44net

44net@mailman.ampr.org

3194 discussions

Portscanning
by Rob Janssen 03 Aug '17

03 Aug '17

I notice extensive portscanning/vulnerability searching from IP address 44.26.108.60 It has reverse katagiri.desu.ne.jp which also matches with its forward. (kind of strange, as it is no ampr.org name and .jp has 44.129.0.0/16) Does anyone have an idea what is going on here? Rob

3 2

Re: [44net] I gave a talk tonight.
by Steve L 28 Jul '17

28 Jul '17

Brian I wish everyone took your stance on the rules that you talk about at roughly 41:46. That is pretty much how I do things myself. I agree 100 % on the arm chair lawyer thing not being productive and all it does is discourage experimentation and potential new folks. > https://www.youtube.com/watch?v=8EdDtLRgH7k&feature=youtu.be&t=1108 Its a good video overview of a well setup network. I plan to show it at a club meeting. Steve, KB9MWR

1 0

I gave a talk tonight.
by Tom Cardinal 28 Jul '17

28 Jul '17

I gave a talk tonight at one of our local clubs to see if any other local amateurs are interested in AMPRnet. I tried to stay out of the weeds to just give a general overview and did not present any slides. I did use slides as note cards on my iPad to keep from straying that I have now placed on my AMPR web server (n2xu.ampr.org) for the folks in attendance that might be more interested. There were about 20 or so folks in attendance and I think there are 3 or 4 that are interested. I will be doing another talk at the club where I was once President here in Fort Walton Beach and then for the folks that are more interested I will present another more in the weeds presentation at some point in the future. I'm big on trying to get 44net here on RF (slow 1200 or broadband at 5.8 GHz) down here and need others that are local in order to do so. I might be leveraging expertise here as I try to grow interest... so please bear with me and any new folks I bring aboard. With all that said, is there anyone out there performing intermediate routing... what I mean is anyone running a tunneled gateway and performing routing for other subnets over RF. I may request a second but separate allocation to experiment in that realm... I'd like to learn how to do that. I think it's a natural expansion for times when network connectivity goes out for an area where we can act as an RF gateway between the RF and the tunneled AMPRNet. My eventual goal is I'd like to bring the HAMWAN to the Florida panhandle... I think these are all baby steps to get there. Input, advice ideas and criticism are all welcome. -- Tom Cardinal/N2XU/MSgt USAF (Ret)/BSCS/CASP, Security+ ce

7 8

Re: [44net] I gave a talk tonight.
by Steve L 28 Jul '17

28 Jul '17

The main problem if you ask me is this the over the air baudrate/bandwidth rules. These prevent anything at truly usable speeds on non-microwave bands. Has anyone heard anything on that plan to do away with the baud rate part that was proposed to the FCC in 2013? (Would have been nice to see 200 KHz wide on 70cm) Steve, KB9MWR -----Original Message----- > >I presume you mean routing other subnets over amateur radio frequencies. > >We used to do that. But there are two main problems with it here in the US. > >1) Encryption. More than half of websites are now encrypted and the percentage is growing every >day. E-mail encryption is also on the rise. And encryption is not allowed over US amateur >frequencies. So amateur frequencies are fast becoming impractical/irrelevant for real-world, >mainstream network traffic. > >2) 3rd party-initiated traffic. Routing inbound e-mail, even if unencrypted, over an amateur >frequency is a violation of Part 97, according to the FCC enforcement bureau. At least it was when >I asked them about this a few years ago. That's because anyone anywhere could initiate a >transmission on an amateur frequency without a license simply by sending you an email. So we >allowed only outbound email from hams to traverse the amateur frequencies. Inbound email >stopped at the gateway. It wasn't very practical, but at least a message could go out. > >We later got internet connections at all of our hub sites. So we turned each of them into their own >gateways. Users can access the site over amateur frequencies to download their mail since the >ham initiates that connection. But we still have to filter out encrypted email. And we're using Part >15 frequencies between hub sites. I suppose we could still use 44.x addresses. But since a 44.x >subnet can only exist behind one gateway in AMPRnet routing, we didn't see much point in that >either. > >Not trying to be a bummer. But the FCC regulations really squash creativity and innovation. > >Michael >N6MEF

1 0

Re: [44net] eth0 VM incoming IPIP, RIP [no chksum], like dhcp mangle issue ???
by Rob Janssen 27 Jul '17

