44net June 2020

44net@mailman.ampr.org

38 participants
21 discussions

VK AMPR Co-ordinator
by Gary B 13 Jun '20

13 Jun '20

Hi All, For info for those who knew Sam Scafe, VK4AA, who was the Australian AMPRnet Co-ordinator. SILENT KEY: - Samantha Scafe VK4AA Samantha went Silent Key on Saturday March 22nd at home in Cairns following complications from cellulitis interacting with a compromised respiratory system. Samantha had recently been in hospital a number of times but appeared to be improving before her health took a final dive. Samantha was one of the pioneers of Packet Radio networking in Queensland being one of the first to introduce the concept of data wormholes with the Aussie Wide Packet Radio Network. A move from the Gold Coast to Cairns found Samantha’s business become a ISP and Web Host/Design concern, including providing the backup site for the WIA News and QNEWS data files. Samantha and partner Colleen were also well known in autosports circles as CAMS Stewards, with many RadioAmateurs interacting with them at rallies and hillclimbs. Samantha also ran the Cairns APRS gateway for years and provided technical support for repeater builders around the country. The Australian Amateur Radio Service has suffered a great loss with Samantha’s passing and we pass on heartfelt condolences to partner Colleen and family. Vale Samantha Scafe VK4AA, Silent Key. >From Backscatter (Newsletter of the Townsville Amateur Radio Club) As a result, VK needs someone with AMPRnet and TCP/IP kwowledge and experience to volunteer to take on this role. If you think you are able to do this, or know someone who possibly could, please contact Chris, G1FEF asap. Currently VK does not have anyone to do the day to day co-ordination or issuance of 44. addresses. Regards, Gary VK4ZGB

7 6

ampr.org tls cert expired
by Scott Nicholas 13 Jun '20

13 Jun '20

Look's like the Let's Encrypt cert on ampr.org isn't running on a crontab :) -Scott

3 2

Re: [44net] NSP bugging me to use RPKI for my /24 grant
by Erik Seidel 12 Jun '20

