Sending AIS using AISMON or other receiver without Shipplotter

[RiverRatt]

Is there any way of uploading AIS data with out using Shipplotter?
I can send it using a IP and Port.

[Heikki Hannikainen]

On Thu, 7 Jan 2010, RiverRatt wrote:

> Is there any way of uploading AIS data with out using Shipplotter?
> I can send it using a IP and Port.

I suppose aismon only does NMEA over UDP feeds, still. aprs.fi doesn't
take UDP feeds, because the source IP address can be faked very easily -
there's no way for aprs.fi to tell who sent the AIS data to aprs.fi.

MarineTraffic accepts UDP data, and there was already some fake data for
the hijacked vessel "Arctic Sea" (during the hijacking) sent via
MarineTraffic and then from there to aprs.fi. It could have originated
from RF too, but since there were only a couple of positions in clearly
odd places, instead of a proper track, I'm betting it was done over the
Internet. So, I'm insisting on only accepting data using TCP, with a
per-receiver password, so that we know where the positions were received
and can make a rough guess whether the received position packets can be
correct.

You could maybe ask the author of aismon to implement the JSON AIS
protocol:

http://wiki.ham.fi/JSON_AIS.en

gnuais, which works on Linux, can feed data to aprs.fi using the JSON AIS
protocol:

http://gnuais.sourceforge.net/

- Hessu

[Patrick Bryant]

Since there's nothing to stop someone from faking (spoofing) data via RF, I see no point in this authentication restriction. Ultimately, there is no confidentiality, integrity, or availability (the three factors of information security) assured using your authenticaton schema. And the incident you refer to involved the vessel Arctic SEA (see http://http://en.wikipedia.org/wiki/MV_Arctic_Sea). The AIS data was spoofed, via RF, by the Russian Navy. Your restriction would have had no effect.

I have good AIS data provided by no other receiver on the California coast - and no way of sending it to you. Too bad. It's a pity. Only users of marinetraffic.com will be able to see it.

N8QH

[Heikki Hannikainen]

Just because it's possible to spoof on RF, I don't see that as a reason to
use a protocol which allows trivial spoofing on the Internet.

There are thousands of kids who can spoof UDP on the Internet within a
minute (cut and paste an NMEA string to the 'nc' command and click enter
to transmit the UDP frame), but it requires much more work to obtain and
set up an AIS transmitter. It's doable for us hams, and trivial for anyone
having a boat with an AIS TX, or anyone willing to buy one off ebay, but
it's still more work and less likely to happen often, at major scale.

With TCP connections and an username/password to my server I know which IP
address and user account the data comes from, and if bad data comes in,
it's easy to decide that I don't trust that data source any more, let's
delete everything that came in from there.

With UDP it could have come in from anyone, anywhere, and there's no way
to say if it was your receiver or if someone else spoofed it on your
behalf.

The spoofed Arctic Sea packets came in via UDP to MarineTraffic. It could
have been transmitted anywhere on the Internet, or it could have been
spoofed on the RF. If the RF-side receiver could be identified, it can
potentially be easier to figure out if the packet was spoofed on RF or not
(is the transmitted position within a plausible receiving distance from
that receiver).

If you have some links / documents regarding Russian Navy actually doing
the spoofing in this particular case, that'd be interesting - I had not
heard about that (besides rumors)!

It's not that hard to implement or set up a better AIS receiver than a
dumb UDP transmitter, how about we work on that instead? TCP + login and
then NMEA stream on top of that?

> --
>  
>  
>
>

- Hessu

[Walter Runck]

Heikki,

I understand the reluctance to pass on anything that just shows up via a UDP
port. If you are willing to try a TCP/IP feed, take a look at the AIS
logger software available through the marinetraffic.com site
http://marinetraffic.com/ais/downloads/AisServiceSetup.zip When you
contribute to their site, you have to register with them, be assigned a
station number, and then send the data to a specific port, which provides
traceability on any suspect packets.

You could manage the requirements for contributing AIS stations as you saw
fit. I'd suggest requiring an operators ham license, verifiable contact
info, receiver location and equipment configuration before they are assigned
an account. If it helps, I'm happy to send you a TCP stream of AIS traffic
from a busy port. The watery kind, not the computer kind.

On another note, RF spoofing of AIS data would be a total pain to get more
than a couple of reports out. The time slotting protocol is much more
involved than a simple wait for CD to indicate clear air. If you are that
motivated to put some bad info on the air, there are other ways that make a
lot more sense. Details omitted in case any of the thousands of kids read
this.

Let me know if I can help and thanks for a terrific site. I stumbled across
APRS via your site while doing some AiS research and have learned a lot in
the process.

Best,

Walter
KK4DFZ

--