27 Jul '17

> 1. There is no socket option called that in FreeBSD. Amprgw is not Linux. I am aware of that. Sometimes those socket options have the same name, sometimes not. When looking this up I got the impression that it was added to Linux copying from BSD, but it appears to be not the case. In the Apple variant of BSD the same option exists but it is named differently. > 2. We're not using the kernel socket mechanism to construct the UDP packets Ok... well, it is possible to calculate the checksum of course but it is a bit tricky as it is not only a checksum of the actual packet but also of a "pseudo header" that is temporarily added in front of it... But again, it should not be required. The 0000 checksum indicates "no checksum" and it is valid. I think Maiko has a different issue, maybe the problem with multicast sockets? (try -r option to force raw mode) Rob

1 0

Re: [44net] eth0 VM incoming IPIP, RIP [no chksum], like dhcp mangle issue ???
by Rob Janssen 26 Jul '17

26 Jul '17

Maiko, I think you are chasing a red herring. It is true that the RIP broadcasts have no checksum, but that is unlikely to be the cause of any problem you may have. Checksums are optional in UDP, these packets don't have them (I can confirm that in a trace on my gateway), but that is not a reason not to process them. It could be argued that it would be better to send the packets with checksum, which could be accomplished using the |SO_NO_CHECK socket option. Rob |

2 1

eth0 VM incoming IPIP, RIP [no chksum], like dhcp mangle issue ???
by Maiko Langelaar 26 Jul '17

26 Jul '17

Good day, This is bizarre, I confirm IPIP is definitely coming to my linux (running as a VM) : Here is a tcpdump of the eth0 (direct internet side) : 22:27:35.447588 IP (tos 0x0, ttl 50, id 59965, offset 0, flags [none], proto IPIP (4), length 552) amprgw.ucsd.edu > XXXXXX.members.linode.com: IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 532) gw.ampr.org.router > rip2-routers.mcast.net.router: [no cksum] RIPv2, Response, length: 504, routes: 25 or less Simple Text Authentication data: XXXXXXXXX AFI IPv4, gw.ampr.org/32, tag 0x0004, metric: 1, next-hop: amprgw.ucsd.edu AFI IPv4, .... I'm using iptables PREROUTING to route protocol 4 (IPIP) to my JNOS over tun0, most of of the traffic is working very nicely, not worried about that. However, if you look closely, this RIP broadcast is showing [NO CKSUM] ! I read somewhere there is a similar issue with DHCP packets (to VM of all things), the end result is that these particular packets are then dropped and never make it to the tun0 link, so JNOS will never see these. I have run tcpdump on the tun0 interface, and sure enough not seeing these at all. I've tried variations of the following command to 'fill in the checksum' but no luck : iptables -t mangle <missing other arguments> -j CHECKSUM --checksum fill This is only affecting my RIP broadcasts encapsulated in IP (so far), my usual 44 ntwk traffic over the tun0 link and JNOS is working fine, checksums all correct, etc. Help :) Maiko / VE4KLM

1 0

ve4klm.ampr.org issues
by Maiko Langelaar 24 Jul '17

24 Jul '17

Thought maybe this is the place to let people know (as a courtesy I suppose). I recently lost my static IP address (my bridge radio died after 12+ years or so), looking at other solutions. So in the meantime my existing IP address as noted in the encap.txt and rip broadcasts will simply not respond to anything. No worries about it being used by other entities, it's an IP on 'our system' that no one else will ever use for a long time down the road. I don't want to delete my entry in the portal, so I will try to get some form of Dynamic DNS hostname in place as soon as possible, since I am now using a DSL service as a temporary internet connection. It might be a while, just saying. Thanks for your understanding. Maiko / VE4KLM

1 1

Lost my subnet...
by jerome schatten 19 Jul '17

19 Jul '17

Yesterday I lost all the folks I had links with… Today after much head scratching I decided to look at my gateway on the ampr portal. The gateway addy is 174.6.225.73 and the subnet I had WAS 44.135.172.0/29 My 44 addy is 44.135.172.128 So at the portal it says: 'network not found' I don’t find this block of four addresses in the available networks list to add it back in. Help please. Confused in Vancouver jerome - ve7ass

3 5

MikroTik Routers
by Marc Williams 18 Jul '17

18 Jul '17

Good afternoon all, Unfortunately I made little progress with my home setup due to the joys of work and real life demands.Anyway sob story aside I have a little spare time again so I am looking to get a MikroTik router ordered.So my question is do I need to adhere to a minimum spec? The memory and processor specs seem to very greatly. Thanks in advance. Marc (2W0PNT)

4 7

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net