12 Jun '20

Tom, It sounds like you're referring to delegated RPKI: https://www.arin.net/resources/manage/rpki/delegated/ I assume this could be done, but it would still have to be set up through ARIN first - just as in the case of hosted RPKI. Regards, Erik KE5SAI On Wed, Jun 10, 2020 at 11:26 AM Erik Seidel <erik(a)znsl.us> wrote: > > Tom, > > It sounds like you're referring to delegated RPKI: > > https://www.arin.net/resources/manage/rpki/delegated/ > > I assume this could be done, but it would still have to be set up > through ARIN first - just as in the case of hosted RPKI. > > Regards, > > Erik > KE5SAI > > On Wed, Jun 10, 2020 at 11:21 AM Tom Cardinal via 44Net > <44net(a)mailman.ampr.org> wrote: > > > > Cynthia, > > > > I only listed them as an example, my point was a having our own CA > > signed by a signing org that is trusted by RIRs. If that be ARIN then > > so be it. More importantly though, as you know, we have a legacy > > allocation. In my opinion we are equal to an RIR but with the ability > > to make global allocations from the 44.0/9 and 44.128/10 space. > > > > --ton/n2xu 44.98.63.0/29. > > > > > > On 6/10/20 7:38 AM, Cynthia Revström via 44Net wrote: > > > Tom, > > > > > > As Q already mentioned, Thawte or Comodo (now called Sectigo) are for Web > > > PKI, not RPKI, they have nothing to do with this. > > > And not to mention the huge requirements something like that would have, > > > and enormous fees. > > > > > > Not entirely sure what you mean by "act as an IR"? > > > > > >> They would have to accept it much like ARIN and RIPE trust each other > > > In the context of RPKI, ARIN and RIPE NCC do not trust each other, they > > > have their own Root CAs (TALs), which are independent of each other. > > > An RPKI validator has to use both of them. > > > > > > - Cynthia > > > > > > > > > On Wed, Jun 10, 2020 at 2:33 PM Q Misell via 44Net <44net(a)mailman.ampr.org> > > > wrote: > > > > > >> CA's like Thawte or Comodo won't work for this, they're for web PKI not > > >> resource PKI. > > >> The 44.0.0.0/9 cert would have to be signed by one of the RIR's trust > > >> anchors (probably ARIN since they have 44.0.0.0/8 assigned to them) > > >> > > >> Thanks, > > >> Q > > >> > > >> > > >> On Wed, 10 Jun 2020 at 13:28, Tom Cardinal via 44Net < > > >> 44net(a)mailman.ampr.org> > > >> wrote: > > >> > > >>> I've been monitoring this discussion. Since our space was allocated by > > >>> Jon Postel, initially around 1981 (ish), why can't we create our own > > >>> trust model (CA signed by a CA signing agency like Thawte or Comodo as > > >>> examples) and act as an IR for the 44.0/9 and 22.128/10 space ourselves > > >>> and publish that trust model to the RIRs? They would have to accept it > > >>> much like ARIN and RIPE trust each other. Then RPKI would work for > > >>> AMPRNet and AMPRNet would control it's own destiny. > > >>> > > >>> --tom/n2xu 44.98.62.0/29 > > >>> > > >>> > > >>> On 6/2/20 2:34 PM, Jonathan Lassoff via 44Net wrote: > > >>>> I can sympathize with the sentiment that RPKI and widespread RPKI > > >>>> adoption in its current form will really lock out and disenfranchise > > >>>> smaller network operators. > > >>>> > > >>>> Now, *more than ever*, we need to enable an Internet that any > > >>>> organization (a natural person, a registered entity, a hackerspace, > > >>>> etc.) can connect to, uniquely address itself, and begin exchanging > > >>>> traffic. > > >>>> > > >>>> In order to enable such an open system to function, we also need ways > > >>>> of ensuring that unicast addresses are unique and that there is some > > >>>> public, verifiable way of claiming ownership of IP space. Without > > >>>> this, the entire network is open to disruption and abuse by almost any > > >>>> operator. It's amazing we have gotten so far on the good will of most > > >>>> operators. > > >>>> > > >>>> The RIR model of lawyers, paperwork, and public databases works for a > > >>>> lot of people and organizations. IRR was the first step, but it was > > >>>> complex and a bit clunky to use. I see RPKI for Origin Validation as > > >>>> just the first/next step of extending this model of trust and > > >>>> numbering resource ownership into the routing protocol space more > > >>>> directly. > > >>>> From a technical standpoint, this logical extension of systems makes a > > >>>> lot of sense and I don't have a problem with it. > > >>>> > > >>>> For commercial network operators, a RIR registration is just the cost > > >>>> of doing business. > > >>>> But for many small nonprofits, regional amataur radio/network > > >>>> operators, or individuals, a few thousand dollars/euros a year is a > > >>>> lot of money that makes Internet independence out of reach. > > >>>> They end up having to resort to the hegemony of their local incumbent > > >>>> monopoly and chain themselves to the whims of their upstreams and > > >>>> regulators. > > >>>> > > >>>> I suspect many legacy resource holders find themselves in a similar > > >>>> limbo-state of not wanting to participate in the RIR model and pay > > >>>> money for essentially nothing. > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> Echoing some similar earlier sentiments to want to create a CA for > > >>>> legacy address holders: How feasible would it be to create something > > >>>> RIR-like, but noncommercial? > > >>>> A place for legacy address holders to coordinate and register > > >>>> resources seems like a natural fit. If we're going to operate a > > >>>> database of ROAs, we're going to need some database of address space > > >>>> ownership. > > >>>> For 44net use cases, this seems really straightforward, since we have > > >>>> the Portal to draw from. But for other organizations, it gets a bit > > >>>> more complicated to do properly. Given some random email > > >>>> address/account in some hypothetical legacy RIR, how can we really > > >>>> validate that they're authorized to take actions on behalf of some > > >>>> organization? > > >>>> To take some random examples from the IANA IPv4 list: DISA, USPS, > > >>>> AT&T, Apple, etc. Doing this right is going to take some process, > > >>>> record keeping, and well.... work. > > >>>> With this context, I can see how a lot of RIRs go commercial. However, > > >>>> with a bit of automation, good documentation and records, and some > > >>>> dedicated volunteers, this seems like a really doable/achievable thing > > >>>> in the netops community. > > >>>> > > >>>> I would be curious to know if anyone else shares these views/dreams > > >>>> and would like to chat about it. > > >>>> > > >>>> Stay safe and sane out there. > > >>>> > > >>>> Cheers, > > >>>> jof > > >>>> > > >>>> On Tue, 2 Jun 2020 at 08:18, Job Snijders via 44Net > > >>>> <44net(a)mailman.ampr.org> wrote: > > >>>>> Thomas, > > >>>>> > > >>>>> You say > > >>>>> > > >>>>> On Tue, Jun 2, 2020, at 04:17, Thomas Jones - KG5ZI /8 via 44Net > > >> wrote: > > >>>>>> DO NOT participate in RPKI! > > >>>>> And ... > > >>>>> > > >>>>>> We should be protecting our Internet!! Just saying... > > >>>>> What are you really saying? These statements seem at odds with each > > >>> other. > > >>>>> How do you protect your internet? Maybe I can learn some tricks from > > >>> you? > > >>>>> Kind regards, > > >>>>> > > >>>>> Job > > >>>>> _________________________________________ > > >>>>> 44Net mailing list > > >>>>> 44Net(a)mailman.ampr.org > > >>>>> https://mailman.ampr.org/mailman/listinfo/44net > > >>>> _________________________________________ > > >>>> 44Net mailing list > > >>>> 44Net(a)mailman.ampr.org > > >>>> https://mailman.ampr.org/mailman/listinfo/44net > > >>> > > >>> _________________________________________ > > >>> 44Net mailing list > > >>> 44Net(a)mailman.ampr.org > > >>> https://mailman.ampr.org/mailman/listinfo/44net > > >>> > > >> _________________________________________ > > >> 44Net mailing list > > >> 44Net(a)mailman.ampr.org > > >> https://mailman.ampr.org/mailman/listinfo/44net > > >> > > > _________________________________________ > > > 44Net mailing list > > > 44Net(a)mailman.ampr.org > > > https://mailman.ampr.org/mailman/listinfo/44net > > > > > > _________________________________________ > > 44Net mailing list > > 44Net(a)mailman.ampr.org > > https://mailman.ampr.org/mailman/listinfo/44net

