[Xastir] non licensed callsign in my area
Tom Russo
russo at bogodyn.org
Thu Sep 7 17:57:26 PDT 2017
On Fri, Sep 08, 2017 at 12:13:30AM +0000, we recorded a bogon-computron collision of the <kd5mkv at hotmail.com> flavor, containing:
> I found a possible illegal callsign with passcode 9922 on my xastir program, He was running a iphone app from the internet. I found a passcode generator online and typed impoop and received a aprs passcode.
Are you running Xastir with its server port on a public interface? Are you gating his traffic?
> I turned off my Igate which gets little activity here, the passcode generator was N5DUX but found others online. Is there a way to block these intruders?
Don't let anyone at all connect to your local Xastir instance through the
interwebz. Put it behind a firewall, and expose your server port only to your
LAN. If you are running a bi-directional igate (and these should be the only
kind) then monitor what is going out of your RF interface as third-party or
message traffic from APRS-IS. Shut down your transmit if it's abused.
Can't think of any other way. APRS pass codes are completely insecure, and
the algorithms have been public for well over a decade. Anyone can write one,
and there's nothing to be done about it. That cat is long out of the bag.
--
Tom Russo KM5VY SAR502 DM64ux http://www.swcp.com/~russo/
Tijeras, NM QRPL#1592 K2#398 SOC#236 http://kevan.org/brain.cgi?DDTNM
echo "prpv_a'rfg_cnf_har_cvcr" | sed -e 's/_/ /g' | tr [a-m][n-z] [n-z][a-m]
More information about the Xastir
mailing list