As Paul Harvey likes to say, here's the rest of the story. After seeing Mal N7MAL's original post
on DX-NEWS describing "bogus DX Packet Cluster spots" on K1TTT's node, I e-mailed Dave K1TTT (who
isn't a member of either DX-NEWS or DX-CHAT) to see what he had to say about it. Dave asked me to
pass on his response, as follows:
"Please pass this back on from me if you would... I hope I'm not being too blunt, but this
discussion is getting old and it's annoying to see it pop up in a whole new incarnation. It should
be noted that I do not coordinate with, nor speak for, ja2yyf.
----- Original Message -----
From: "N7MAL" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, November 14, 2005 2:45 AM
Subject: [DX-NEWS] Packet Cluster Problems
I have received a virtual mountain of information concerning the problem of bogus DX Packet
Cluster spots. Many of us have been attempting track down the bogus spotters and have been unable
to for thefollowing reason: The vast majority of bogus spots are coming from DX Packet Cluster
nodes that 'DO NOT' exist. The nodes are K1TTT-14 and JA2YYF-7.
If they 'do not exist' how did you identify them? And why have you not
contacted me directly?? Oh wait, I already know that answer... you already
know what these nodes are and are fishing for a sympathetic audience to turn
against me for pointing out the facts on cq-contest. For those of you who
don't frequent the cq-contest reflector, this discussion has been repeated
on there regularly, including the explanation of what those nodes are and
where the spots come from. Mal is now apparently trying to raise the same
issues with a new audience, probably hoping to find some people who are more
likely to take action than to check the facts.
Apparently spots, from a great many nodes, come
into K1TTT and are, for whatever reason, reprocessed and retransmitted
with the K1TTT-14 designator. The same applies to JA2YYF.
For those of you who haven't seen this before here is the real story:
The k1ttt-14 and ja2yyf-7 'nodes' collect spots from the #cqdx irc channel.
irc is one of the oldest (probably the first) and largest instant messaging
systems on the internet. Short for 'internet relay chat' it is made up of a
world wide network of servers and supports a flexible configuration of chat
'rooms'. These rooms are usually dedicated to particular topics, the #cqdx
room is mostly about dxing, though other radio chat topics often come up
there. This room is created and run by n6rt who provides a dx spot feed
into it from a variety of cluster nodes, and also the dxsummit webcluster
site. This makes it a relatively reliable source of spots and also provides
a source to get the dxsummit web site spots that otherwise get fairly
limited distribution. There is a growing number of users who only send
spots via the dxsummit web site including some very active dx and contest
stations.
K1ttt-14 and ja2yyf-7 both take spots from the #cqdx irc channel (see
http://dx.qsl.net/cqdx/ for more info) and put them into the cluster
backbone identified, as you can see, by our own node calls just so they can
be traced. You should note for later in this story that this k1ttt-14
identifier was used by a node sysop around the start of the iraq war when a
station made some threats against pres bush on the cluster, the secret
service gave me a midnight call asking where the spot came from which I
provided to them.... this becomes important later.
Now, normally the #cqdx feed from the regular cluster nodes is a bit slower
than the normal node backbone connections. This means that the spots that
get put on there that have already been on the 'normal' backbone are a bit
delayed, my software that runs k1ttt-14 and ja2yyf-6 reads them and removes
dupes of spots that it has already gotten from the normal backbone. The
ar-cluster software that those 'nodes' feed then further filters them before
they get sent on to the rest of the world. Because of the delays in each
step those spots rarely get out unless there is a breakdown in the backbone
somewhere.
The other source of #cqdx spots are from dxsummit (see
http://oh2aq.kolumbus.com/dxs/) and I think a couple other web cluster
sources (mostly for vhf spots I think). Again, n6rt's software grabs those
spots and puts them into the #cqdx irc channel, at this point they are
identified by the -@ ssid which you will see on the dxsummit site for spots
put in from the web interface. Unfortunately some cluster nodes don't like
this ssid so it has to be stripped before those spots are put into the
normal cluster network, this is done in the ar-cluster software. Ar-cluster
also contains it's own dxsummit spot collector, this is delayed even more
and only checks the site every couple of minutes so those collected spots
are usually blocked as dupes from other sources. However at times when
#cqdx is down or there are other connection problems those may be seen on
the backbone as coming from nodes like 'web/xxxxxx'.