7 8

Modem
by Ken Adams 12 Jun '20

12 Jun '20

Hi Guys Looking for a UK compatible modem/router/DSL to use with TalkTalk. I can then switch off ALL firewall nat and filtering and pass ALL traffic through to my pfSense router/firewall and allow the usual 4 and 93 and ICMP. Waiting with hope in the heart 73 de Ken (G7OAH)

4 4

NSP bugging me to use RPKI for my /24 grant
by Jeremy Cooper 10 Jun '20

10 Jun '20

Hello all, In 2018 I requested and received a /24 allocation and permission to announce it via BGP. My ISP/NSP, MonkeyBrains.net, very graciously agreed to route it to my house as part of my normal residential service. (Quite amazing!) Now, however, they’ve sent me an unusual request (but they are excited about it): can I please setup RPKI for my IP allocation, authorizing them (MonkeyBrains) permission to advertise the block? Full quote below: > Hi Jermy, > > We advertise a /24 for AMPRNET. Please setup a ROA record on ARIN authorizing us to advertise that block. (We just learned how to do this for our IPs yesterday and are exctied about RPKI. > > > > If you haven't set up RPKI for your IP allocations, here are the steps in a nutshell: > > create SSL key > upload to ARIN > Create ROA (image below) > Thanks, > > Rudy > > HOW-TO on ARIN: > https://www.arin.net/resources/manage/rpki/hosted/#roarequestkeypair <https://slack-redir.net/link?url=https%3A%2F%2Fwww.arin.net%2Fresources%2Fm…> > I don’t think this is going to work as I don’t _OWN_ my block. It is licensed to me for a 5 year period. As such, there’s no record of my allocation with ARIN, and hence, nothing that I can assign. Do any of you network gurus have a sufficiently technically advanced response I can give the ISP for their request? 73, -Jeremy Cooper

19 34

pfSense
by Ken Adams 10 Jun '20

10 Jun '20

Has anyone got ampr 44net ipencap working.? I have a node running Linux/uronode/ax25/netrom/fbb and ampr-ripd. This then feeds into the pfsense box. AX25/Netrom/fbb are all working fine. I think I have IPENCAP on the firewall directed to the Node 198Lan address. All help very happily received. Rgds Ken (G7OAH)

3 2

Re: [44net] 44Net Digest, Vol 9, Issue 54
by Rob Janssen 04 Jun '20

04 Jun '20

> That vulnerability sounds quite like what alot of us have been saying for years....hummm...73,- Lynwood KB3VWG True! I have mentioned many times that it is best to filter incoming protocol-4 based on a list of valid gateway addresses, and also to filter traffic from those tunnels with filters allowing only AMPRnet addresses (except from amprgw when you use that to receive traffic from internet). We can only hope that this "discovery" and CERT registration will not lead to broad "protocol 4 blocks" by ISPs and transit providers, as has happened with NTP traffic when that was the topic. Maybe another motivation to move from the IPIP mesh to something more modern? Rob

1 0

Internet access
by Edward Young 02 Jun '20

02 Jun '20

Charles, thank you for confirming muy membership in the group. I am very interested in using a ham radio to connect to the internet. What equipment do I need and what do I need to do?

3 3

Mailing list
by Edward Young 02 Jun '20

02 Jun '20

I seem to be on the mailing list but I cannot post anything. Can you send me a link to confirm my membership? Edward Young

2 2

Re: [44net] 44Net Digest, Vol 9, Issue 54
by lleachii 02 Jun '20

02 Jun '20

That vulnerability sounds quite like what alot of us have been saying for years....hummm...73,- Lynwood KB3VWG null

2 1

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net June 2020