I'm not seeing any changes to the RIP broadcasts (seems to be stuck at
843 lines for last couple of days).
Also can't download encap file from portal.ampr.org/api/v1/encap (should
existing API key still work?)
Max
G4FDL
I have previously recorded malicious traffic in the past. It was from a rogue gateway. The endpoint was simply dropped from our RIP44 statements.To Charles' point - the traffic was firewalled, it's that alert which brought it to my knowledge. It also reiterates the need for RFC-documented methods to ensure we don't have stale records.- KB3VWG
-------- Original message --------From: "Charles J. Hargrove via 44net" <44net(a)mailman.ampr.org> Date: 4/25/24 09:40 (GMT-05:00) To: 44net(a)mailman.ampr.org Subject: [44net] Re: DNS AXFR Isn't it more prudent for each user device to have their own security?Maybe that is where a more useful discussion should take place. Theeducation of the user systems/allocation holders falls into line withamateur radio being a technical hobby/service and those who are moreknowledgeable in our sphere should have more a sense of being an elmerinstead of keeping the information to themselves and be seen as wieldinga cudgel when "upstarts" ask questions to power. Money can sure corruptviewpoints, eh?On 4/25/2024 9:23 AM, Dan Cross via 44net wrote:> While that level of caution is certainly appropriate for the public> Internet, I have a hard time believing it's warranted on AMPRNet> itself. Has anyone done an actual threat analysis for traffic> originating inside the network itself?-- Charles J. Hargrove - N2NOVNYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord.NYC-ARECS/RACES Nets 441.100/136.5 PLARnewsline Broadcast Mon. @ 8:00PMNYC-ARECS Weekly Net Mon. @ 8:30PMhttp://www.nyc-arecs.orgNY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PMon 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32"Information is the oxygen of the modern age. It seeps through the walls toppedby barbed wire, it wafts across the electrified borders." - Ronald Reagan"The more corrupt the state, the more it legislates." - Tacitus"Molann an obair an fear" - Irish Saying(The work praises the man.)"No matter how big and powerful government gets, and the many services itprovides, it can never take the place of volunteers." - Ronald Reagan_______________________________________________44net mailing list -- 44net(a)mailman.ampr.orgTo unsubscribe send an email to 44net-leave(a)mailman.ampr.org
Chris,There's no need to jump into this email chain abouta Wiki. If you don't want to provide the Wiki group email, I'm sure someone else can.I know you're quite busy with other things, the Wiki should be the least of your concerns at this time.73,LynwoodKB3VWG
-------- Original message --------From: Chris <chris(a)ardc.net> Date: 4/25/24 06:09 (GMT-05:00) To: lleachii(a)aol.com Cc: AMPRNet working group <44net(a)mailman.ampr.org> Subject: Re: [44net] Wiki Hi Lynwood,You have my email, please email me off-list if you wish73,Chris - G1FEF—ARDC AdministratorWeb: https://www.ardc.net
On 25 Apr 2024, at 10:42, lleachii--- via 44net <44net(a)mailman.ampr.org> wrote:I've sent an email about emailing the Wiki group. Somehow that email never hit the reflector.Does anyone know how to email them?There's been an edit- whose last change sparked a discussion. Since this edit was made by an administrator, I'd like to discuss it there. Thanks, LynwoodKB3VWG_______________________________________________44net mailing list -- 44net(a)mailman.ampr.orgTo unsubscribe send an email to 44net-leave(a)mailman.ampr.org
I've sent an email about emailing the Wiki group. Somehow that email never hit the reflector.Does anyone know how to email them?There's been an edit- whose last change sparked a discussion. Since this edit was made by an administrator, I'd like to discuss it there. Thanks, LynwoodKB3VWG
All,
How do I email the new Wiki Group - as changes have been made by an Admin?
(FYI - I joined them)
While the edits are "OK", they are "grammatical" in nature, and the last edit sparked distinction (funny the discussion was regarding recursive DNS servers).
There are superseding edits after I [finally] removed the SK from the Wiki. I asked about this after the passing of Brian R. - but I was told to be patient by my coordinator,
https://wiki.ampr.org/w/index.php?title=Services&action=history
---
- LynwoodKB3VWG
Hi there,
I would like to rewrite or add my DNS entry for ampr.org.
I'd requested via the new portal as a Ticket, but still unassigned.
I think I must have the authority to modify it.
Can anyone help me ?
regards,
Toshiyuki JF3LGC
--
Toshiyuki MABUCHI
jf3lgc(a)gmail.com
Hi Kun,
The RIP broadcasts are sent as encapsulated multicast packets over the tunnel from the UCSD gateway server on 44.0.0.1 to your tunnel endpoint, so you need the tunnel setup before RIP44d can receive these broadcasts.
I am assuming you are using some flavour of Linux as your gateway machine, if so as a minimum you would need to:
modprobe ipip
ip addr add 44.x.x.x dev tunl0
ip link set dev tunl0 up
where 44.x.x.x is your tunnel endpoint IP.
