Thought maybe this is the place to let people know (as a courtesy I
suppose). I recently lost my static IP address (my bridge radio died
after 12+ years or so), looking at other solutions.
So in the meantime my existing IP address as noted in the encap.txt
and rip broadcasts will simply not respond to anything. No worries
about it being used by other entities, it's an IP on 'our system'
that no one else will ever use for a long time down the road.
I don't want to delete my entry in the portal, so I will try to get
some form of Dynamic DNS hostname in place as soon as possible, since
I am now using a DSL service as a temporary internet connection.
It might be a while, just saying.
Thanks for your understanding.
Maiko / VE4KLM
Hello,I am having an issue with the routes script for the Mikrotik routers. I got through all the steps to get RIP working and routes began populating based of the guides here: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_MikroTik_Routers . Then I got the latest script from http://www.yo2loj.ro/ version 3.1, while ssh'd into the box I copied and pasted the script http://www.yo2loj.ro/hamprojects/ampr-gw-3.1.rsc into the terminal. I used my public IP address in the AmprPublicIp field and my AMPRnet IP assigned to the DMZ IP address 44.68.204.1 then ran the update_amprgw script. At first I thought it was working but not all of the routes appear to be populating. I am only seeing 55 interfaces, much less than the 400+ I would expect. Any advise on this issue?ThanksMark ScranoK2EXE
Sorry, that would be mine. I'm building a new gateway and was having some issues, I'll disable that host asap.
Josh - VK2HFF
-------- Original message --------
From: lleachii--- via 44Net <44net(a)hamradio.ucsd.edu>
Date: 28/06/2017 05:03 (GMT+10:00)
To: 44net(a)hamradio.ucsd.edu
Cc: lleachii(a)aol.com
Subject: Re: [44net] SYN Flood, etc.
Rob,
It appears the SYN Flood are actually coming from AMPPRNet, not the
Interent:
2017-06-27 13:16:16.705 3600.001 TCP 44.136.24.62:52055 ->
44.60.44.3:53 9 695 1
2017-06-27 13:16:16.705 3600.001 TCP 44.60.44.3:53 ->
44.136.24.62:52055 41 49452 1
2017-06-27 13:18:41.842 3600.004 TCP 44.136.24.62:51655 ->
44.60.44.3:53 4 306 1
2017-06-27 13:18:41.842 3600.004 TCP 44.60.44.3:53 ->
44.136.24.62:51655 28 37152 1
After closing tcp/53, this is the only host causing hits on my SYN Flood
filter.
- KB3VWG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
> Further inspecting the firewall, only 5 packets in over 20,000 were
> dropped. Perhaps the SYN Flood setting is too sensitive for a series of
> multiple DNS queries at the same time.
I sometimes see mis-detections of floods on TCP port 53 too. The resolver
has to open a separate connection for each request once it has to use TCP mode.
Due to the increased use of DNSSEC this happens more often than in the past.
Rob
> I'll be closing TCP/53 to the Internet - NOW.
You need to close UDP/53 as well! It is widely abused for DDoS amplification,
you really should not offer DNS service on internet unless you have modern software
to do rate limiting etc.
Look at the poor souls who make a change to their MikroTik router (usually configuring
it for PPPoE according to the directions they find on Youtube instead of according to
the manual) and mistakenly open their DNS resolver on internet... they end up
being abused as DDoS amplifier/reflector all the time.
We run a slave DNS server for AMPRnet as well, but: only on the 44 network.
Rob
> - The only tcp/53 I have open is AMPR DNS (most connections are coming from 104.236.176.72)
Those are on my list of scanners/blackhats. The name "stretchoid.com" is already indicative of what they do.
However, as Brian Kantor also wrote, it is a really bad idea to run a DNS server on an internet-facing interface.
Keep it accessible only from the amprnet side.
Rob
All,
I looked at my router's system log and noticed two interesting messages:
> [ 272.794578] conntrack: generic helper won't handle protocol 47.
> Please consider loading the specific helper module.
> [367924.542265] TCP: request_sock_TCP: Possible SYN flooding on port
> 53. Sending cookies. Check SNMP counters.
I realized I'm currently under a "small" attack. About 2 p.p.s. are
causing my SYN_Flood rules to hit. What's interesting is:
- I don't run any GRE tunnels (most of the Protocol 47 packets are
coming from China)
- The only tcp/53 I have open is AMPR DNS (most connections are coming
from 104.236.176.72)
Does anyone currently use tcp AXFR to copy 44.IN-ADDR.ARPA. or AMPR.ORG.
from me?
73,
- Lynwood
KB3VWG
The National Science Foundation and Mozilla are sponsoring an
initiative to bypass the wired web to bring additional people
online and to provide survivability in times of disaster.
Sound familiar? Seems we're already doing some of that; perhaps
some of us should apply for some of the grant money to spice things up.
> https://blog.mozilla.org/blog/2017/06/21/2-million-prize-decentralize-web-a…
- Brian
Decentralize the web is indeed what we have always been doing. Probably because we started in the
times when the internet was still very decentralized and all communication was peer-to-peer.
Lately, internet has been transformed into a client-server network much like the telephone BBS world
was in those days: there are users, they connect to some server where all they want to have can be
found and stored.
This is also a reason why IPv6 has not really taken off. The design principle behind IPv6, to have enough
addresses to assign one to every device and have all of those devices communicate peer-to-peer, has
largely been abandoned on the internet. There is no reason anymore to have a different address for
every device.
In fact, now that we have the AMPRnet coming alive again here, many of the users are so accustomed
to this way of working that they implement it on their ham network as well: everything NATted behind a
single IP address. Even though they can just apply for a subnet large enough for their shack.
Maybe we should invest in explaining the difference between our network and the internet as it is used
today, and how this change on internet came about. It could help people think different.
Rob
