44net

44net@mailman.ampr.org

3194 discussions

Re: [44net] Remote BGP Peering (Event)
by Rob Janssen 22 Aug '18

22 Aug '18

> We were wondering if it would be possible to tunnel in the AMPRNet from > UCSD into the exchange over BGP for the weekend of the event. If so what is > the best way to go about this? I'm more than happen to land it on a VM > elsewhere (Likely in London) then deal with getting it to the field myself > if need be. The standard way to have traffic tunneled to you, in the absence of a regional gateway that is BGP-routed, would be to register a subnet at the portal and setup an IPIP gateway for it, if desired using a VM somewhere to do the tunneling and a further tunnel (VPN) to the site to forward the traffic. Of course it would be possible to setup BGP routing to your VM, but would it be worth it for a 3-day event only? Maybe you could setup something more permanent that can be used by local amateurs after the event has ended. Rob

1 0

Remote BGP Peering (Event)
by Alistair Mackenzie 22 Aug '18

22 Aug '18

Hi, There is an upcoming event here in the UK, EMF Camp ( https://www.emfcamp.org/). There are a bunch of villages doing various things, included is an amateur radio village ( https://wiki.emfcamp.org/wiki/Village:Amateur_Radio) as well as an internet exchange (https://wiki.emfcamp.org/wiki/Village:EMF-IX). We were wondering if it would be possible to tunnel in the AMPRNet from UCSD into the exchange over BGP for the weekend of the event. If so what is the best way to go about this? I'm more than happen to land it on a VM elsewhere (Likely in London) then deal with getting it to the field myself if need be. Thanks, Alistair

3 4

Strange Connect problem across Com ports to BPQ32 and XROUTER
by vk1kw 21 Aug '18

21 Aug '18

Hello All, Have you noticed if you do a "C port Call" connect via a com port from Linux JNOS window with your own (JNOS) call sign to BPQ, BPQ32 or XROUTER that the connection is established but there is no further response in the connection and seems to not respond any more. However if you use another call sign via say Telnet or TNC via JNOS com port, all works fine and the connection across the com port is established and proceeds normally. It makes it hard to test the configuration and have not gotten to the bottom of it yet. This has happened thru several versions of JNOS, but I am using similar autoexec, etc files. Any Ideas please? Secondly, why does McAfee keep quarantining my WIN10 BPQ32.EXE file and also the contents of downloaded BPQ32 EXE ZIP file from the official web site? Thanks Rob Vk1kw

2 4

Network + Broadcast Blocked?
by Kris Kirby 07 Aug '18

07 Aug '18

If -- for example -- one has a /24 delegated, are the .0 and .255 blocked at gw.ampr.org? I haven't tried this, just figured I'd ask. -- Kris Kirby, KE4AHR Disinformation Architect, Systems Mangler, & Network Mismanager

2 1

Re: [44net] network equipment passwords
by Rob Janssen 06 Aug '18

06 Aug '18

> Before, or as soon as you attach a piece of equipment to our network > (or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD. > Oh, and be careful when upgrading firmware: in far too many devices > when you flash new firmware into it, the password gets reset to the > factory default. Be sure to check it afterwards! But, do not see this as a reason to not upgrade firmware! It is really important to keep firmware uptodate, as e.g. was seen in the recent case of MikroTik routers being compromised because they were running firmware before version 6.42.1 which has a vulnerability that allows a remote user to retrieve the correct password from the router! This was fixed some time ago (current version is 6.42.6) but people didn't upgrade, and their router became infected with a botnet that essentially allows it do do anything. In this case, it is also important to change the password after the upgrade, not because it would be reset, but because it could be known to an attacker who retrieved it before the upgrade. In that case they can still login after upgrade! (more details on how to avoid such things can be found on the MikroTik forum, but even the "cannot do! too difficult for me!" type of operator still can upgrade the software as this is only a matter of two clicks in the user interface) Rob

4 4

network equipment passwords
by Brian Kantor 05 Aug '18

05 Aug '18

Most network equipment comes from the manufacturer with a common default password. The bad guys know what these are. Before, or as soon as you attach a piece of equipment to our network (or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD. If you don't, your device will be hacked in a matter of seconds and you may lose control of it. It might be used to launch attacks on other systems, and may become part of an evil botnet spreading badness across the Internet. Hardly a week goes by that I don't get an official complaint from somewhere that a device on our network has been compromised and is being used to attack other devices. The root cause is almost always that someone attached their shiny new computer/router/accesspoint/camera/toy to the network and it got taken over because they forgot to CHANGE THE PASSWORD. Oh, and be careful when upgrading firmware: in far too many devices when you flash new firmware into it, the password gets reset to the factory default. Be sure to check it afterwards! Thank you. - Brian

1 0

IPv6, for authentication with IPSEC
by Robert Keyes 29 Jul '18

29 Jul '18

I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8. My question is, can we utilize IPv6 with our IPv4 address embedded in it? The reason I want to be able to easily utilize message authentication with IPSEC AH. 73, N1YRK

6 6

Re: [44net] IPv6, for authentication with IPSEC
by Rob Janssen 29 Jul '18

29 Jul '18

Yes. but that is not related to this discussion as far as I understand it. He wants to send IPv4 traffic inside IPv6, which can be done locally without issue. E.g. we have GRE6 in use (GRE over IPv6) transporting 44.x.x.x IPv4 traffic between routers. It is always possible to do that, but you need cooperating hosts at both ends. E.g. when you cannot get IP tunnel mesh working due to ISP or router restrictions. Rob

1 0

Re: [44net] IPv6, for authentication with IPSEC
by Rob Janssen 28 Jul '18

28 Jul '18

> I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8. > My question is, can we utilize IPv6 with our IPv4 address embedded in it? > The reason > I want to be able to easily utilize message authentication with IPSEC AH. As the discussion got sidetracked into unrelated issues, let's go back to the question. What exactly are you trying to accomplish? Of course it is possible to make some form of tunnel over IPv6 between two AMPRnet systems, and transport the 44/8 IPv4 traffic over that. But you will have to admin both sides of the tunnel. The existing tunnel network operates only over IPv4. When you want to make your own branch, that connects to an existing place with AMPRnet connectivity, and you want to do that over IPv6, that is certainly possible. Rob

2 1

Setting reverse DNS
by Alistair Mackenzie 22 Jul '18

22 Jul '18

Hi, I've got my /24 running via bgp now and was wondering how to set the all the reverse DNS. Is it possible to point the arpa zone to my name servers? Thanks, Alistair

2 1

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net