Preventing APRS Abuse / Fake Information

[Alistair MacDonald]

Hi,

I am after some advice relaying to some APRS abuse we are at the receiving end of. The TLDR version of this email is can abuse be filtered out by aprs.fi, and if so how do we make that happen?

I am part of a team who took over a DMR repeater last year. We have been sending it's location to APRS (using our repeater's call sign to log in) since we installed it in it's new home and aprs.fi has been linking the BrandMeister reported locations to that location.

All was good, but recently a local APRS repeater keeper started sending "{callsign} DMR" objects for all the DMR repeaters in the region and this has broken a few things for us. We have tried to negotiate with him but his premise is that he has been looking after APRS in the region for 15 years and we are the ones who should stop. I believe this is part of some power grab and he just wants the icons on the map to be associated with him.

This weekend we set up a script that posts an object with the correct details (including the official repeater's home page URL) couple of seconds after he posts the wrong details. The problem now is he is now doing things like updating several times a minute or adding lots of random icons. He has also been using our callsign, we think trying to work around our script. This is also messing up our heat mapping project, although that is not an aprs.fi related thing.

One of our team is still trying to communicate with him but you can imagine how that is going and we are at a loss of what to do next. Is there a way of having malicious data filtered at the APRS server level, or within aprs.fi?

I am assuming this kind of thing happen but can not find any guidance on what to do. Any advice is most welcome.

All the best,

  Alistair

[Heikki Hannikainen]

Hi,

Blocking abuse and fake information is difficult, since it is being
injected on the APRS-IS network, or even on RF, and it will go to a lot of
places, one of those places being aprs.fi.

I can technically filter things here, but I've mostly only been doing it
when it is causing technical issues (overload, flooding of map display or
such). Or when there is a software or bug of some sort that cannot be
worked around.

There's not much security or authentication on the APRS network: if
something is filtered based on the data contents (let's say a callsign),
it will be easy to go around those filters by just changing a letter or
two somewhere. So any filtering is not very effective. It suffers from the
same problems that you already found out with your scripting and packet
scheduling exercise - he can just do something slightly different and it
will bypass the filtering.

I would recommend that you try to handle this locally: if you have the
licenses for those callsigns, it's quite clearly your business to announce
them and their locations, and it should be clear that it's not his
business. It may also be illegal for him to use your callsigns and disrupt
your operations.

If I filter or delete things here at this end, it will only remove that
data from this one web site - it won't remove it from the rest of the APRS
network. Deleting the data here also removes the proof and archive of this
silliness. I'd rather not be doing the cat-and-mouse game a lot on this
end.

> --
> You received this message because you are subscribed to the Google Groups "aprs.fi" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> aprsfi+un...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/aprsfi/94a6b90f-d795-49a6-a47c-21bcdfb7cc0an%40googlegroups.com.
>
>

- Hessu

[Alistair MacDonald]

Thank you for that Hessu. Appreciated. I suspected as much but it is not the end of the world. I appreciate that filtering every single disagreement on APRS would not be a practical solution.  

We thought we had negotiated an agreement but he has gone back on that already so I guess we need to just hope he looses interest over time.

All the best,

  Alistair

[Kipton Moravec]

Send him a certified letter with a return receipt from the call sign trustee and tell him he is not authorized to use the call sign in any way on any Amateur Radio system. Make it look official, Maybe that will wake him up.

Kip

To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/49d36a1c-2b92-426e-b807-66a75395a612n%40googlegroups.com.

[Alistair MacDonald]

Not a bad suggestion Kip, but we are trying to be up front an honest about this and it is a little underhand. Also I suspect if the police turned up with a legal injunction he would continue.

We thought we had found a workable solution. That being when he posted the incorrect details we would post the corrected details a few seconds after. I hove now built in some flood protection as he has somehow managed to send hundreds up updates in a second before now, but other than that it was working well. Now however he has done something to prevent us from updating at all. The raw data shows "[Duplicate position packet]". I added a time stamp but now get "[Delayed or out-of-order packet (timestamp)]". I will post full updates below. 

