The amprgw router is now periodically preparing a report of the bad
packets that it discards. You can retrieve a copy of this report right
next to the statistics report: <https://gw.ampr.org/private/pkterrors.txt>.
You'll need the same userid and password as for the stats.txt file
(same as the one you use to fetch the encap file from the portal.)
It's in gateway and source address order to make finding your own gateway
and host in the listing somewhat easier.
Current plan is to update the report every 15 minutes, and restart the
tally at midnight Pacific time.
Here are the first few lines (there are currently about 2,300).
Let me know if you have any problems or questions with this.
- Brian
Last update at Wed May 3 15:45:00 2017
gateway inner src #errs indx error type
---------------- ---------------- ----- ---- -------------------------------
2.84.96.101 44.154.0.1 9 [ 8] dropped: encap to encap
2.84.96.101 44.154.2.1 3 [ 8] dropped: encap to encap
2.84.96.101 44.154.3.1 3 [ 8] dropped: encap to encap
2.84.96.101 44.154.4.1 4 [ 8] dropped: encap to encap
2.84.96.101 44.165.2.3 106 [ 8] dropped: encap to encap
18.96.0.110 44.44.7.225 6 [ 8] dropped: encap to encap
18.96.0.110 44.44.7.232 8 [ 8] dropped: encap to encap
23.30.150.141 23.30.150.141 1326 [19] dropped: non-44 inner source address
All,
I was wondering if anyone is using pfSense as their gateway's router OS.
If so, have you been successful at compiling a running version of
ampr-ripd for it?
I'm very interested in pfSense's intrusion detection and prevention
using Snort. I may be willing to test a Gateway if someone has used a
compatible version of ampr-ripd (FreeBSD 10.3 64-bit).
Also, I've asked the LEDE developers to consider adding a blocking
feature to the Snort package available on the device
(https://bugs.lede-project.org/index.php?do=details&task_id=772).
73,
- Lynwood
KB3VWG
Is there any place that i can grab image for raspberry pi that will allow the following
1) ipip
2) option for TNC software with Net/ROM support and TCP/IP If there is Jnos its better for me as i know it from the past (to allow users from radio to gain access)
3) MMDVM support (to allow connect a DMR repeater based on MMDVM and Arduino)
I currently have a working set consist of PI and MMDVM software connected to the arduino running on the AMPRNET
but the Pi dont support IPIP
Is it more easy just to add the IPIP support for my Image ? (please dont tel me "get this and this and compile" as I dont know to compile But if it is only to install something with simple command i can do it )
any help / recommendation is welcome
Regards
Ronen/4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Brian,
Since you are using Apache perhaps you can enable more client details
in your log verbosity by changing your LogFormat from the default settings to
the combinedio settings which will include more information about the client
software that is connecting to your web server.
Such details as these can be shown if you increase your LogFormat:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"
combinedio
CustomLog "logs/access_log" combinedio
Client Agent (small sample)
"Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0"
"Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy
connection)"
"Googlebot/2.1 (+http://www.google.com/bot.html)"
"Mozilla/5.0 (compatible; Googlebot/2.1;
+http://www.google.com/bot.html)"
"Mozilla/5.0 (compatible; Baiduspider/2.0;
+http://www.baidu.com/search/spider.html)"
"Mozilla/5.0 (compatible; MojeekBot/0.6;
+https://www.mojeek.com/bot.html)"
Tim Osburn
W7RSZ / JG1MBR
https://www.osburn.com
On Mon, 8 May 2017, Brian Kantor wrote:
> Date: Mon, 8 May 2017 23:27:14 -0700
> From: Brian Kantor <Brian(a)UCSD.Edu>
> Reply-To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
> To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
> Subject: Re: [44net] gateway errors detail available
>
> (Please trim inclusions from previous messages)
> _______________________________________________
> Yes, the host 'hamradio.ucsd.edu' where the mailing list is hosted
> also archives all messages and makes them available via the web.