Now that you know where the spots come from and how they are identified, on
to the next step... tracking them. This is something that I have published
after every major contest for the last couple of years on cq-contest where
mal frequently complains about packet use in contests. When dxsummit
started it was pretty much stand alone, then came the #cqdx and ar-cluster
and other user logging programs that accessed it and allowed automatic
posting of spots there. Then some of the troublemakers who for obvious
reasons like to stay anonymous found out that they could post comments there
that couldn't be traced. While the admins there did lock out some calls and
added some filters, that would not stop determined disrupters... it never
has and never will, lock someone out of the cluster system or filter their
favorite words and they will find another way to get in, and they have
taught email spammers some lessons on how to change spelling just enough to
bypass filters, witness how many ways you see c.i,al,i.s spelled in your
spam filtered mail every day! Those are the types we are up against... the
anonymous cluster spammers.
Enough of that, back to the story... Remember that call from the secret
service? Well, the source of the threats they were tracking was from
dxsummit and that the only way to track them was to get the server logs from
there. Well, best I can tell some administrators of dxsummit must have had
some calls from someone who got a call from someone who must have gotten a
call from the secret service... a few days later an ip tracking page showed
up on dxsummit. You can see it at:
http://oh2aq.kolumbus.com/dxs/dxsinput.html
As soon as this page showed up and got some press coverage in the contest
community there was a rapid drop in abuses during contests where contest
cheaters were spotting themselves using bogus calls. The history of this is
available in the archives of the cq-contest reflector... that mal knows well
I'm sure. Now, as mal has noted, there was a sudden surge in bogus stuff
from there a while ago... this happened after the dxsummit site suffered a
server crash. There was a month or so when it was down completely, then
when it came back they must have gone back to older software and the ip page
wasn't working. It took about 6 months of communications with various
contacts in Europe to get them to put the page back and it is just starting
to take hold again I think.
Unfortunately there will always be some miscreants who will use cheap
internet accounts or other methods to avoid being identified just to cause
trouble. There is no way to stop them, block them in one place and they
show up somewhere else with fresh attacks. The best thing that can be done
is to ignore them, don't respond and they eventually get bored and fade
away. Respond to them, make threats that you will track them down, and they
just keep going. This is an unfortunate trait of some people that shows
itself whenever there is a method of hiding your identity from the masses...
some people will take advantage of that anonymity to stir the pot, make
personal attacks, or just otherwise disrupt society.
Now, how does this help? Well, it lets you know that mal is trying to just
inflame the situation by spreading partial truths and leaving out
information that he should be well aware of. You are invited to review
recent discussions (most recently starting after cqww ssb) on the cq-contest
reflector to see his comments, including a call for a complete shutdown of
the spotting network, and the responses to it on there.
Oh, and the next step??? Well unfortunately in most cases even with the ip
address of a miscreant either from dxsummit or a 'normal' cluster log there
is very little that can be done. Ip addresses can be tracked as far as an
isp in most cases, but only rarely to a specific computer. The analysis I
do from contest logs uses pattern analysis to show that it is likely that
there is something untoward going on, it is then up to the contest sponsors
to compare the spotting data with participants logs to take any action they
may feel is appropriate. I have had many queries from people who have been
attacked by some of these miscreants via dxsummit and have provided them
with the ip address, isp abuse contacts, etc... all of which is public
record. but have not heard of any of them getting satisfaction from an isp
in fingering an abuser or getting them cut off. As I understand it the EU
privacy statutes make it all but impossible to get any user information, and
when it crosses country lines its probably even worse. In the states it
would take something like an order from a federal judge to get isp's to
release records, and then its only likely under some kind of national
security investigation... so don't threaten terrorism or a federal official
and you are home free... attack me and all I can do is watch it scroll by on
my screen. Unless of course its hidden in some reflector that I don't
subscribe to by someone who doesn't want the full truth out there.
<snip further hate mongering, calls for immediate action, baseless
statements, calls for lynchings, etc>
David Robbins K1TTT
e-mail: mailto:[EMAIL PROTECTED]
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net"
----------------------------------------------------------
Archives http://www.mail-archive.com/[email protected]
THE DXR is sponsored by the North Jersey DX Association.
Please visit our website:
http://www.njdxa.org/index.php
scroll to bottom for subscribe/unsubscribe options
----------------------------------------------------------
