CQ-Contest
[Top] [All Lists]

Re: [CQ-Contest] AA3B Fake Spots

To: CQ-CONTEST@contesting.com
Subject: Re: [CQ-Contest] AA3B Fake Spots
From: JP <jp@ezoom.net>
Date: Tue, 29 Oct 2024 19:50:48 -0700
List-post: <mailto:cq-contest@contesting.com>
Gee I wonder what would have prompted this behavior. 



> On Oct 29, 2024, at 7:43 PM, aa3b.bud@gmail.com wrote:
> 
> Here are the forensics on the fake spots sent to the DX Cluster during 2024
> CQ WW SSB contest by someone using the callsign AA3B.  I am sharing this
> information so that DX Cluster node owners are aware of the attack signature
> and can hopefully take actions to prevent future occurrences.
> 
> 
> 
> Period: 10/26/2024 20:34 UTC to 10/27/2024 02:29 UTC
> 
> Duration: 5.9 hours
> 
> Quantity of fake spots: 969
> 
> Rate of fake spots: 164 spots / hour or 2.7 spots / minute
> 
> 
> 
> The rate of fake spots indicates they were created by an automated system.
> The automated system ingested real spots, corrupted them, and then sent the
> bogus spot to the DX cluster.  Here are examples of the typical sequence:
> 
> 
> 
>                  QRG          Call          Time
> Spotter
> 
> Real:       21347      P40W      10/26/2024 2050                N8FRJ
> 
> Bogus:   21347      P4OW     10/26/2024 2050                 AA3B
> 
> 
> 
> Real:      14290.3     8P5A      10/26/2024 2052                DL5JS
> 
> Bogus:  14290.3     AP5A      10/26/2024 2052                AA3B
> 
> 
> 
> The first fake spot was of 9N3L which was a busted version of the call I
> used during the contest - NN3L.   This initial spot came from IP address
> 101.37.12.43.  The remaining 968 spots all came from IP address
> 31.170.22.127.  An internet search of these two IP addresses indicates that
> they are known to the be source of SPAM and brute force attacks.
> 
> 
> 
> I have no doubt that the attack was orchestrated by the same individual that
> harassed me during the 2024 WPX CW and WAE CW contests.
> 
> 
> 
> 73,
> 
> 
> 
> Bud AA3B
> 
> 
> 
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest@contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest

_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
<Prev in Thread] Current Thread [Next in Thread>