44net October 2013

44net@mailman.ampr.org

38 participants
33 discussions

Re: [44net] Raspberry Pi
by Assi Friedman 22 Oct '13

22 Oct '13

Don't buy crappy SD cards - i.e. PNY. That is especially true in an application where it's used 24/7 as a solid state drive. Wear leveling in flash is very important and crappy flash won't endure. Assi Kk7kx.ampr.org -----Original Message----- From: 44net-bounces+assi=kiloxray.com(a)hamradio.ucsd.edu [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of kb9mwr(a)gmail.com Sent: Tuesday, October 22, 2013 8:59 AM To: 44net(a)hamradio.ucsd.edu Subject: Re: [44net] Raspberry Pi (Please trim inclusions from previous messages) _______________________________________________ It's funny how you though going away from a moving disk hard-drive would be a good thing. Anyway here are my experiences. I have several Pi's in use. I have had a lot of head aches with PNY SD Cards. They go bad in rather short order. I have had a few Sandisk cards that have been in use just over a year. I have yet to have a problem with Sandisk. _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html

9 9

DNS A Records Missing
by lleachii＠aol.com 22 Oct '13

22 Oct '13

All, I noticed that all of my DNS A records recently dissappeared. Has this occured to anyone else? At this time, my AMPR services are only rechable by IP address. The CNAME records in the DNS still exist; but most point to the missing ampr.org. A records: kb3vwg-001.ampr.org (44.60.44.1) kb3vwg-002.ampr.org (.2) kb3vwg-003.ampr.org (.3) kb3vwg-006.ampr.org (.6) kb3vwg-007.ampr.org (.7) kb3vwg-010.ampr.org (.10) kb3vwg-011.ampr.org (.11) kb3vwg-012.ampr.org (.12) -Lynwood KB3VWG

2 2

Re: [44net] Raspberry Pi
by kb9mwr＠gmail.com 22 Oct '13

22 Oct '13

It's funny how you though going away from a moving disk hard-drive would be a good thing. Anyway here are my experiences. I have several Pi's in use. I have had a lot of head aches with PNY SD Cards. They go bad in rather short order. I have had a few Sandisk cards that have been in use just over a year. I have yet to have a problem with Sandisk.

1 0

Portal
by Brian Rogers 17 Oct '13

17 Oct '13

Can anyone else get to the portal? It isn't coming up for me. -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

12 19

net-44 source address spoofing?
by Rob Janssen 15 Oct '13

15 Oct '13

Recently I have been tracing the tunnel traffic a bit to investigate a strange situation. Sometimes I got unsolicited ping replies on the NET screen. It appears that sometimes a ping reply is received without any ping having been sent. Users of Windows or Linux ping will never notice this, because there is a special application that sends a ping with unique ID and then listens for replies with the same ID and prints them. However, NET (written in the days when the network still was a friendly place) just uses a timestamp as the ID, sends the ping, and forgets about it. It continously listens for incoming ping replies and when one arrives, it prints it to the console with a roundtriptime calculated from the current timestamp and whatever happens to be in the ID field of the reply. Thus nonsense ping replies are printed. This happened here one to several times a day. So I put a statefull firewall (Linux iptables) in front of NET, and studied the logs a bit. The firewall is (partly) like this: iptables -A netwall -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A netwall -p icmp --icmp-type 8 -j ACCEPT iptables -A netwall -p icmp -j LOGDROP So it accepts all icmp related to ongoing traffic, it accepts incoming ping requests and logs and drops everything else (LOGDROP is a target that does a LOG and a DROP) Now it becomes apparent that the bogus ping replies are not the only thing that is going on. There is a regular flow if incoming "destination unreachable" ICMP replies that refer to connections that I never made. I also enabled some logging for unsolicited TCP replies and there are SYN ACK and RST replies as well. Apparently my 44-addresses are used as spoofed source addresses by other people. Do other users notice this? I presume it is done by a DDOS tool or similar, but the rate at which I receive this traffic (maybe 10 packets an hour) does not make it likely that they use only my address. However, I have not seen this effect on my public addresses, so probably they don't use random addresses. Maybe they use the entire net-44 space? In that case there should be an awful amount of ICMP type 3 and TCP RST traffice coming in at amprgw... (my space is only one millionth of the total) Another unrelated question: a lot of you likely have an amsat.org address. Do you also see the endless stream of Korean spam? From the headers it looks like it is sent to many different amsat.org users. It has been ongoing here for many years, some 20 messages a day. These guys are very persistent. (of course it is easily filtered) Rob

3 2

Re: [44net] net-44 source address spoofing?
by Bryan Fields 13 Oct '13

13 Oct '13

On 10/13/13 5:10 PM, Brian Kantor wrote: > The background noise is one of the reasons why amprgw only lets traffic through > for hosts registered in the AMPR.ORG DNS. People with directly-connected > subnets will have to deal with it on their own; background noise is one of > the facts of Internet life. > - Brian Really everyone should run a firewall or at least some ACL's regardless. Leaving yourself open to 44/8 is not a good idea. However if your OS is well written and secure there is not any risk to the background noise hurting it. If it's a win2k box that's not been patched, god help you :) -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

1 0

Re: [44net] net-44 source address spoofing?
by Rob Janssen 13 Oct '13

13 Oct '13

> Subject: > Re: [44net] net-44 source address spoofing? > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 10/13/2013 08:20 PM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > Hi Rob, > > I also get a some strange unrelated traffic: ping replies, SYN-ACK on > various ports, pings and SYN targeted to random IPs on my subnets. > So nothing new here. > I studied the source addresses for some time: china, russia, and alot of > "this IP range is really wold wide" according to RIPE. > Since they achieve nothing, I choose to ignore them, along with some tight > stateful firewall rules. > > Marius, YO2LOJ > Yes, it is required to have a firewall in front of everything these days... Of course I always firewalled malicious attempts to make incoming connects to my systems, this unrelated traffic usually does no real harm. It was only the ping replies that triggered me to look what was really happening. It is unfortunate that the amprgw has to carry all that unnecessary traffic... (and the amsat.org mailserver as well. the vast majority of what I receive is discarded immediately as spam, mostly Korean. And I cannot even read Korean) Rob