Then you can run the find_pass.sh script, which is just a one liner:
ampr-ripd -d -v -i tunl0
I use Debian 12 and this is how I have my gateway setup, hope it helps...
I use systemd to start everything up automatically after a reboot: /etc/systemd/system/amprgw.service
[Unit]
Description=AMPRNet
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/local/bin/ampr_start.sh
ExecStop=/usr/local/bin/ampr_stop.sh
[Install]
WantedBy=multi-user.target
After creating this file you need to run “systemctl daemon-reload” followed by “systemctl enable amprgw” and “systemctl start amprgw”
Here is the ampr_start.sh script:
#!/bin/sh
PWD=“<the RIP44d password>"
LOCATION="G1FEF@IO91mk"
AMPR_OUR_LAN="44.63.7.208/29"
AMPR_OUR_TUN="44.63.7.215"
EXT_INTERFACE="enp1s0"
INT_INTERFACE="enp2s0"
TUN_INTERFACE="tunl0"
# Enable IP Forwarding
sysctl -w net.ipv4.ip_forward=1
# Enable IPIP tunnel and interface
modprobe ipip
ip addr add $AMPR_OUR_TUN dev $TUN_INTERFACE
# Set some tunnel interface options
# * Give the tunnel its own TTL of 64 hops enabling traceroute over the tunnel
# * Bring up the interface
# * Set the tunnel MTU
ip tunnel change ttl 64 mode ipip $TUN_INTERFACE
ip link set dev $TUN_INTERFACE up
ifconfig $TUN_INTERFACE mtu 1480
# Set AMPRNet routing table rules
# * Any packets from any AMPRNet space use routing table 44
# * Any packets from my AMPRNet space use routing table 44
ip rule add to 44.0.0.0/9 table 44 priority 44
ip rule add to 44.128.0.0/10 table 44 priority 44
ip rule add from $AMPR_OUR_LAN table 44 priority 45
# Set AMPRNet routes
# * Default route out of AMPRNet is 169.228.34.84
# * Set local route for AMPRNet on local AMPRNet interface
ip route add default dev $TUN_INTERFACE via 169.228.34.84 onlink table 44
ip route add $AMPR_OUR_LAN dev $INT_INTERFACE table 44
# Rest of the routes are added dynamically by the AMPR-RIPD routing Daemon.
/usr/sbin/ampr-ripd -s -r -t 44 -i $TUN_INTERFACE -a $AMPR_OUR_LAN -p $PWD -L $LOCATION
and the ampr_stop.sh script
#!/bin/bash
NET_AMP="44.63.7.208/29"
NIC_AMP="enp2s0.44"
NIC_TUN="tunl0"
### DISABLE IP FORWARDING ###
sysctl -w net.ipv4.ip_forward=0
### Take the tunnel offline ###
ifconfig $NIC_TUN down
### Remove the table 44 routes ###
ip route delete default dev $NIC_TUN via 169.228.34.84 onlink table 44
# Deletes local 44 network from Table 44
#ip route delete $NET_AMP dev $NIC_AMP table 44
### STOPS THE ampr-ripd ROUTER DAMEON
killall -KILL ampr-ripd
73,
Chris - G1FEF
> On 23 Apr 2024, at 09:23, KUN LIN <dnwk(a)linkun.info> wrote:
>
> Hi Chris,
> I should setup tunnel interference before running find_password.sh? I was following Linux Gateway Examples on the wiki. I'm not quite sure how to setup the tunnel interference before getting the passwords.
> Could you point me to the right direction?
> Thanks
> Kun
>
>
> From: Chris <chris(a)ardc.net>
> Sent: Tuesday, April 23, 2024 12:33 AM
> To: KUN LIN
> Subject: Re: [44net] Waiting for RIPv2 broadcasts
>
> I can see your gateway is in the encap file, I am also receiving your route entry via RIP
>
> 44.16.2.64/27 via 23.94.xxx.xx dev tunl0 proto 44 onlink window 840
>
> So you should be receiving the RIP broadcasts. Have you run ampr-ripd to get the password? i.e. ampr-ripd -d -v -i ampr0
> “ampr0” should be your tunnel interface.
>
> Leave that running for 10 minutes and you should see the broadcasts coming through with the password in plain text, you can then setup ampr-ripd to receive and process the encap routes.
>
> You can get more information here; https://git.ampr.org/yo2loj/ampr-ripd
> and here: https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
>
> If you manage to get things running you can ping/traceroute to my gateway for testing: 44.63.7.215
>
> 73,
> Chris - G1FEF
> —
> ARDC Administrator
>
> Web: https://www.ardc.net
>
>
>> On 23 Apr 2024, at 03:32, KUN LIN via 44net <44net(a)mailman.ampr.org> wrote:
>>
>> I am trying to setup IPIP tunnel following instructions on wiki and can't move beyond "waiting for RIPv2 broadcasts". When I run tcpdump, I do have something.