>
> It's amusing: despite not being real, from the following Apache
> log entries, no-such-file has been a popular target this evening:
>
> gw.ampr.org-ssl 70.39.157.194 - - [08/May/2017:17:56:38 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
> gw.ampr.org-ssl 66.85.73.59 - - [08/May/2017:17:58:59 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
> gw.ampr.org-ssl 220.233.167.221 - - [08/May/2017:17:59:43 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
> gw.ampr.org-ssl 4.79.123.0 - - [08/May/2017:18:09:35 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
> gw.ampr.org-ssl 68.40.58.30 - - [08/May/2017:18:56:26 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
> gw.ampr.org-ssl 4.79.123.0 - - [08/May/2017:21:42:57 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
> gw.ampr.org-ssl 165.225.80.161 - - [08/May/2017:21:48:27 -0700] "GET
> /private/no-such-file.txt HTTP/1.1" 401 381
>
> The first one above was logged just 19 seconds after I posted the message
> to the list. The others came later; they could be humans. Note that
> none of them logged in; they just tried to fetch the file and went
> away. Oh, I'm not concerned, I just was a bit surprised. And curious.
> - Brian
>
> On Tue, May 09, 2017 at 04:42:26AM +0000, Ruben ON3RVH wrote:
> > Is the content of the list posted on a website? Like for archiving
> > purposes?
> > Otherwise someone might have a mailbox from the list configured with a
> > scraper..
> > Can you see which is the source IP for the requests? Maybe this can lead
> > you to the correct person..
> > 73,
> > Ruben - ON3RVH
> _________________________________________
> 44Net mailing list
> 44Net(a)hamradio.ucsd.edu
> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
I'm not sure I made this clear: with the change from my homegrown
format to PCAP, the file names changed from <address>.bin to
<address>.pcap. So you'd fetch
https://gw.ampr.org/private/errors/62.147.189.164.pcap
for example.
- Brian
Hi,
I added a gateway to one of my servers and set up a packet capture
system on it. It is running a webserver inside a container with the
relevant gateway configuration. The prefix is using the "BGP routed
subnets" configuration whereby the gateway is inside the prefix, but
using a /31.
https://u4477715.ct.sendgrid.net/wf/click?upn=Ki4chJONuNfM0VomxEE-2BoZH6yGO…
It should auto-detect the client IP and captures all packets to/from
that address. If the client IP is within 44/8 then it will check the
routing table for a gateway and if so include that IP as well. I am
not sure if there would be concerns with allowing the user to type an
IP address to capture to/from, given that it's a non-production
gateway.
I have the subnet 44.131.14.252/31 registered on the portal with a
gateway address of 44.131.14.253. 252 should send encapsulated packets
and 253 should send directly. Both addresses are on the same host.
I have removed my previous route for 44.131.14.0/24 because nested
gateways don't work properly. I have tested to several destinations
and it seems to work, but if anyone finds something I've missed let me
know!
If it works properly and is useful then a hostname under ampr.org
might be more appropriate, but for now I’m just using a hostname under
my domain.
Thanks,
Mike, M6XCV
Hi there
Is there a simple way to know when new encap file created ? beside downloading the file itself and looking on the file header ?
My ISP replace my IP an hour ago and i still dont have connection ..
in the portal there is no time stamp when looking on the gateways list when the new update made ....
Im using DYNDNS method and the portal still show my old IP of course that the DYNDNS new ip is already updated
Of course i can edit it by hand in the portal but that is not the intention
Regards
Ronen - 4Z4ZQ
With all the probes going on to various AMPRNet hosts, it might
be wise for you to configure your hosts to NOT reply when an attempt
is made to access a port on which nothing is listening. Ordinarily,
a host system will reply with a TCP reset or a UDP port unreachable,
and this contributes to the outbound traffic from your host. There
are probably 'blackhole' options you can set. On FreeBSD, they are
sysctl net.inet.tcp.blackhole=2
sysctl net.inet.udp.blackhole=1
I don't know if Linux has similar options. I rather assume it does.
