Gee I wonder what would have prompted this behavior.
> On Oct 29, 2024, at 7:43 PM, aa3b.bud@gmail.com wrote:
>
> Here are the forensics on the fake spots sent to the DX Cluster during 2024
> CQ WW SSB contest by someone using the callsign AA3B. I am sharing this
> information so that DX Cluster node owners are aware of the attack signature
> and can hopefully take actions to prevent future occurrences.
>
>
>
> Period: 10/26/2024 20:34 UTC to 10/27/2024 02:29 UTC
>
> Duration: 5.9 hours
>
> Quantity of fake spots: 969
>
> Rate of fake spots: 164 spots / hour or 2.7 spots / minute
>
>
>
> The rate of fake spots indicates they were created by an automated system.
> The automated system ingested real spots, corrupted them, and then sent the
> bogus spot to the DX cluster. Here are examples of the typical sequence:
>
>
>
> QRG Call Time
> Spotter
>
> Real: 21347 P40W 10/26/2024 2050 N8FRJ
>
> Bogus: 21347 P4OW 10/26/2024 2050 AA3B
>
>
>
> Real: 14290.3 8P5A 10/26/2024 2052 DL5JS
>
> Bogus: 14290.3 AP5A 10/26/2024 2052 AA3B
>
>
>
> The first fake spot was of 9N3L which was a busted version of the call I
> used during the contest - NN3L. This initial spot came from IP address
> 101.37.12.43. The remaining 968 spots all came from IP address
> 31.170.22.127. An internet search of these two IP addresses indicates that
> they are known to the be source of SPAM and brute force attacks.
>
>
>
> I have no doubt that the attack was orchestrated by the same individual that
> harassed me during the 2024 WPX CW and WAE CW contests.
>
>
>
> 73,
>
>
>
> Bud AA3B
>
>
>
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest@contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|