[CQ-Contest] Spoofed Self spots
K3IB Peter
k3sss at townpoint.net
Tue Nov 2 08:06:41 EDT 2021
Hi Pete
convincing (incenting?) each of the stakeholder groups to get on board is the problem. We could come up with the greatest idea in the world, but if no one uses it, it's a failure.
I imagine an authenticated spotting network in parallel with what we use today. On this new network (Spotting 2.0?) spots from authenticated sources are distinguished from unauthenticated spots on the original (Spotting Classic?) network; spots could flow both ways between the 2 networks. Access to Spotting 2.0 could be bimodal, ie read only (unauthenticated) or read write (authenticated), to make adoption/transition as easy as possible.
On day 1 several years from now, both networks run, with Spotting 2.0 showing mostly spots from the Classic network, plus spots from early adopters (contest clubs maybe?). I expect a transition to authentication will happen over many years (a decade?), with several step function moves along the way, likely as contest sponsors and organizers get on board, and/or as some malfeasor attacks the network and causes enough damage.
Authentication makes at least 2 things possible: spotters will be unable to deny sending spots, so self-spotting will continue to be available for groups which use it, like POTA / IOTA, but easily detectable by contest scorers; and sources of bad spots, or intentional interference, could have their ability to spot revoked until the problem is fixed (the revocation moves the spotter from read write back to read only). If spotting node operators all use / support the same authentication mechanism, then a single revocation could remove the bad actor globally.
This is not a small amount of work... but we're better off starting the work now before it's forced upon us.
-peter K3IB
On Mon, Nov 1, 2021, at 22:48, Pete Smith N4ZR wrote:
> O(K, understood about VPNs, etc. So SQRL looks good - what stands in
> the way?
>
> 73, Pete N4ZR
> Check out the new Reverse Beacon Network
> web server at<http://beta.reversebeacon.net>.
> For spots, please use your favorite
> "retail" DX cluster.
>
> On 11/1/2021 9:10 PM, K3IB Peter wrote:
>> Identifying bad guys by IP addresses is not a thing any more.
>>
>> I can change my home IP address at will. Good luck getting Comcast to tell you what IP address was on my router 3 days ago.
>>
>> I can also attack from dozens of countries around the world by using one of any number of inexpensive VPN services.
>>
>> The best way forward is for clusters to start authenticating their users with a simple, widely available mechanism like SQRL.
>>
>> -peter K3IB
>>
>>
>>
>>> IIRC, maybe 20 years ago Dave, K1TTT did some pioneering work in
>>> identifying self-spotters, I think through the use of IP addresses It
>>> may be that the same techniques can be used today - or maybe they can at
>>> least demonstrate that these were *not* self-spots. Dave?
>>>
>>> 73, Pete N4ZR
>>> Check out the new Reverse Beacon Network
>>> web server at<http://beta.reversebeacon.net>.
>>> For spots, please use your favorite
>>> "retail" DX cluster.
>>>
>>> On 11/1/2021 2:46 PM, Michael Walker wrote:
>>>> Wow, what a surprise. I just went and looked at my cluster and sure
>>>> enough.
>>>>
>>>> I was running unassisted and I see that I spotted myself twice.
>>>>
>>>> This is not good and the only reason is for someone to ensure that the
>>>> cluster logging can't be trusted.
>>>>
>>>> Mike va3mw
>>>>
>>>>
>>>> VA3MW-7>
>>>> 7215.1 VA3MW 31-Oct-2021 2319Z
>>>> <VA3MW>
>>>> 7215.1 VA3MW 31-Oct-2021 2313Z
>>>> <WT8WV>
>>>> 7215.1 VA3MW 31-Oct-2021 2305Z LSB
>>>> <N2YO>
>>>> 7214.9 VA3MW 31-Oct-2021 2252Z LSB
>>>> <N4SS>
>>>> 7215.0 VA3MW 31-Oct-2021 2249Z
>>>> <W3MR>
>>>> 7215.0 VA3MW 31-Oct-2021 2244Z LSB
>>>> <WU9D>
>>>> 7215.0 VA3MW 31-Oct-2021 2237Z
>>>> <N3GT>
>>>> 7215.0 VA3MW 31-Oct-2021 2235Z LSB
>>>> <AC3LZ>
>>>> 7215.1 VA3MW 31-Oct-2021 2211Z
>>>> <VA3MW>
>>>> 7215.1 VA3MW 31-Oct-2021 2205Z
>>>> <KE1IH>
>>>>
>>>> On Mon, Nov 1, 2021 at 1:39 PM Dave K2XR via CQ-Contest <
>>>> cq-contest at contesting.com> wrote:
>>>>
>>>>> GM contesters. Hope you all are resting well.
>>>>>
>>>>> In the FRC chat room we have been discussing the abundance of apparent
>>>>> self spots during the contest. Many of our participants who run had
>>>>> their callsigns spoofed and spots of themselves made. It seems to have
>>>>> happened to enough of us that the question was posed... 'Was it just
>>>>> FRC that was targeted, or was it all contesters? "
>>>>>
>>>>> Looking on this reflector as well as the 3830 reflector, it didn't take
>>>>> long to see that it wasn't just FRC.
>>>>>
>>>>> http://lists.contesting.com/archives//html/3830/2021-11/msg00174.html
>>>>>
>>>>> Curious to know who else out there was targeted. The were about 10
>>>>> cases in the chat room I was in this AM, and suspect it might have been
>>>>> a huge problem.
>>>>>
>>>>> Is there a way for the sysops to track down the origin ? I would
>>>>> think so, but am not positive.
>>>>>
>>>>> It would be great to nail the perpetrator, and some of us are demanding
>>>>> it if it is all possible. Kind of ruins everything for some.
>>>>>
>>>>> Dave K2XR Frankford Radio Club
>>>>>
>>>>> _______________________________________________
>>>>> CQ-Contest mailing list
>>>>> CQ-Contest at contesting.com
>>>>> http://lists.contesting.com/mailman/listinfo/cq-contest
>>>>>
>>>> _______________________________________________
>>>> CQ-Contest mailing list
>>>> CQ-Contest at contesting.com
>>>> http://lists.contesting.com/mailman/listinfo/cq-contest
>>> _______________________________________________
>>> CQ-Contest mailing list
>>> CQ-Contest at contesting.com
>>> http://lists.contesting.com/mailman/listinfo/cq-contest
>> _______________________________________________
>> CQ-Contest mailing list
>> CQ-Contest at contesting.com
>> http://lists.contesting.com/mailman/listinfo/cq-contest
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest at contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
More information about the CQ-Contest
mailing list