[CQ-Contest] Spoofed Self spots

Michael Adams mda at n1en.org
Tue Nov 2 09:55:17 EDT 2021 

As someone else mentioned, I'm skeptical that authentication would be as effective as some might hope, especially given the challenges of securely propagating authentication across the hive of the spotting network.

However, I do think it would be helpful if there were a shift towards a 2.0 format of spotting traffic, one where (perhaps among other data) "name of originating node" in addition to the spotter were propagated across the network, and where nodes reported where they received a particular from (both IP address and node name?) rather than just retaining that information in the logs.   The spotting network has been primarily internet-focused rather than packet-focused for years; we don't need to be quite so miserly when it comes to information relayed with individual spots (although the processing implications of the RBN firehose still must be considered).

Such a format wouldn't prevent spoofing, of course.  However, those two pieces of information would facilitate analysis of node logs for contest inquiries about self-spotting, as well as providing sysops another tool for blocking bad actors / crap spots.

(And if the project resulted in node software that works as well as AR Cluster, I'd be extremely happy.)
-- 
Michael Adams | mda at n1en.org

-----Original Message-----
From: CQ-Contest <cq-contest-bounces+mda=n1en.org at contesting.com> On Behalf Of K3IB Peter
Sent: Tuesday, 2 November, 2021 08.07
To: cq-contest at contesting.com
Subject: Re: [CQ-Contest] Spoofed Self spots

Hi Pete

convincing (incenting?) each of the stakeholder groups to get on board is the problem.   We could come up with the greatest idea in the  world, but if no one uses it, it's a failure.

I imagine an authenticated spotting network in parallel with what we use today.  On this new network (Spotting 2.0?) spots from authenticated sources are distinguished from unauthenticated spots on the original (Spotting Classic?)  network; spots could flow both ways between the 2 networks.  Access to Spotting 2.0 could be bimodal, ie read only (unauthenticated) or read write (authenticated), to make adoption/transition as easy as possible.

On day 1 several years from now, both networks run, with Spotting 2.0 showing mostly spots from the Classic network, plus spots from early adopters (contest clubs maybe?).  I expect a transition to authentication will happen over many years (a decade?), with several step function moves along the way, likely as contest sponsors and organizers get on board, and/or as some malfeasor attacks the network and causes enough damage.

Authentication makes at least 2 things possible:  spotters will be unable to deny sending spots, so self-spotting will continue to be available for groups which use it, like POTA / IOTA, but easily detectable by contest scorers; and sources of bad spots, or intentional interference, could have their ability to spot revoked until the problem is fixed (the revocation moves the spotter from read write back to read only).  If spotting node operators all use / support the same authentication mechanism, then a single revocation could remove the bad actor globally.

This is not a small amount of work... but we're better off starting the work now before it's forced upon us.

-peter K3IB

More information about the CQ-Contest mailing list