[aprssig] APRS-XO proposal
scott at opentrac.org
Thu Jan 10 13:15:52 CST 2008
It's equally easy to flood via TCP. You can provide exactly the same
protection measures via UDP. As for firewalls blocking UDP - I'd say
that's a very broad generalization. If you want to get through
firewalls, then UDP is probably your best bet - specifically in the form
of DNS queries that could be used to post (and to query) position data.
You could do that from all but the most heavily firewalled networks.
I really don't buy the argument that the validation code is what's
preventing abuses anyway. Anyone with the very basic skill level
required to write a DoS script could also implement the validation code
algorithm and generate all of the codes they wanted.
I think a DoS attack on the APRS IS isn't the most likely scenario,
either. What's the point? It'd just be an act of vandalism against a
relatively little-known service. On the other hand, how many APRS
clients were written with any thought toward preventing data-driven
attacks, in particular buffer overruns? I would be very surprised if
there were no exploitable security holes in the major applications out
there. An attack there would be replicated to all connected clients,
and could potentially turn all of the affected machines into
spam-spewing zombies, or just quietly install backdoors and phone home
to the attacker. If you want to prevent apocalyptic APRS IS scenarios,
look there first.
AE5PL Lists wrote:
> It is very easy to write a flood of position packets that vary by just
> enough to bypass the duplicate checking. Without some level of
> verification, we would have zero protection against this type of DoS
> attack. All it takes is one attack and the owners of the various
> APRS-IS servers (database and APRS servers) would quickly reconsider
> their participation in this gratis network. To look at it and say "no
> one would ever do this" is to put your head in the sand like an ostrich
> and expect nobody can see you. The verification we use is a low level
> security at best but, as pointed out, has at least dissuaded most
> excessive abuse. Yes, there has been abuse but the server sysops have
> been able to respond because of the verification requirements.
> The reason for not doing UDP verification is because there is little
> gained and much lost. Yes, there are a couple of IP packets that are
> not sent back to the sender. But there is also no verification of
> receipt of the packet at the sender end, there is no verification that a
> server is even there, and many firewalls block UDP.
> Bottom line: UDP is not supported for packet insertion into APRS-IS.
> Abuses have occurred. This is a network supported by hams for hams. If
> there is such a desire to create this mystical UDP network for all the
> world to enjoy, please focus on NOT using APRS-IS out of respect to your
> fellow hams that support APRS-IS.
> Pete Loveall AE5PL, CISSP
> pete at ae5pl dot net
> aprssig mailing list
> aprssig at lists.tapr.org
More information about the aprssig