>>
>>
>> tcpdump -nni eth0 proto 4
>>
>> tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
>> listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
>> 18:15:00.559893 IP 169.228.34.84 > 23.94.*.*(my gateway ip): IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2, Response, length: 504
>> 18:15:39.222805 IP 79.190.68.116 > 23.94.*.*(my gateway ip): IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 103
>>
>> So, it looks like I am getting some RIPv2 broadcast, but it doesn't seem like ampr-ripd is processing these broadcasts?
>>
>> Any help would be appricated.
>> Thanks
>> Kun Lin
>> _______________________________________________
>> 44net mailing list -- 44net(a)mailman.ampr.org
>> To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
>
>
I am trying to setup IPIP tunnel following instructions on wiki and can't move beyond "waiting for RIPv2 broadcasts". When I run tcpdump, I do have something.
tcpdump -nni eth0 proto 4
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:15:00.559893 IP 169.228.34.84 > 23.94.*.*(my gateway ip): IP 44.0.0.1.520 > 224.0.0.9.520: RIPv2, Response, length: 504
18:15:39.222805 IP 79.190.68.116 > 23.94.*.*(my gateway ip): IP 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 103
So, it looks like I am getting some RIPv2 broadcast, but it doesn't seem like ampr-ripd is processing these broadcasts?
Any help would be appricated.
Thanks
Kun Lin
Charles,On April 6, Chris noted to me that 44.00.0.1 would stop having nameserver functionality in the future. This is a concern, as I don't know of another Authoritative Name Server for AMPR.ORG and 44.in-addr.arpa capable of Zone Transfer.Despite this, I have not yet been given an updated AMPRNet nameserver to reconfigure DNS-MDC.AMPR.ORG before that decommissioning.73,LynwoodKB3VWG
-------- Original message --------From: "Charles J. Hargrove via 44net" <44net(a)mailman.ampr.org> Date: 4/20/24 10:21 (GMT-05:00) To: Chris <chris(a)ardc.net> Cc: 44net(a)mailman.ampr.org Subject: [44net] Re: RIP broadcasts AMPR DNS at 44.0.0.1 has been unresponsive since April 11th.Either something is wrong with it or it has been moved withoutus being notified.On 4/19/2024 2:30 PM, Chris wrote:>> On 19 Apr 2024, at 18:42, Charles J. Hargrove via 44net >> <44net(a)mailman.ampr.org> wrote:>>>> Has anyone noticed anything strange with encap routing and DNS entries >> since 4/10?> > Can you be a little more specific Charles?> > There have been some major changes with encap and DNS in moving to the > new portal, so if you are seeing any issues please let me know so they > can be investigated/fixed-- Charles J. Hargrove - N2NOVNYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord.NYC-ARECS/RACES Nets 441.100/136.5 PLARnewsline Broadcast Mon. @ 8:00PMNYC-ARECS Weekly Net Mon. @ 8:30PMhttp://www.nyc-arecs.orgNY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PMon 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32"Information is the oxygen of the modern age. It seeps through the walls toppedby barbed wire, it wafts across the electrified borders." - Ronald Reagan"The more corrupt the state, the more it legislates." - Tacitus"Molann an obair an fear" - Irish Saying(The work praises the man.)"No matter how big and powerful government gets, and the many services itprovides, it can never take the place of volunteers." - Ronald Reagan_______________________________________________44net mailing list -- 44net(a)mailman.ampr.orgTo unsubscribe send an email to 44net-leave(a)mailman.ampr.org
I just received email and then a phone call from a person that wanted
to join one of our networks in the Northeast USA for the purposes of
routing Echolink, repeaters and more. When logging onto the "new" AMPR
portal, they were given only a choice of a few subnets based on a dropdown
list of intended uses. None of them jived with the networks in any of
the individual states or countries. I would suggest spreading the word
that all requests for new or expanded allocations be held up until things
can be straightened out. It seems that their small volunteer force is
unable to keep up with the workload since the changeover on April 3rd.
I personally have over a dozen tickets unassigned and even one from 4/3.
Everyone just standby and chill until they figure things out. No need
to expect steak when they are working with hamburger.
I just jumped on the AMPR portal and found only these choices:
IPIP Tunnel Mesh 44.63.0.0/16
BGP Direct Announce 44.32.0.0/16
Radio 44.61.0.0/16
Globally Unique 44.61.0.0/16
General Address 44.61.0.0/16
AREDN - contact AREDN directly
HAMNET - contact HAMNET directly in Europe
HAMWAN - contact HAMWAN directly
--
Charles J. Hargrove - N2NOV
NYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord.
NYC-ARECS/RACES Nets 441.100/136.5 PL
ARnewsline Broadcast Mon. @ 8:00PM
NYC-ARECS Weekly Net Mon. @ 8:30PM
http://www.nyc-arecs.org
NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM
on 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32
"Information is the oxygen of the modern age. It seeps through the walls
topped
by barbed wire, it wafts across the electrified borders." - Ronald Reagan
"The more corrupt the state, the more it legislates." - Tacitus
"Molann an obair an fear" - Irish Saying
(The work praises the man.)
"No matter how big and powerful government gets, and the many services it
provides, it can never take the place of volunteers." - Ronald Reagan