Note that the latter option may break traceroutes to your system.
It's probably also wise to limit the number of replies to pings so
that rabid pingers won't pollute your outbound connection.
sysctl net.inet.icmp.icmplim=5
Which limits replies to 5 per second, down from 1000 default.
In the Linux kernel, there is what seems to be a similar option:
sysctl net.ipv4.icmp_ratelimit=5
Perhaps someone can confirm that this is correct.
- Brian
After fighting with my system off and on for months I'm finally on
AMPRNET but I'm not sure If I'm on the mesh yet. I can get to google
and it looks like anywhere on the Internet and can get to my cox email
using the thunderbird email client from my workstation.
I think I had problems in the past because I had a pre-existing strong
iptables firewall and I tried to adapt the Linux configuration on the
wiki to the existing strong firewall. Yesterday I decided to start from
scratch and build using the Linux gateway instructions on the wiki. I
had it working but it seems it failed after I restarted the gateway, I
had no connectivity from my gateway to any of my local systems after the
reboot. Today I rebuilt from scratch again and it seems to be working
except it seems I can't get to anything in the 44/8 network except my
own IP block.
I've installed the latest ampr_ripd available as of today but need to
know how to tell if it's adding routes into the routing table.
My current setup is a Linux router, three Raspberry Pi and a Linux
Desktop that serves as my workstation (Yesterday it was a headless
Raspberry Pi).
Tests I've done:
1. A query on Google for "What's my IP address". I got back 44.98.63.3
(my workstation) proving I'm going through the AMPR gateway. When I
attempt to connect to some of the services linked from the wiki such as
http://n1uro.ampr.org/do.shtml and http://whatismyip.ampr.org I don't
get responses back. So my first question is how do I test to see if I
have mesh routing up to the rest of the 44Net?
2. I need to learn how to set up iptables to only accept ipencap packets
from AMPR gateways. I suspect it requires using ipset which I've used
in the past for dropping traffic from systems trying to crack into my
router which leads me to my second question. Is there anyone out there
willing to show sample code how to allow ipencap traffic only from AMPR
gateways?
3. Last night before I restarted and lost ability to use my workstation
(remotely, I have not figured out why it failed yet) I was able to log
on to my VPS at Linode from my ISP provided space and then SSH into my
workstation on my 44/8 address through the tunnel... At the time the
workstation was the headless Raspberry Pi, this worked perfectly. I also
notice my google traffic uses HTTPS and my email client is using port
465 and 993... all of these are encrypted. My third question: I know
they aren't allowed over the air, so how do we account for/deal with
software that insists on using encrypted protocols? Is SSH allowed for
remotely maintaining our nodes?
4. A couple of weeks ago, I ordered and received the parts to build a
Stratum 1 Time server that I intend to make publicly available to the
44Net as a service to the 44Net community. Once I get it online and the
security in place to prevent nefarious activity, How do I announce it?
I intend to have a web server, a time server, a DNS server and an NNTP
server online as well as a local packet node and a tunnel to the AREDN
and possibly a link to the HAMWAN out of Tampa if they'll allow me to
link to them. I'm open to suggestions on proper operating procedure.
--
Tom Cardinal/MSgt USAF (Ret)/BSCS/CASP, Security+ ce
Hi,
This might be an academic question in practice, but what is the
correct configuration for sending towards a BGP routed subnet, or for
2 subnets communicating with each other?
44.131.14.252 is behind 44.131.14.253
44.130.121.1 is behind 44.130.121.2
This is the current behaviour. For the purposes of testing, packets
sourced from 252 were encapsulated and 253 were unencapsulated.
https://u4477715.ct.sendgrid.net/wf/click?upn=MJaTQVDJZogYIZySndf7y-2BCWLgZ…
.1 sends directly to .252 and .253.
.2 sends encapsulated to .252 and directly to .253.
I would say packets to 1 or 252 should be encapsulated. I don't know
if there is any point adding an extra header to something addressed to
the gateway.
Thanks,
Mike, M6XCV
