Here are the forensics on the fake spots sent to the DX Cluster during 2024
CQ WW SSB contest by someone using the callsign AA3B. I am sharing this
information so that DX Cluster node owners are aware of the attack signature
and can hopefully take actions to prevent future occurrences.
Period: 10/26/2024 20:34 UTC to 10/27/2024 02:29 UTC
Duration: 5.9 hours
Quantity of fake spots: 969
Rate of fake spots: 164 spots / hour or 2.7 spots / minute
The rate of fake spots indicates they were created by an automated system.
The automated system ingested real spots, corrupted them, and then sent the
bogus spot to the DX cluster. Here are examples of the typical sequence:
QRG Call Time
Spotter
Real: 21347 P40W 10/26/2024 2050 N8FRJ
Bogus: 21347 P4OW 10/26/2024 2050 AA3B
Real: 14290.3 8P5A 10/26/2024 2052 DL5JS
Bogus: 14290.3 AP5A 10/26/2024 2052 AA3B
The first fake spot was of 9N3L which was a busted version of the call I
used during the contest - NN3L. This initial spot came from IP address
101.37.12.43. The remaining 968 spots all came from IP address
31.170.22.127. An internet search of these two IP addresses indicates that
they are known to the be source of SPAM and brute force attacks.
I have no doubt that the attack was orchestrated by the same individual that
harassed me during the 2024 WPX CW and WAE CW contests.
73,
Bud AA3B
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|