Last night there were large amounts of pseudorandom position packets flooded on
a rectangular area in Russia. It's just now happened again. Peaking 1000-1500
packets per second, normal rate being below 100/sec. The traffic spikes are
visible on APRS-IS server graphs:
http://first.aprs.net:14501/ (click on the blue stats links to plot a graph of
each)
While it's obvious someone is trying to attack Russian hams, it is mostly
causing trouble to people outside Russia, as the packet flood is breaking
services worldwide, it is breaking APRS things for everyone. The
targeting is completely wrong.
The packet rates were large enough to cause problems to APRS-IS clients
digesting the full APRS-IS feed and pushing those to databases, APRS-IS servers
themselves seem to handle the packet rate for now.
I'll filter this out now on
aprs.fi to prevent it from hurting the service
for other parts of the world. Needless to say, I'd have better things to
do than dealing with this crap.
APRS activity during past 24 hours:
https://www.dropbox.com/s/c67f5djy7kx1ul7/aprs-dos-attack-20220226-russia.png?dl=0
What the flooded area looks like right now (if you open this up much later it'll
be gone, and it is also rather heavy on
aprs.fi & the web browser):
https://www.dropbox.com/s/l8lcr318zqhvi80/aprs-dos-attack-20220226-russia2.png?dl=0
Raw packets for those look something like this:
https://aprs.fi/?c=raw&call=WI7KWX-10
https://aprs.fi/?c=raw&call=WB69OAJ-3
https://aprs.fi/?c=raw&call=XJ9CZH-87
Similar events have happened in Poland a few times during the past year or so.
This looks fairly similar, messages are in Polish, Google Translate will
translate them to English just fine.
If you wish to reply, please keep your posts nice and on the *technical*
topic; I wouldn't like to spend time moderating this list a lot. The
whole war thing is nasty enough as it is, and quite close from here.
- Hessu, OH7LZB/AF5QT