Good afternoon,
It would see that 44.133.48.66 is popping, snmpding, and other
amounts of traffic from time to time to various ampr.org systems
and doing so *without warning* type of thing. I just got hit with
a bunch of SNMP requests, others have been hit with POP requests.
Can anyone find out who the owner of that particular system or
network is, so that I can contact the entity or person.
Or perhaps a bit more draconian, can someone deal with it.
Thanks in advance.
Maiko Langelaar
VE4KLM
Greetings;
I've noticed recently after doing a package update on the iproute
packages I can no longer configure my tunnel interface tunl0. Mainly I'm
trying to reset the ttl to 64 for traceroute to properly work.
Everything I've searched comes up empty. Here's what I see:
root@gw:/usr/local/bin# iptunnel show
tunl0: ip/ip remote any local any ttl inherit nopmtudisc
root@gw:/usr/local/bin# ifconfig tunl0
tunl0 Link encap:IPIP Tunnel HWaddr
inet addr:44.88.0.1 Mask:255.255.255.255
UP RUNNING NOARP MULTICAST MTU:0 Metric:1
ttl is stuck on inherit and MTU autoconfigs to 0. This I know is set by
nopmtudisc however if I try to adjust things:
root@gw:/usr/local/bin# ip tunnel change tunl0 ttl 64
ttl != 0 and noptmudisc are incompatible
root@gw:/usr/local/bin# ip tunnel change pmtudisc mode ipip
add tunnel tunl0 failed: No such file or directory
Why would it try to ADD? the command is CHANGE.
Has anyone else suffered this before and if so what was the fix?
Thanks in advance.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Interesting reading!
I too would like to see a routed approach - all this clumsy tunnelling
house of cards junk is never going to be reliable.
The overly-managed approach doesn't help either. It needs to be far
simpler to manage a /24 than what we have now. All the legal speak in that
"contract" can get binned too.
As far as outdoor links are concerned - why do you not use the Ubiquiti
2.4,3.3, and 5.8Ghz gear? It goes really really over long distances even
without external amps, and will happily run in the ham bands.
Steve
On Tue, Jan 28, 2014 at 9:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote:
> Send 44Net mailing list submissions to
> 44net(a)hamradio.ucsd.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://hamradio.ucsd.edu/mailman/listinfo/44net
> or, via email, send a message with subject or body 'help' to
> 44net-request(a)hamradio.ucsd.edu
>
> You can reach the person managing the list at
> 44net-owner(a)hamradio.ucsd.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of 44Net digest..."
>
>
> Today's Topics:
>
> 1. Re: amprnet portal (Bryan Fields)
> 2. Re: amprnet portal (kb9mwr(a)gmail.com)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 26 Jan 2014 18:09:57 -0500
> From: Bryan Fields <Bryan(a)bryanfields.net>
> To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
> Subject: Re: [44net] amprnet portal
> Message-ID: <52E595C5.9090303(a)bryanfields.net>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 1/26/14 2:20 PM, kb9mwr(a)gmail.com wrote:
> > It would be interesting to hear more about how those other BGP
> > announced chunks of 44net are using the space.
> My segment 44.98.254.0/24 is being used for one PtP data link now, and
> some
> asterisk based repeater controllers.
> I have email for kb9mci.net on it (but need to get SWIP/PTR going Brian
> ;).
>
> My intent is to fire up some of the doodle labs 23cm link cards as we get
> another repeater site and link it over on that space. As this grows over
> the
> next couple years it will be quite a high speed data network with VoIP as
> the
> primary purpose. Doing all the RF links in the ham bands is part of the
> fun.
> (anyone have a OFDM rated 20-30 watt amp for 23cm that's not $2k?)
>
> One of the pet peeves I've have is not being able to access the other AMPR
> net
> space with out tunnels. I think tunnels are just an ugly hack IMO. I'd
> like
> to see us transition into more of a regionally routed network, rather than
> the
> few BGP nets and UCSD gateway. Well aware of how much time this would take
> I'm not ready to write up a proposal just yet (ampRFC?).
