> - The only tcp/53 I have open is AMPR DNS (most connections are coming from 104.236.176.72)
Those are on my list of scanners/blackhats. The name "stretchoid.com" is already indicative of what they do.
However, as Brian Kantor also wrote, it is a really bad idea to run a DNS server on an internet-facing interface.
Keep it accessible only from the amprnet side.
Rob
All,
I looked at my router's system log and noticed two interesting messages:
> [ 272.794578] conntrack: generic helper won't handle protocol 47.
> Please consider loading the specific helper module.
> [367924.542265] TCP: request_sock_TCP: Possible SYN flooding on port
> 53. Sending cookies. Check SNMP counters.
I realized I'm currently under a "small" attack. About 2 p.p.s. are
causing my SYN_Flood rules to hit. What's interesting is:
- I don't run any GRE tunnels (most of the Protocol 47 packets are
coming from China)
- The only tcp/53 I have open is AMPR DNS (most connections are coming
from 104.236.176.72)
Does anyone currently use tcp AXFR to copy 44.IN-ADDR.ARPA. or AMPR.ORG.
from me?
73,
- Lynwood
KB3VWG
The National Science Foundation and Mozilla are sponsoring an
initiative to bypass the wired web to bring additional people
online and to provide survivability in times of disaster.
Sound familiar? Seems we're already doing some of that; perhaps
some of us should apply for some of the grant money to spice things up.
> https://blog.mozilla.org/blog/2017/06/21/2-million-prize-decentralize-web-a…
- Brian
Decentralize the web is indeed what we have always been doing. Probably because we started in the
times when the internet was still very decentralized and all communication was peer-to-peer.
Lately, internet has been transformed into a client-server network much like the telephone BBS world
was in those days: there are users, they connect to some server where all they want to have can be
found and stored.
This is also a reason why IPv6 has not really taken off. The design principle behind IPv6, to have enough
addresses to assign one to every device and have all of those devices communicate peer-to-peer, has
largely been abandoned on the internet. There is no reason anymore to have a different address for
every device.
In fact, now that we have the AMPRnet coming alive again here, many of the users are so accustomed
to this way of working that they implement it on their ham network as well: everything NATted behind a
single IP address. Even though they can just apply for a subnet large enough for their shack.
Maybe we should invest in explaining the difference between our network and the internet as it is used
today, and how this change on internet came about. It could help people think different.
Rob
> I don't think this would be wise because then the DDoS'ers would
> be targeting the 44-net address as well, thus impacting that router.
> - Brian
Is it now running on a machine at home on some private DSL line? (as the whois for the IP suggests)
In that case it should be possible to make it a little more resistant against this kind of malevolents...
(not that I volunteer to host it on our internet connection, we have DDoS experience as well...)
Is there any indication who is behind this? Is there any activity on that system that could grief
someone or some group? Any message telling what has to be stopped or done?
Rob
Probably more denial of service stuff going on.
I know www.ampr.org and portal.ampr.org are not on 44net space, but I
wonder if there would be a possible advantage to being accessible both
from the normal internet and via a private 44 route. In DDoS cases
maybe things could be as normal for connects within the network?
That is the same thought I had to the login required for the
gw.ampr.org stats. Maybe their could be no login required within the
network to view?
Just some thinking out loud.
Is www.ampr.org<http://www.ampr.org> working ?
Is it accessible from NON 44 IP
if answers are Yes to all I cant contact it
Ronen - 4Z4ZQ
Amateur Radio Digital Communications | Managing the ...<http://www.ampr.org/>
www.ampr.org
Looking for technical information or how to get a subnet allocation? Be sure to visit our WIKI, and interact with us on the Portal. You may join our discussion ...
Hi All.
Apologies for sending this to the list, but I've discovered I haven't
got valid email addresses for everyone that connects to my system.
After switching from ADSL to the Australian national broadband network
the IP address my system was allocated for the last 10 years had to
change: For those who may have been connecting to FBB or AXIP/UDP
directly to my commercial IP address, please change your configuration
From: 203.59.134.49
To: 203.59.7.248
The IPIP gateway IP has already been changed and
vk6hgr.ampr.org/44.136.204.77 should be reachable.
73, Gavin
--
Gavin Rogers | Amateur radio station VK6HGR
http://www.livingwaters.com/good | http://vk6hgr.ampr.org/
MSN/Skype/Email: grogers(a)vk6hgr.echidna.id.au