2021-01-28 16:05:53 GMT: GB7XY>APWW11,TCPIP*,qAC,T2OSAKA:@160553h/2a0yN(s`I sT(Time 0:00:00)439.400 -9.4 DMR CC1

2021-01-28 16:05:58 GMT: GB7XY>APZ001,TCPIP*,qAC,T2GB:=5458.42N/00136.66Wr 439.425 -9.0 DMR CC:10 http://makerspace.org.uk/radio/gb7xy [Duplicate position packet]

2021-01-28 16:14:53 GMT: GB7XY>APWW11,TCPIP*,qAC,T2OSAKA:@161453h/2a0yN(s`I sT(Time 0:00:00)439.400 -9.4 DMR CC1

2021-01-28 16:14:58 GMT: GB7XY>APZ001,TCPIP*,qAC,T2IRELAND:@161458z5458.42N/00136.66Wr 439.425 -9.0 DMR CC:10 http://makerspace.org.uk/radio/gb7xy [Delayed or out-of-order packet (timestamp)]

Any suggestions as to what he has done to break this?

Also Heikki I apologise if this is causing any problems with APRS FI. I am doing the best in my code to not flood APRS IS. If any of this is causing a problem then please contact me to let me know.

All the best,

  Alistair

[Heikki Hannikainen]

On Thu, 28 Jan 2021, Alistair MacDonald wrote:

> 2021-01-28 16:14:53 GMT: GB7XY>APWW11,TCPIP*,qAC,T2OSAKA:@161453h/2a0yN(s`I sT(Time 0:00:00)439.400 -9.4 DMR
> CC1
> 2021-01-28 16:14:58 GMT: GB7XY>APZ001,TCPIP*,qAC,T2IRELAND:@161458z5458.42N/00136.66Wr 439.425 -9.0 DMR CC:10
> http://makerspace.org.uk/radio/gb7xy [Delayed or out-of-order packet (timestamp)]
>
> Any suggestions as to what he has done to break this?

The second packet, which I assume is yours, transmits a timestamp of 14:58
UTC on the 16th day. The first packet has a fairly accurate timestamp of
16:14:53 UTC.

Grab a look at APRS101.pdf, timestamp formats. And the aprs.fi raw packets
display has a fairly useful "Decoded" mode (switch from "Normal" to
"Decoded" in the drop-down on the top), to see what the parser gives out.
Including decoded timestamps.

If I got a dime every time someone gets UTC timestamps wrong, I could buy
a beer at a pub here. If I dared to go and get infected. Beer is expensive
over here in the pub. :)

- Hessu

[Fowler Johnston]

Hello

Im sorry digging up an old post...I was looking at my WX station KC5AEE on aprs.fi everything looks good...except the location...that was a fat finger error on my part..however I did a wildcard search looking for my vehicle APRS and I found KC5AEE-2 in NEPAL!..... My weather station nor any of my APRS gear have been to Nepal.....what do I need to do? Did someone pirate my call sign?

TIA

Fowler

KC5AEE

[Heikki Hannikainen]

Hi,

On Mon, 8 Aug 2022, Fowler Johnston wrote:

> I found KC5AEE-2 in NEPAL!..... My weather station nor any of my APRS
> gear have been to Nepal.....what do I need to do? Did someone pirate my
> callsign?

Your weather station appears to be transmitting coordinates which are in
Nepal. I think you need to configure your weather station with coordinates
which are closer to home.

The coordinates transmitted by the station are visible in the info page:

https://aprs.fi/info/KC5AEE-2

as well as in the raw packets, decoded mode, which shows the coordinates
(latitude and longitude, in decimal degrees) for each decoded packet:

https://aprs.fi/?c=raw&call=KC5AEE-2&limit=50&view=decoded

- Hessu

[Fowler Johnston]

Hello

It's not my station! My station is "KC5AEE"

It shows up correctly on the map in New Mexico USA.

I don't know who is using my call sign with -2 ....

I'm just trying to figure out if I need to stop them or just let it go....

73s

Fowler

Sent via wireless electrons into the ether......

--
You received this message because you are subscribed to a topic in the Google Groups "aprs.fi" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/aprsfi/ZwX0xj_4yuk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to aprsfi+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/alpine.DEB.2.21.2208102215150.5000%40jazz2.he.fi.

[Don Rolph]

This is one of the reasons I advocate having even stationary APRS stations get their position from GPS systems.

