[CQ-Contest] AA3B Fake Spots

aa3b.bud at gmail.com aa3b.bud at gmail.com
Tue Oct 29 18:36:31 EDT 2024


Here are the forensics on the fake spots sent to the DX Cluster during 2024
CQ WW SSB contest by someone using the callsign AA3B.  I am sharing this
information so that DX Cluster node owners are aware of the attack signature
and can hopefully take actions to prevent future occurrences.

 

Period: 10/26/2024 20:34 UTC to 10/27/2024 02:29 UTC

Duration: 5.9 hours

Quantity of fake spots: 969

Rate of fake spots: 164 spots / hour or 2.7 spots / minute

 

The rate of fake spots indicates they were created by an automated system.
The automated system ingested real spots, corrupted them, and then sent the
bogus spot to the DX cluster.  Here are examples of the typical sequence:

 

                  QRG          Call          Time
Spotter

Real:       21347      P40W      10/26/2024 2050                N8FRJ

Bogus:   21347      P4OW     10/26/2024 2050                 AA3B

 

Real:      14290.3     8P5A      10/26/2024 2052                DL5JS

Bogus:  14290.3     AP5A      10/26/2024 2052                AA3B

 

The first fake spot was of 9N3L which was a busted version of the call I
used during the contest - NN3L.   This initial spot came from IP address
101.37.12.43.  The remaining 968 spots all came from IP address
31.170.22.127.  An internet search of these two IP addresses indicates that
they are known to the be source of SPAM and brute force attacks.

 

I have no doubt that the attack was orchestrated by the same individual that
harassed me during the 2024 WPX CW and WAE CW contests.

 

73,

 

Bud AA3B

 



More information about the CQ-Contest mailing list