> Before, or as soon as you attach a piece of equipment to our network
> (or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD.
> Oh, and be careful when upgrading firmware: in far too many devices
> when you flash new firmware into it, the password gets reset to the
> factory default. Be sure to check it afterwards!
But, do not see this as a reason to not upgrade firmware!
It is really important to keep firmware uptodate, as e.g. was seen in the recent
case of MikroTik routers being compromised because they were running firmware
before version 6.42.1 which has a vulnerability that allows a remote user to
retrieve the correct password from the router! This was fixed some time ago
(current version is 6.42.6) but people didn't upgrade, and their router became
infected with a botnet that essentially allows it do do anything.
In this case, it is also important to change the password after the upgrade,
not because it would be reset, but because it could be known to an attacker who
retrieved it before the upgrade. In that case they can still login after upgrade!
(more details on how to avoid such things can be found on the MikroTik forum, but
even the "cannot do! too difficult for me!" type of operator still can upgrade the
software as this is only a matter of two clicks in the user interface)
Rob
Most network equipment comes from the manufacturer with a common
default password. The bad guys know what these are.
Before, or as soon as you attach a piece of equipment to our network
(or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD.
If you don't, your device will be hacked in a matter of seconds and
you may lose control of it. It might be used to launch attacks on
other systems, and may become part of an evil botnet spreading
badness across the Internet.
Hardly a week goes by that I don't get an official complaint from
somewhere that a device on our network has been compromised and is
being used to attack other devices.
The root cause is almost always that someone attached their shiny
new computer/router/accesspoint/camera/toy to the network and
it got taken over because they forgot to CHANGE THE PASSWORD.
Oh, and be careful when upgrading firmware: in far too many devices
when you flash new firmware into it, the password gets reset to the
factory default. Be sure to check it afterwards!
Thank you.
- Brian
I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8.
My question is, can we utilize IPv6 with our IPv4 address embedded in it?
The reason
I want to be able to easily utilize message authentication with IPSEC AH.
73,
N1YRK
Yes. but that is not related to this discussion as far as I understand it.
He wants to send IPv4 traffic inside IPv6, which can be done locally without issue.
E.g. we have GRE6 in use (GRE over IPv6) transporting 44.x.x.x IPv4 traffic between
routers. It is always possible to do that, but you need cooperating hosts at both ends.
E.g. when you cannot get IP tunnel mesh working due to ISP or router restrictions.
Rob
> I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8.
> My question is, can we utilize IPv6 with our IPv4 address embedded in it?
> The reason
> I want to be able to easily utilize message authentication with IPSEC AH.
As the discussion got sidetracked into unrelated issues, let's go back to the
question. What exactly are you trying to accomplish? Of course it is possible
to make some form of tunnel over IPv6 between two AMPRnet systems, and transport
the 44/8 IPv4 traffic over that. But you will have to admin both sides of the
tunnel. The existing tunnel network operates only over IPv4. When you want
to make your own branch, that connects to an existing place with AMPRnet
connectivity, and you want to do that over IPv6, that is certainly possible.
Rob
Hi,
I've got my /24 running via bgp now and was wondering how to set the all
the reverse DNS.
Is it possible to point the arpa zone to my name servers?
Thanks,
Alistair
> got myself a nice little edgerouter X from ubiquity.
> I was reading the wiki on how to setup the system and something does not ring properly in my head. ( must be the pills I take 😉 )
> So here : http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter
Note that that article does not describe a complete configuration for an AMPRnet IPIP gateway.
Maybe it was just a first attempt at writing a WiKi article, maybe the author did not realize that
this method is not correct. With this configuration you would only be able to connect towards
internet (which he proves by testing) but not to fellow AMPRnet participants. That requires
quite some more effort, see what Marius has created for the MikroTik routers.
Rob
got myself a nice little edgerouter X from ubiquity.
I was reading the wiki on how to setup the system and something does not ring properly in my head. ( must be the pills I take 😉 )
So here : http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Ubiquiti_EdgeRouter
On a line I see:
• ubnt@ubnt:~$ set interfaces ethernet eth0 address <put your AMPRNet network assignment>
And when I go to my allocation I have 44.135.51.0/26
Is that what I need to enter? I am no network guru. I play with stuff and want to learn 😉
Tks
Pierre
VE2PF
Hi Brian,
Are you receiving my emails? Sent you a couple over the past two days but no replies, why is not like you! Suspect they may have been diverted to your spam folder?
Chris
I have found a network service provider who will, upon confirmation form
ARDC, advertise an AMPRnet subnet and route traffic to a virtual host (VPS).
I have put together minimal instructions on how to setup the OpenVPN server
that can then support multiple clients and distribute/route subnets for
connectivity to the Internet using AMPRnet addresses. The cost is $5/mo.
for the VPS, which could be split among a group to support multiple clients.
Have a look at https://groups.io/g/net-44-vpn/wiki/home -- there is a
connected file repository for scripts and templates, and a message board
for sharing and support.
Additional documentation will be provided as it is developed.
I have used this with clients on Windows, Raspbian, MacOS, OpenWRT, ... and
it works.
--
------------------------------
John D. Hays
Edmonds, WA
K7VE
<http://k7ve.org/blog> <http://twitter.com/#!/john_hays>
