[aprssig] Simple Network Paging Protocol to APRS Gateway

Steve Dimse steve at dimse.com
Wed Sep 17 20:29:28 CDT 2014


On Sep 17, 2014, at 8:12 PM, Andrew P. <andrewemt at hotmail.com> wrote:

> One concern about this, is that it doesn't do any excuse at authentication to confirm the person sending a message is a licensed amateur radio operator, so it could allow unlicensed users to transmit to RF. The APRS-IS backbone's passcode mechanism may not be the strongest, but at least it slows down attackers a little bit and requires them to at least claim to be licensed. As this SNPP daemon is implemented now, it leaves the licensee of every transmitter this daemon can get to at risk.

I figured this would take less than 12 hours to get brought up. I'll spare everyone my usual review of the passcode history since it has been less than a year since it last came up.

But no, this daemon does nothing to increase risk to IGate operators. The passcode doesn't require 'attackers' to claim to be licensed. No one has any claim to any ham callsign on the internet, they are assigned for use on RF. If someone transmits as K4HG on the airwaves they are violating US law. If they do so on the internet they are violating nothing. Security through obscurity is no security at all. Do not stick your head in the sand - the APRS IS has been wide open for a decade. Accept it. Deal with it.

Steve




More information about the aprssig mailing list