
>>>
>>> On 11/1/2021 2:46 PM, Michael Walker wrote:
>>>> Wow, what a surprise.  I just went and looked at my cluster and sure
>>>> enough.
>>>>
>>>> I was running unassisted and I see that I spotted myself twice.
>>>>
>>>> This is not good and the only reason is for someone to ensure that the
>>>> cluster logging can't be trusted.
>>>>
>>>> Mike va3mw
>>>>
>>>>
>>>> VA3MW-7>
>>>>     7215.1  VA3MW       31-Oct-2021 2319Z
>>>> <VA3MW>
>>>>     7215.1  VA3MW       31-Oct-2021 2313Z
>>>> <WT8WV>
>>>>     7215.1  VA3MW       31-Oct-2021 2305Z  LSB
>>>> <N2YO>
>>>>     7214.9  VA3MW       31-Oct-2021 2252Z  LSB
>>>> <N4SS>
>>>>     7215.0  VA3MW       31-Oct-2021 2249Z
>>>>    <W3MR>
>>>>     7215.0  VA3MW       31-Oct-2021 2244Z  LSB
>>>> <WU9D>
>>>>     7215.0  VA3MW       31-Oct-2021 2237Z
>>>>    <N3GT>
>>>>     7215.0  VA3MW       31-Oct-2021 2235Z  LSB
>>>>    <AC3LZ>
>>>>     7215.1  VA3MW       31-Oct-2021 2211Z
>>>> <VA3MW>
>>>>     7215.1  VA3MW       31-Oct-2021 2205Z
>>>> <KE1IH>
>>>>
>>>> On Mon, Nov 1, 2021 at 1:39 PM Dave K2XR via CQ-Contest <
>>>> cq-contest@contesting.com> wrote:
>>>>
>>>>> GM contesters.  Hope you all are resting well.
>>>>>
>>>>> In the FRC chat room we have been discussing the abundance of apparent
>>>>> self spots during the contest.  Many of our participants who run had
>>>>> their callsigns spoofed and spots of themselves made. It seems to have
>>>>> happened to enough of us that the question was posed...   'Was it just
>>>>> FRC that was targeted, or was it all contesters? "
>>>>>
>>>>> Looking on this reflector as well as the 3830 reflector, it didn't take
>>>>> long to see that it wasn't just FRC.
>>>>>
>>>>> http://lists.contesting.com/archives//html/3830/2021-11/msg00174.html
>>>>>
>>>>> Curious to know who else out there was targeted.  The were about 10
>>>>> cases in the chat room I was in this AM, and suspect it might have been
>>>>> a huge problem.
>>>>>
>>>>> Is there a way for the sysops to track down the origin ?     I would
>>>>> think so, but am not positive.
>>>>>
>>>>> It would be great to nail the perpetrator, and some of us are demanding
>>>>> it if it is all possible.  Kind of ruins everything for some.
>>>>>
>>>>>        Dave   K2XR      Frankford Radio Club
>>>>>
>>>>> _______________________________________________
>>>>> CQ-Contest mailing list
>>>>> CQ-Contest@contesting.com
>>>>> http://lists.contesting.com/mailman/listinfo/cq-contest
>>>>>
>>>> _______________________________________________
>>>> CQ-Contest mailing list
>>>> CQ-Contest@contesting.com
>>>> http://lists.contesting.com/mailman/listinfo/cq-contest
>>> _______________________________________________
>>> CQ-Contest mailing list
>>> CQ-Contest@contesting.com
>>> http://lists.contesting.com/mailman/listinfo/cq-contest
>> _______________________________________________
>> CQ-Contest mailing list
>> CQ-Contest@contesting.com
>> http://lists.contesting.com/mailman/listinfo/cq-contest
>
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest@contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
<Prev in Thread] Current Thread [Next in Thread>