>
> If anyone wants a subnet I'd be happy to route it to you, as I'm not using
> the
> whole /24 and won't be for some time. Global routing policies being what
> they
> are, a /24 is the smallest subnet you can announce.
>
> My interest lies in high speed networks, and see little to no value in 9600
> baud IP networks in 2014 :)
>
> 73's
>
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> 727-214-2508 - Fax
> http://bryanfields.net
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 27 Jan 2014 12:06:01 -0600
> From: kb9mwr(a)gmail.com
> To: "44net(a)hamradio.ucsd.edu" <44net(a)hamradio.ucsd.edu>
> Subject: Re: [44net] amprnet portal
> Message-ID:
> <
> CAK4XxyT5f_UxV5CpzHRX9O0QEtUbGxD0txexZHGRDQTTdA_9yg(a)mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Brian,
>
> Interesting, thanks for sharing.
>
> Amplifiers are something I really think the ham community needs to think
> about.
>
> They exist, but like you say, but at outrageous prices. i.e.:
>
> http://www.shireeninc.com/300-500mhz-20-watts-outdoor-amplifier/
>
> I have been reading Dubus magazine (focused on microwave), hoping to
> read more data oriented construction articles.
>
> I am much in the same line of thinking. 1200 and 9600 is really not
> worth re-deploying in 2014. The regulatory landscape needs some major
> changes so that manufactures can put something different in the hands
> of many.
>
> Steve
>
>
> ------------------------------
>
> _______________________________________________
> 44Net mailing list
> 44Net(a)hamradio.ucsd.edu
> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
>
> End of 44Net Digest, Vol 3, Issue 19
> ************************************
>
--
Meshnetworks - Rangitaiki Plains Rural Broadband Internet Providers
+64 21 040 5067
Hello Rob, thanks for your information, I changed to 44.0.0.1 from
169.228.66.251, but dont see here any rip broadcast from this IP, i
waiting if arrive in any moment.
73 de Gabriel.
YV5KXE
YV AmpNet Coordinator
44net-request at hamradio.ucsd.edu wrote:
> Subject:
> [44net] RIP UDP question
> From:
> Gabriel Medinas <gmedinas at gmail.com>
> Date:
> 02/26/2014 05:48 PM
>
> To:
> 44net at hamradio.ucsd.edu
>
>
> Hello all,
>
> I want test to receive the RIP2 broadcast in my JNOS but dont work:
>
> Trace jnos monitor:
>
> (tun0) 169.228.66.251->192.168.2.110 UDP
Don't use that version. Use the one that is from 44.0.0.1 ->
224.0.0.9 instead.
(there are two RIP broadcasts and some time ago Brian already considered to
stop the one from 169.228.66.251 to the public IP adress. This one is sent to
a different portnumber so your jnos probably does not recognize it)
Rob
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] RIP UDP question
> From:
> Gabriel Medinas <gmedinas(a)gmail.com>
> Date:
> 02/26/2014 05:48 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> Hello all,
>
> I want test to receive the RIP2 broadcast in my JNOS but dont work:
>
> Trace jnos monitor:
>
> (tun0) 169.228.66.251->192.168.2.110 UDP
Don't use that version. Use the one that is from 44.0.0.1 -> 224.0.0.9 instead.
(there are two RIP broadcasts and some time ago Brian already considered to
stop the one from 169.228.66.251 to the public IP adress. This one is sent to
a different portnumber so your jnos probably does not recognize it)
Rob
Hello all,
I want test to receive the RIP2 broadcast in my JNOS but dont work:
Trace jnos monitor:
(tun0) 169.228.66.251->192.168.2.110 UDP
0000 ........pLaInTeXtpAsSwD.....,.......[yZ.........,.........Y.....
0040 ....,.......E..>........,.......Q.v>........,I@.....2.D>........
