[Dxspider-support] Further analysis of fake spots

Kirill Ryabov r5acq at mail.ru
Wed Feb 26 12:34:39 GMT 2025 

Here are more and it looks like these IPs are real and from the 
countries of the spotter. But spotters not on DO5SSB-2 node.


26Feb2025 at 10:52:15 (*) PCPROT: Bad Spot 3Z100IARU on 18125.0 by 
G0DEF(86.18.176.21)@DO5SSB-2 User G0DEF not on node DO5SSB-2, DUMPED via 
RW3XA-8 27 hops
26Feb2025 at 11:07:02 (*) PCPROT: Bad Spot R9YDC on 28448.0 by 
IW3INO(158.47.242.148)@DO5SSB-2 User IW3INO not on node DO5SSB-2, DUMPED 
via N2WQ-1 26 hops
26Feb2025 at 11:12:56 (*) PCPROT: Bad Spot CT9/DK7YY on 24940.0 by 
HB9CVE(46.127.144.149)@DO5SSB-2 User HB9CVE not on nodeDO5SSB-2, DUMPED 
via RW3XA-8 25 hops
26Feb2025 at 11:13:34 (*) PCPROT: Bad Spot VK9XU on 10133.0 by 
RO9O(212.15.62.218)@DO5SSB-2 User RO9O not on node DO5SSB-2, DUMPED via 
RW3XA-8 25 hops
26Feb2025 at 11:20:20 (*) PCPROT: Bad Spot GI0CWV on 28485.0 by 
9A6BMT(109.60.70.233)@DO5SSB-2 User 9A6BMT not on node DO5SSB-2, DUMPED 
via RW3XA-8 27 hops
26Feb2025 at 11:31:40 (*) PCPROT: Bad Spot DD1HV on 18135.0 by 
G0DEF(86.18.176.21)@DO5SSB-2 User G0DEF not on node DO5SSB-2, DUMPED via 
RW3XA-8 25 hops
26Feb2025 at 11:41:57 (*) PCPROT: Bad Spot VK9XU on 14210.0 by 
JH0OQZ(14.8.114.96)@DO5SSB-2 User JH0OQZ not on node DO5SSB-2, DUMPED 
via SV5FRI-1 27 hops
26Feb2025 at 11:59:28 (*) PCPROT: Bad Spot G7NUT on 14074.6 by 
F4BJN(79.92.250.148)@DO5SSB-2 User F4BJN not on node DO5SSB-2, DUMPED 
via RW3XA-8 27 hops
26Feb2025 at 11:59:55 (*) PCPROT: Bad Spot NK9NLD on 28475.0 by 
HA7DF(145.236.161.131)@DO5SSB-2 User HA7DF not on node DO5SSB-2, DUMPED 
via RW3XA-8 25 hops
26Feb2025 at 12:10:59 (*) PCPROT: Bad Spot M7GJO on 14076.0 by 
F4BJN(79.92.250.148)@DO5SSB-2 User F4BJN not on node DO5SSB-2, DUMPED 
via RW3XA-8 25 hops
26Feb2025 at 12:11:32 (*) PCPROT: Bad Spot GM3RIC on 18135.0 by 
IZ1HHT(213.45.237.111)@DO5SSB-2 User IZ1HHT not on node DO5SSB-2, DUMPED 
via RW3XA-8 26 hops
26Feb2025 at 12:13:40 (*) PCPROT: Bad Spot EA4HPY on 28514.0 by 
HA7DF(145.236.161.131)@DO5SSB-2 User HA7DF not on node DO5SSB-2, DUMPED 
via RW3XA-8 25


Kirill
R5ACQ

25.02.2025 20:44, Gregor Surmann via Dxspider-support пишет:
> Hello guys!
>
> I have found some interesting stuff. I was seeking for the 
> information, if my SSID/Call was forged. Yes, it was:
>
> sysop at dxspider:~$ grepdbg "bad spot" | grep -i do5ssb
> 21Feb2025 at 13:03:32 (*) PCPROT: Bad Spot HF95PZK on 21074.0 by 
> SP2MKI(150.102.129.109)@DO5SSB-2 User SP2MKI not on node DO5SSB-2 via 
> F3KT-3 25 hops
>
> sysop at dxspider:~$ grepdbg HF95PZK | grep -i SP2MKI
> 21Feb2025 at 05:53:38 (*) PCPROT: Bad Spot HF95PZK on 3573.0 by 
> SP2MKI(81.89.113.246)@JG1VGX-8 User SP2MKI not on node JG1VGX-8 via 
> ON4KST-2 28 hops
> 21Feb2025 at 05:53:38 (progress) SPOT: HF95PZK on 3573.0 @ 0553Z by 
> SP2MKI(81.89.113.246)@JG1VGX-8 '95th PZK - 100th IARU FT8' route: 
> ON4KST-2
> 21Feb2025 at 06:47:40 (*) PCPROT: Bad Spot HF95PZK on 7074.0 by 
> SP2MKI(145.89.214.218)@ON4KST-2 User SP2MKI not on node ON4KST-2 via 
> ON4KST-2 28 hops
> 21Feb2025 at 06:47:40 (progress) SPOT: HF95PZK on 7074.0 @ 0647Z by 
> SP2MKI(145.89.214.218)@ON4KST-2 'ft8 95th PZK - 100th IARU' route: 
> ON4KST-2
> 21Feb2025 at 08:48:22 (*) PCPROT: Bad Spot HF95PZK on 7047.0 by 
> SP2MKI(54.225.51.18)@EA4FIT-2 User SP2MKI not on node EA4FIT-2 via 
> ON4KST-2 28 hops
> 21Feb2025 at 08:48:22 (progress) SPOT: HF95PZK on 7047.0 @ 0848Z by 
> SP2MKI(54.225.51.18)@EA4FIT-2 '95th PZK - 100th IARU FT4' route: ON4KST-2
> 21Feb2025 at 09:10:13 (*) PCPROT: Bad Spot HF95PZK on 14080.0 by 
> SP2MKI(36.134.227.136)@IV3SCP-6 User SP2MKI not on node IV3SCP-6 via 
> F6KVP-3 26 hops
> [...more...spots...]
> 21Feb2025 at 22:44:41 (*) PCPROT: Bad Spot HF95PZK on 7047.0 by 
> SP2MKI(59.181.166.39)@SM7IUN-3 User SP2MKI not on node SM7IUN-3 via 
> ON4KST-2 28 hops
>
> sysop at dxspider:~$ grepdbg 150.102.129.109
> sysop at dxspider:~$
>
> So, there was never a user with the IP 150.102.129.109 here, but the 
> spot originated at DO5SSB-2, strange.
>
> This means, that someone is injecting packets at some point in the 
> network, without being on the node itself, not before, not while and 
> not after the spot.
>
> Or, maybe the famous VE7CC-1 is doing nasty stuff?
>
> All of the IPs do exist in the global BGP routing, many of them are in 
> AWS or other data centers.
>
> But probably none of the IPs are from the countries the callsign is in.
>
> So, either someone is using the clusters and faking spots, or someone 
> is injecting PC messages somewhere.
>
> 73 de Gregor, DO5SSB
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

More information about the Dxspider-support mailing list