Cloud listening to HFDL frequencies
I have been seeing connections from cloud networks all over the world receiving HFDL frequencies in the aeronautical bands with I/Q for hours. Either kiwiclient or some custom client.
What could be the purpose of this?
Comments
I wonder if some of the Plane spotter apps are starting to use KiWi's to aggregate HFDL data, as they already do for ADBS and ACARS VDL etc.
Regards,
Martin
I think they wouldn't have dozens of servers at different cloud services. If I block one, they immediately connect from a different network.
It's almost like a bot net. If i don't limit the channels per IP to 1, they occupy all channels.
So we need an alternative. In the past I've added code to determine the unique characteristics of such connections. And If I can distinguish them from legitimate connections then I can disconnect them soon after they connect.
Well they look like legitimate kiwirecorder connections.
I'll try a few things and look how it goes.
Maybe an option to block non-kiwi connections from non-local networks would be a possibility, but it's not a severe issue at the moment.
Ah well that works. Let's see how long they try.
And they're gone. I wonder if they show up on other kiwis.
We have a great aurora show here in southern Switzerland this evening btw.
So, they keep trying. It does have become a bit of an annoyance.
I don't want to disable non-kiwi connections permanently, because they're required for example for TDoA.
I've masked the frequencies to which they're listening to. Since then, they disconnect after 3 minutes. Which means they are actively decoding data. But they still try several times every day, each time from a new IP address/network, more than hundred so far.
If there's a simple solution to prevent that, it would be nice, otherwise i'll just sit it out.
(replaced parts of the IP with x/y for GDPR reasons 🙄)