Don't buy crappy SD cards - i.e. PNY. That is especially true in an
application where it's used 24/7 as a solid state drive. Wear leveling in
flash is very important and crappy flash won't endure.
Assi
Kk7kx.ampr.org
-----Original Message-----
From: 44net-bounces+assi=kiloxray.com(a)hamradio.ucsd.edu
[mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of
kb9mwr(a)gmail.com
Sent: Tuesday, October 22, 2013 8:59 AM
To: 44net(a)hamradio.ucsd.edu
Subject: Re: [44net] Raspberry Pi
(Please trim inclusions from previous messages)
_______________________________________________
It's funny how you though going away from a moving disk hard-drive would be
a good thing.
Anyway here are my experiences. I have several Pi's in use. I have had a
lot of head aches with PNY SD Cards. They go bad in rather short order. I
have had a few Sandisk cards that have been in use just over a year. I have
yet to have a problem with Sandisk.
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44nethttp://www.ampr.org/donate.html
It's funny how you though going away from a moving disk hard-drive
would be a good thing.
Anyway here are my experiences. I have several Pi's in use. I have
had a lot of head aches with PNY SD Cards. They go bad in rather
short order. I have had a few Sandisk cards that have been in use
just over a year. I have yet to have a problem with Sandisk.
Can anyone else get to the portal? It isn't coming up for me.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Recently I have been tracing the tunnel traffic a bit to investigate a strange situation.
Sometimes I got unsolicited ping replies on the NET screen. It appears that sometimes
a ping reply is received without any ping having been sent.
Users of Windows or Linux ping will never notice this, because there is a special
application that sends a ping with unique ID and then listens for replies with the
same ID and prints them.
However, NET (written in the days when the network still was a friendly place)
just uses a timestamp as the ID, sends the ping, and forgets about it. It continously
listens for incoming ping replies and when one arrives, it prints it to the console
with a roundtriptime calculated from the current timestamp and whatever happens
to be in the ID field of the reply. Thus nonsense ping replies are printed.
This happened here one to several times a day.
So I put a statefull firewall (Linux iptables) in front of NET, and studied the logs
a bit. The firewall is (partly) like this:
iptables -A netwall -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A netwall -p icmp --icmp-type 8 -j ACCEPT
iptables -A netwall -p icmp -j LOGDROP
So it accepts all icmp related to ongoing traffic, it accepts incoming ping requests
and logs and drops everything else (LOGDROP is a target that does a LOG and a DROP)
Now it becomes apparent that the bogus ping replies are not the only thing that is
going on. There is a regular flow if incoming "destination unreachable" ICMP replies
that refer to connections that I never made. I also enabled some logging for unsolicited
TCP replies and there are SYN ACK and RST replies as well.
Apparently my 44-addresses are used as spoofed source addresses by other people.
Do other users notice this? I presume it is done by a DDOS tool or similar, but the
rate at which I receive this traffic (maybe 10 packets an hour) does not make it
likely that they use only my address. However, I have not seen this effect on my
public addresses, so probably they don't use random addresses.
Maybe they use the entire net-44 space? In that case there should be an awful
amount of ICMP type 3 and TCP RST traffice coming in at amprgw...
(my space is only one millionth of the total)
Another unrelated question: a lot of you likely have an amsat.org address.
Do you also see the endless stream of Korean spam? From the headers it looks
like it is sent to many different amsat.org users. It has been ongoing here for many
years, some 20 messages a day. These guys are very persistent.
(of course it is easily filtered)
Rob
On 10/13/13 5:10 PM, Brian Kantor wrote:
> The background noise is one of the reasons why amprgw only lets traffic through
> for hosts registered in the AMPR.ORG DNS. People with directly-connected
> subnets will have to deal with it on their own; background noise is one of
> the facts of Internet life.
> - Brian
Really everyone should run a firewall or at least some ACL's regardless.
Leaving yourself open to 44/8 is not a good idea.
However if your OS is well written and secure there is not any risk to the
background noise hurting it. If it's a win2k box that's not been patched, god
help you :)
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
> Subject:
> Re: [44net] net-44 source address spoofing?
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 10/13/2013 08:20 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Hi Rob,
>
> I also get a some strange unrelated traffic: ping replies, SYN-ACK on
> various ports, pings and SYN targeted to random IPs on my subnets.
> So nothing new here.
> I studied the source addresses for some time: china, russia, and alot of
> "this IP range is really wold wide" according to RIPE.
> Since they achieve nothing, I choose to ignore them, along with some tight
> stateful firewall rules.
>
> Marius, YO2LOJ
>
Yes, it is required to have a firewall in front of everything these days...
Of course I always firewalled malicious attempts to make incoming connects to my systems,
this unrelated traffic usually does no real harm. It was only the ping replies that triggered
me to look what was really happening.
