Good afternoon,
It would see that 44.133.48.66 is popping, snmpding, and other
amounts of traffic from time to time to various ampr.org systems
and doing so *without warning* type of thing. I just got hit with
a bunch of SNMP requests, others have been hit with POP requests.
Can anyone find out who the owner of that particular system or
network is, so that I can contact the entity or person.
Or perhaps a bit more draconian, can someone deal with it.
Thanks in advance.
Maiko Langelaar
VE4KLM
Marc, LX1DUC,
Per Brian in a Jan 22 note:
44.0.0.1 responds to pings received from the Internet. It does not
respond to pings coming into it over an encap connection to it, for
some reason that I've not been able to figure out. I believe it to
be a difficulty in getting it to recognize decapped pings.
If you are receiving the rip44 announcements, you have properly
configured your tunnel to receive IP-in-IP encapsulation from 44.0.0.1.
Feel free to use:
http://44.60.44.10/tools
or
http://kb3vwg-010.ampr.org/tools
I see your encap as:
44.161.202.0 via 46.29.183.253 dev tunl0 onlink window 840
44.161.203.0 via 46.29.183.253 dev tunl0 onlink window 840
44.161.229.0 via 46.29.183.253 dev tunl0 onlink window 840
Also, I am unable to ping 44.161.229.126. What script/configuration did
you use to enable your tunnel; did you specify a local or remote IP
(un-needed)? Feel free to look at my script at http://44.60.44.13/startampr
73,
Lynwood
KB3VWG
POL: Potrzebuje pomocy.
Jak modem podłączę pod ttyS0 (iobase 3f8 irq 4) na płycie głównej modem
działa idealnie nadaje
i odbiera. A jak podłączę go do ttyS1 (iobase 2400 irq 177) na karcie I/O
to tylko odbiera nie
chce nadawać
ENG: I need help.
How do I plug the modem into ttyS0 (iobase 3f8 irq 4) on the main board
modem works perfectly
transmits and receives. And when I connect it to ttyS1 (iobase 2400 irq
177) on the I/O just
does not want to give answers
------
POL: Mam komputer z 2 modemami Baycom
Linux CentOS 5, Kernel 2.6.18-274.18.1.el5ax25.2,
używam sterownik: baycom_ser_fdx
ENG: I have a computer with two modems Baycom
Linux CentOS 5 Kernel 2.6.18-274.18.1.el5ax25.2,
I use the driver: baycom_ser_fdx
------
POL: Używam modemów Baycom, podłączone do karty I/O PCI
Modemy tylko odbierają (Rx) ale nie nadają (not Tx)
ENG: I use Baycom modems, connected to the I/O PCI
Modems only receive (Rx), but does not transmit (Tx not)
------
POL: A to konfiguracja karty I/O z komendy: lspci -vvv
ENG: And this is the configuration I/O card with the command: lspci-vvv
Serial controller: Device 4348:3253 (rev 10) (prog-if 02 [16550])
Subsystem: Device 4348:3253
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 177
Region 0: I/O ports at 2400 [size=8]
Region 1: I/O ports at 2000 [size=8]
Kernel driver in use: serial
------
ttyS0, iobase: 0x03f8, irq: 4 (mainboard)
ttyS1, iobase: 0x2400, irq: 177 (Card I/O)
ttyS2, iobase: 0x2000, irq: 177 (Card I/O)
------
baycom_ser_fdx: version 0.10 compiled
hdlcdrv: version 0.8 compiled
POL: Może ktoś mi powie dlaczego na ttyS0 działa idealnie a na karcie I/O tylko
odbiera ....
Gdzie mam błąd. Może w baycom_ser_fdx.c ???
ENG: Can someone tell me why the ttyS0 works perfectly and on the I/O only ....
Where do I receive an error. Maybe baycom_ser_fdx.c???
--
73 de Janusz / SP1LOP
===== Janusz J. Przybylski, SP1LOP ==================
Poland AMPRNet Co-ordinator [44.165/16] from Mar 2003
=====================================================
Hi,
The AMPRNet might be more useful if it had:
(1) more services which would be interesting to hams
(2) more access to the AMPRNet
Tonight I tried to attack (2) a bit. Access to the AMPRNet over the
Internet could maybe be made easier to hams by allowing them to connect
over VPNs instead of setting up their own IPIP tunnels at home, or trying
to find a working radio gateway. After getting a VPN running it might be
easier for them to set up a radio gateway, or some services. As discussed
on the other mailing list, VPNs are easier to get up on NATed residential
networks than IPIP tunnels.