0080 ,.@.....[yZ.........,.......[yZ.........,I......2.D>........,...
00c0 ....W...........,...................,........K..........,.......
0100 ............,........&..........,^..................,.......v...
0140 ........,........K..........,........K..........,.......yc......
0180 ....,........K..........,.......^e0.........,........K..........
01c0 ,........K......
(tun0) 192.168.2.110->169.228.66.251 ICMP UnreachablePort
Returned 169.228.66.251->192.168.2.110 UDP
192.168.2.110 is my JNOS IP in LAN (also 44.152.0.60)
169.228.66.251 (amprnetgw-ucsd)
The jnos return a ICMP UnreachablePort, have check firewall, ip
forwading in opensuse 13.1 linux, router and in my autoexec.nos:
ip upstairs 224.0.0.9
rip ttl 43200
start rip
#rip accept 44.0.0.1
rip accept 169.228.66.251
rip trace 9 rip.log
My question, why my jnos said unreachablePort?
Thanks.
Gabriel YV5KXE
Thanks Chris.
Now if there is a problem originating from one of the gateways we know
who to get a hold of.
It may also be desirable if their callsign had a link to method of
contact (email) that is on file for them. But I heard a whois
function is in the works, and I assume that will have something like
that.
Steve
I've been getting absolutely bombarded with dns query frames most of
which come from commercial IPs (that are now blocked) however I'm seeing
some from what appears to be 44/8, but I suspect most of these are
spoofed. There's always the chance someone's been compromised. An
example from wireshark:
72 13.058158 44.96.84.78 44.88.0.9 DNS Standard query A
oitutrxutxx.www.luse7.com
I know this IP is not configured so it must be spoofed (aka: no DNS) and
it doesn't appear to be alive, nor is this the only one from 44/8.
140 35.327781 44.180.172.99 44.88.0.9 DNS Standard query A
ttx.www.luse8.com
595 181.341697 44.219.111.186 44.88.0.9 DNS Standard query A
m.www.luse9.com
I'm sure this is a DNS worm of sorts but it was attacking my MFNOS node
(which does not even have a dns server compiled in it) at the rate of
500,000 frames a minute. While harmless to such, it's still bandwidth
used for nothing.
Has anyone seen these sort of junk dns requests before?
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
On the gateways list page or under the details (at:
https://portal.ampr.org/gateways_list.php) could another column be
added to show the associated call sign of the person who maintains
that entry?
Right now there really doesn't seem to be a way to tell.
Now this guy appears every 60 sec., and he obviously knows what he's
doing. Anyone else seeing him? How does he do it?
Sat Feb 22 14:12:57 2014 - tun0 recv:
IP: len 74 169.228.66.251->192.168.1.149 ihl 20 ttl 50 prot IP
IP: len 54 67.185.10.74->44.135.160.40 ihl 20 ttl 46 DF prot UDP
UDP: len 34 48465->6781 Data 26
0000 CQ AMPR! CQ AMPR! CQ AMPR!
Sat Feb 22 14:12:57 2014 - tun0 recv:
IP: len 74 169.228.66.251->192.168.1.149 ihl 20 ttl 50 prot IP
IP: len 54 67.185.10.74->44.135.160.40 ihl 20 ttl 46 DF prot UDP
UDP: len 34 48465->6781 Data 26
0000 CQ AMPR! CQ AMPR! CQ AMPR!
(encap) 67.185.10.74->44.135.160.40 DF UDP
CQ AMPR! CQ AMPR! CQ AMPR!
Sat Feb 22 14:12:57 2014 - tun0 sent:
IP: len 56 192.168.1.149->67.185.10.74 ihl 20 ttl 254 prot ICMP
ICMP: type Unreachable code Port
Returned IP: len 54 67.185.10.74->44.135.160.40 ihl 20 ttl 46 DF prot UDP
UDP: len 34 48465->6781 Data 26
jerome - ve7ass
------
