Cloud listening to HFDL frequencies

HB9TMCHB9TMC
in KiwiSDR Discussion

I have been seeing connections from cloud networks all over the world receiving HFDL frequencies in the aeronautical bands with I/Q for hours. Either kiwiclient or some custom client.

What could be the purpose of this?

Comments

  • G8JNJG8JNJ

    I wonder if some of the Plane spotter apps are starting to use KiWi's to aggregate HFDL data, as they already do for ADBS and ACARS VDL etc.

    Regards,

    Martin

  • HB9TMCHB9TMC

    I think they wouldn't have dozens of servers at different cloud services. If I block one, they immediately connect from a different network.

    It's almost like a bot net. If i don't limit the channels per IP to 1, they occupy all channels.

  • jksjks

    So we need an alternative. In the past I've added code to determine the unique characteristics of such connections. And If I can distinguish them from legitimate connections then I can disconnect them soon after they connect.

  • HB9TMCHB9TMC
    edited May 10

    Well they look like legitimate kiwirecorder connections.

    I'll try a few things and look how it goes.

    Maybe an option to block non-kiwi connections from non-local networks would be a possibility, but it's not a severe issue at the moment.

    Ah well that works. Let's see how long they try.

    API: non-Kiwi app was denied connection


  • HB9TMCHB9TMC

    And they're gone. I wonder if they show up on other kiwis.

    We have a great aurora show here in southern Switzerland this evening btw.

  • HB9TMCHB9TMC

    So, they keep trying. It does have become a bit of an annoyance.

    I don't want to disable non-kiwi connections permanently, because they're required for example for TDoA.

    I've masked the frequencies to which they're listening to. Since then, they disconnect after 3 minutes. Which means they are actively decoding data. But they still try several times every day, each time from a new IP address/network, more than hundred so far.

    If there's a simple solution to prevent that, it would be nice, otherwise i'll just sit it out.

    May 18 02:03:11 kiwid[746]: 1d:04:04:03.463 0.234567 0        PWD new connection --------------------------------------------------------
May 18 02:03:11 kiwid[746]: 1d:04:04:03.468 0.234567 0        PWD kiwi SND ALLOWED: no user password set, so allow connection from 185.188.255.x
May 18 02:03:12 kiwid[746]: 1d:04:04:04.301 0.234567 0        13351.00 kHz  iq z0  "kiwi_nc.py" 185.188.255.x (ARRIVED)
May 18 02:03:20 kiwid[746]: 1d:04:04:13.076 0.234567 0        API: TRIG=F SND(T3) f_kHz=13351.001 freq_trig=0 hasDelimiter=1 z=0
May 18 02:03:29 kiwid[746]: 1d:04:04:22.094 0.234567 0        GEOLOC: 185.188.255.x sent no geoloc info, we got "London, United Kingdom" from geo host #0
May 18 02:06:08 kiwid[746]: 1d:04:07:00.235 ..234567 0        13351.00 kHz  iq z0  "kiwi_nc.py" 185.188.255.x London, United Kingdom (LEAVING after 0:02:57)
May 18 02:06:14 kiwid[746]: 1d:04:07:06.485 0.234567 0        PWD new connection --------------------------------------------------------
May 18 02:06:14 kiwid[746]: 1d:04:07:06.490 0.234567 0        PWD kiwi SND ALLOWED: no user password set, so allow connection from 185.126.74.y
May 18 02:06:17 kiwid[746]: 1d:04:07:09.233 0.234567 0        13351.00 kHz  iq z0  "kiwi_nc.py" 185.126.74.y (ARRIVED)
May 18 02:06:23 kiwid[746]: 1d:04:07:16.074 0.234567 0        API: TRIG=F SND(T3) f_kHz=13351.001 freq_trig=0 hasDelimiter=1 z=0
May 18 02:06:29 kiwid[746]: 1d:04:07:22.098 0.234567 0        GEOLOC: 185.126.74.y sent no geoloc info, we got "Newark, New Jersey, USA" from geo host #0
May 18 02:09:08 kiwid[746]: 1d:04:10:00.470 ..234567 0        13351.00 kHz  iq z0  "kiwi_nc.py" 185.126.74.y Newark, New Jersey, USA (LEAVING after 0:02:54)

    (replaced parts of the IP with x/y for GDPR reasons 🙄)

Sign In or Register to comment.