Setting up VPN user accounts and maintaining them can be a pain. It
doesn't take a lot of weekly or monthly maintenance work to run a VPN
service, but it can be a major pain to manage an user account database for
thousands of hams and check if your users around the Internet are, in
fact, licensed.
It turns out that ARRL's Logbook of the World has already given out
cryptographic X.509 certificates to 57334 amateur users, after verifying
their license status against the FCC database (they send a postcard with a
random token code to the FCC-listed snail-mail address to make sure they
give the certificate to the right guy) or after looking at a paper
photocopy of a license + a photo ID. I had to physically mail in a photo
of my ham license and my driver's license and wait a couple weeks to get
the cert. If they can get 50k contesters and DXers to work with
certificates, maybe certs can work for the AMPRnet, too.
Technically, we can validate if a VPN user is in possession of one of
those certificates and the respective private key. Politically, K4JH asked
the ARRL guys, and they said that they don't mind if we use them for other
ham authentication needs. We can start accepting other CAs too once they
come around. I plan to help SRAL, the Finnish amateur radio union, to set
up a CA within their web site (they already have user accounts for
members). I know ARRL isn't for everyone, but smaller clubs could set up
CAs too, or even commercial entities - as long as we trust them to do the
license validation in a proper manner.
Tonight I hacked up an OpenVPN setup which authenticates users with LoTW
certs, and wrote a little documentation:
http://wiki.ampr.org/index.php/AMPRNet_VPN
What do you think? Technically, it seems to work - try it out if you like.
It's not very straightforward to set up, but the license validation is
pretty strong, and running the service shouldn't be a lot of work. There
can be many VPN servers around the world, serving the whole customer base
(VPN servers do not need access to any central user database, they just
need the certificates of the trusted CAs). With a little Dynamic DNS
magic, you could get a oh7lzb.vpn.ampr.org hostname on DNS within a few
seconds after connecting (I've got code for that in another project).
(Yes, eventually certificates need to be revoked after they accidentally
get into wrong hands, or ham licenses are revoked. Technically that can be
done using CRLs and/or OCSP, but ARRL apparently does not do those yet.
Maybe they will, if the need arises. We can also set up a blocked
certificates list of our own.)
- Hessu, OH7LZB
It's been a while since I encountered this problem I have forgotten the
fix. My JNOS has stopped populating routes broadcast by the rip server.
I've verified that I am receiving the broadcasts through tun0 and there
have been no changes to my autoexec.nos file in a long time. I think
routing via rip stopped sometime within the past few days. Any ideas ?
tx ~Ken
...I have my machine all set up to route packets through my local gateway(I
was originally going to tinker with high speed mesh networks but an
equipment supplier let me down) and I got thinking: what kind of services
are intended to run over the new improved 44net? I've being lurking, and I
see are discussions on VPNs, routing and stuff but nothing higher up the
stack.
Web servers? Twitter-like services? Bulletin boards? POP3? What can we *do*
with it?
Please forgive me for asking this question! I get the feeling everyone else
is up to speed except me!
73
de Matt M0ZAI
Well I don't know what to tell you. I should really try DD-WRT on
other hardware to see if it behaves differently (I can't imagine so)
I have the standard dd-wrt build, Firmware: DD-WRT v24-sp2 (08/07/10)
std on a Ubiquiti Router Station pro.
With two terminals open on my linux server, one running rip44d -v and
the other running tcpdump, and an entry in the portal, I see nothing.
Shortly after I enable DMZ, set to 192.168.1.100 (my linux servers
inside address) I see them.
I logged into the DD-WRT terminal and ran iptables -L, before and
after enabling DMZ in the GUI to see what it changes.
the magic appears to be this line:
target prot opt source destination
ACCEPT 0 -- anywhere 192.168.1.100
This is under the Chain FORWARD (policy ACCEPT)
That line is absent without DMZ enabled.
I have no rules that specify a broadcast address. That is really the
only way I can imagine IPIP reaching a machine on the inside of a
network, without a specific forwarding rule directing it to a specific
inside IP address.
Lynwood, could you share a dump of your iptables -L (sanitize as needed)
Curiosity has the best of me at this point.
Steve, KB9MWR
Lynwood,
Thanks for the info. It must have something to do with the mega
version of DD-WRT that you are using. I am using the standard
version, and it does not pass, even with the VPN passthough options
enabled.
I see the mega version has IPV6 support. Since that is usually
tunneled, I suspect that is what makes it work for you.
-
Question for anyone. Is there anyway to use the ampr.org name service
as a dynamic dns?
For my IPIP gateway, and other ham radio related things, I have have
been using dyn.com to provide a dynamic dns name.
With the new http://dyn.com update policy,, makes me think the ham
community could use a dynamic dns of their own.. anyone?