The number of ways one can improperly enter GPS coordinates manually is truly fascinating.

You received this message because you are subscribed to the Google Groups "aprs.fi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aprsfi+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/62f416c7.1f0a0220.ae637.082a%40mx.google.com.

--

73,

AB1PH

Don Rolph

[Fowler Johnston]

The issue isn't entering the position of the WX station incorrectly...it's someone is using my amateur call sign illegally on their WX station...

Fowler

KC5AEE 

To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/CAKpxnB3d5%3D9O1xNvORMwcM9n9DuGQa1r1acDDUgBwEn_xnjyNA%40mail.gmail.com.

[Heikki Hannikainen]

Hi,

The temperature graph of KC5AEE-2 says the data is coming from the
americas - it shows the familiar day/night curve aligning nicely with
KC5AEE (or any other weather station in the US). The weather transmitted
by KC5AEE-2 is not from Nepal - the day/night times are quite far off over
there.

https://aprs.fi/weather/a/KC5AEE-2
https://aprs.fi/weather/a/KC5AEE

Now, https://aprs.fi/info/a/KC5AEE-2 says the coordinates for that station
are 28.0700 N 82.7100 E. If we swap the sign of the longitude, from
82.7100 East to 82.7100 West, you land here:

https://aprs.fi/#!mt=roadmap&z=14&lat=28.0710&lng=-82.7100&timerange=3600&tail=3600

Tampa Bay, Florida.

And if you pick another weather station on that map, close to those
coordinates in Tampa, it turns out the temperatures are very similar to
what KC5AEE-2 report, peaking 30°C yesterday and a low of 24°C last night:

https://aprs.fi/weather/a/EW9788

Pressure seems to be off, but that's probably just badly calibrated
sensors or something.

I happen to host one of the CWOP servers, so I took a peek at the log file
to check the IP address this KC5AEE-2 data comes from. It comes from a
customer of Frontier (a big internet service provider in the USA).

Both KC5AEE and KC5AEE-2 are using the same software to report: KC5AEE is
WiFiLogger2 version 2.37 and KC5AEE-2 is WiFiLogger2 version 2.38.

So, I'm guessing someone, running the same weather station software as
you, around Tampa, FL, with Frontier internets, has fat-fingered both the
longitude (east/west mixed up), along with the callsign. Perhaps the
correct callsign is very close to yours, off by a letter or two.

Have you by any chance shared example configuration files of the weather
station on some forum, to help others? I remember an OH2 ham distributing
example configs of his Linux packet radio software in the 90's, only to
find a whole lot of people did not change the callsign before starting to
operate. :)


Now, as the data is only transmitted on the Internet (on the CWOP
servers), and not on amateur radio frequencies, I'm guessing no laws are
being broken. I do understand it's quite annoying.

> You received this message because you are subscribed to the Google Groups "aprs.fi" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to aprsfi+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/62f416c7.1f0a0220.ae637.082a%40mx.google.com.
>
>

- Hessu

[Heikki Hannikainen]

I suppose this case can be closed while trying to keep witty remarks to a
minimum; after looking for suitable close-enough callsigns a bit, I
noticed KC5AEE on qrz.com & FCC ULS has an address in Palm Harbor, FL,
very close to 28.0700 N 82.7100 W.

The KC5AEE-2 weather station has also today around 19:30 UTC been
reconfigured to beacon with a western longitude which, along with a small
adjustment in coordinate decimals, moves it from Nepal to the address
shown on qrz.com. The pirate has sailed home.

73!

- Hessu

[Fowler Johnston]

Dr H

You are a super sleuth! That's my house in Florida! I didn't think I put in the datalogger2 numbers for APRS. I must have inverted my coordinates!

I'll get into the datalogger2 and fix that

Thanks again

73s

Fowler 

KC5AEE 

To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/alpine.DEB.2.21.2208122008340.15564%40jazz2.he.fi.

[Fowler Johnston]

Another satisfied customer!

73s

F

--
You received this message because you are subscribed to a topic in the Google Groups "aprs.fi" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/aprsfi/ZwX0xj_4yuk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to aprsfi+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/aprsfi/alpine.DEB.2.21.2208130053010.15564%40jazz2.he.fi.

--

Send via electrons into the ether.....