It is unfortunate that the amprgw has to carry all that unnecessary traffic...
(and the amsat.org mailserver as well. the vast majority of what I receive is discarded
immediately as spam, mostly Korean. And I cannot even read Korean)
Rob
I've also noticed the strange traffic and am working on discovering its origins. This is common and should be expected on any public IP address.
It's mostly pings and attempts to seek vunerable machines accessable by Remote Desktop Protocol.
73,
-Lynwood
KB3VWG
---------- Forwarded message ----------
From: Don Moore <ve3zda(a)gmail.com>
Date: Sat, Oct 12, 2013 at 4:20 PM
Subject: Fwd: [nos-bbs] encap.txt
To: gw <gateways(a)ampr-gateways.org>, gateways(a)ampr.org
---------- Forwarded message ----------
From: Don Moore <ve3zda(a)gmail.com>
Date: Sat, Oct 12, 2013 at 4:14 PM
Subject: Re: [nos-bbs] encap.txt
To: TAPR xNOS Mailing List <nos-bbs(a)tapr.org>
Hi Dave, let me know what the address is and I can input it into jnos for
now..
73, Don
On Sat, Oct 12, 2013 at 2:41 PM, Michael E. Fox - N6MEF <n6mef(a)mefox.org>wrote:
> I certainly hope so. There are a bunch of us that use encap.txt instead
> of the RIP process.****
>
> ** **
>
> M****
>
> ** **
>
> *From:* nos-bbs-bounces(a)tapr.org [mailto:nos-bbs-bounces@tapr.org] *On
> Behalf Of *Wars
> *Sent:* Saturday, October 12, 2013 11:14 AM
>
> *To:* TAPR xNOS Mailing List
> *Subject:* Re: [nos-bbs] encap.txt****
>
> ** **
>
> Hi Don,****
>
> I do not know if anyone is going to fix the encap.txt file. ****
>
> My IP address changed and without a new encap.txt file I can only use the
> RF with my JNOS. ****
>
> ** **
>
> 73 Dave wa8rsa****
>
> ** **
>
> ** **
>
>
>
> ****
>
> ** **
>
> Dave****
>
> Cell : 616-836-1214****
>
> Sent from my iPhone****
>
>
> On Oct 12, 2013, at 2:01 PM, Don Moore <ve3zda(a)gmail.com> wrote:****
>
> thanks for the info, do you know if it's being fixed?****
>
> ** **
>
> On Sat, Oct 12, 2013 at 11:54 AM, wa8rsa <wa8rsa(a)charter.net> wrote:****
>
> Don,****
>
> ****
>
> You are correct. The encap.txt file is out of date.****
>
> ****
>
> 73 Dave wa8rsa****
>
> ****
> ------------------------------
>
> *From:* nos-bbs-bounces(a)tapr.org [mailto:nos-bbs-bounces@tapr.org] *On
> Behalf Of *Don Moore
> *Sent:* Saturday, October 12, 2013 7:03 AM
> *To:* TAPR xNOS Mailing List
> *Subject:* [nos-bbs] encap.txt****
>
> ****
>
> Have those of us not using the RIP process noticed that the encap.txt file
> is not updating or is it my problem?****
>
> I went so far as to check the gateway file and it too appears to be out of
> date...****
>
> 73, Don - ve3zda****
>
>
>
>
>
>
> =======
> Email scanned by PC Tools - No viruses or spyware found.
> (Email Guard: 9.1.0.2900, Virus/Spyware Database: 6.21600)
> http://www.pctools.com<http://www.pctools.com/?cclick=EmailFooterClean_51>
> ======= ****
>
>
>
>
>
>
> =======
> Email scanned by PC Tools - No viruses or spyware found.
> (Email Guard: 9.1.0.2900, Virus/Spyware Database: 6.21600)
> http://www.pctools.com<http://www.pctools.com/?cclick=EmailFooterClean_51>
> ======= ****
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs(a)tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs****
>
> ** **
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs(a)tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs****
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs(a)tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs
>
>
> Subject:
> [44net] Announcement: ampr-ripd new version 1.6
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 10/10/2013 09:22 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Hello XYLs and OMs,
>
> The modified version of ampr-ripd according to Rob's sugestion to use
> MCAST_JOIN_GROUP and be interface specific is available for download at
> atwww.yo2loj.ro under hamprojects.
>
> Direct links:
> http://yo2tm.ampr.org/hamprojects/ampr-ripd-1.6.tgz
> http://www.yo2loj.ro/hamprojects/ampr-ripd-1.6.tgz
>
> Download, compile and have fun.
>
> Marius, YO2LOJ
Thank you Marius!
I compiled and installed it, and it works OK in my environment even when I have
two interfaces with the same address. It assigned the multicast group to the correct
interface and it receives the multicast OK.
Finally this hair-pulling about "why doesn't this work???" is finished!
Rob