2 1

Re: [44net] net-44 source address spoofing?
by lleachii＠aol.com 13 Oct '13

13 Oct '13

I've also noticed the strange traffic and am working on discovering its origins. This is common and should be expected on any public IP address. It's mostly pings and attempts to seek vunerable machines accessable by Remote Desktop Protocol. 73, -Lynwood KB3VWG

1 0

Fwd: [nos-bbs] encap.txt
by Don Moore 12 Oct '13

12 Oct '13

---------- Forwarded message ---------- From: Don Moore <ve3zda(a)gmail.com> Date: Sat, Oct 12, 2013 at 4:20 PM Subject: Fwd: [nos-bbs] encap.txt To: gw <gateways(a)ampr-gateways.org>, gateways(a)ampr.org ---------- Forwarded message ---------- From: Don Moore <ve3zda(a)gmail.com> Date: Sat, Oct 12, 2013 at 4:14 PM Subject: Re: [nos-bbs] encap.txt To: TAPR xNOS Mailing List <nos-bbs(a)tapr.org> Hi Dave, let me know what the address is and I can input it into jnos for now.. 73, Don On Sat, Oct 12, 2013 at 2:41 PM, Michael E. Fox - N6MEF <n6mef(a)mefox.org>wrote: > I certainly hope so. There are a bunch of us that use encap.txt instead > of the RIP process.**** > > ** ** > > M**** > > ** ** > > *From:* nos-bbs-bounces(a)tapr.org [mailto:nos-bbs-bounces@tapr.org] *On > Behalf Of *Wars > *Sent:* Saturday, October 12, 2013 11:14 AM > > *To:* TAPR xNOS Mailing List > *Subject:* Re: [nos-bbs] encap.txt**** > > ** ** > > Hi Don,**** > > I do not know if anyone is going to fix the encap.txt file. **** > > My IP address changed and without a new encap.txt file I can only use the > RF with my JNOS. **** > > ** ** > > 73 Dave wa8rsa**** > > ** ** > > ** ** > > > > **** > > ** ** > > Dave**** > > Cell : 616-836-1214**** > > Sent from my iPhone**** > > > On Oct 12, 2013, at 2:01 PM, Don Moore <ve3zda(a)gmail.com> wrote:**** > > thanks for the info, do you know if it's being fixed?**** > > ** ** > > On Sat, Oct 12, 2013 at 11:54 AM, wa8rsa <wa8rsa(a)charter.net> wrote:**** > > Don,**** > > **** > > You are correct. The encap.txt file is out of date.**** > > **** > > 73 Dave wa8rsa**** > > **** > ------------------------------ > > *From:* nos-bbs-bounces(a)tapr.org [mailto:nos-bbs-bounces@tapr.org] *On > Behalf Of *Don Moore > *Sent:* Saturday, October 12, 2013 7:03 AM > *To:* TAPR xNOS Mailing List > *Subject:* [nos-bbs] encap.txt**** > > **** > > Have those of us not using the RIP process noticed that the encap.txt file > is not updating or is it my problem?**** > > I went so far as to check the gateway file and it too appears to be out of > date...**** > > 73, Don - ve3zda**** > > > > > > > ======= > Email scanned by PC Tools - No viruses or spyware found. > (Email Guard: 9.1.0.2900, Virus/Spyware Database: 6.21600) > http://www.pctools.com<http://www.pctools.com/?cclick=EmailFooterClean_51> > ======= **** > > > > > > > ======= > Email scanned by PC Tools - No viruses or spyware found. > (Email Guard: 9.1.0.2900, Virus/Spyware Database: 6.21600) > http://www.pctools.com<http://www.pctools.com/?cclick=EmailFooterClean_51> > ======= **** > > > _______________________________________________ > nos-bbs mailing list > nos-bbs(a)tapr.org > http://www.tapr.org/mailman/listinfo/nos-bbs**** > > ** ** > > _______________________________________________ > nos-bbs mailing list > nos-bbs(a)tapr.org > http://www.tapr.org/mailman/listinfo/nos-bbs**** > > > _______________________________________________ > nos-bbs mailing list > nos-bbs(a)tapr.org > http://www.tapr.org/mailman/listinfo/nos-bbs > >

2 1

Re: [44net] Announcement: ampr-ripd new version 1.6
by Rob Janssen 11 Oct '13

11 Oct '13

> Subject: > [44net] Announcement: ampr-ripd new version 1.6 > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 10/10/2013 09:22 PM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > Hello XYLs and OMs, > > The modified version of ampr-ripd according to Rob's sugestion to use > MCAST_JOIN_GROUP and be interface specific is available for download at > atwww.yo2loj.ro under hamprojects. > > Direct links: > http://yo2tm.ampr.org/hamprojects/ampr-ripd-1.6.tgz > http://www.yo2loj.ro/hamprojects/ampr-ripd-1.6.tgz > > Download, compile and have fun. > > Marius, YO2LOJ Thank you Marius! I compiled and installed it, and it works OK in my environment even when I have two interfaces with the same address. It assigned the multicast group to the correct interface and it receives the multicast OK. Finally this hair-pulling about "why doesn't this work???" is finished! Rob

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net October 2013