44net

44net@mailman.ampr.org

1 participants
3194 discussions

block allocation
by Pierre-Philippe F4MZI 15 Jun '16

15 Jun '16

Hi there, I actually have a /32 IP. I plan to connect a few new machines to the network. So, I would need 3 or 4 new adresses. I went to the web page, the the network tab, and click on 44.0.0.0 / 8 <https://portal.ampr.org/networks.php?a=request&id=1> Global link. the smallest block that I can request through this link is a /24. but I don't need a /24, only a /29 how can I send my request directly from the web site ? thank you -- 73, Pierre-Philippe F4MZI

3 11

Re: [44net] block allocation
by Rob Janssen 15 Jun '16

15 Jun '16

> Subject: > Re: [44net] block allocation > From: > "Bill Buhler - AF7SJ" <af7sj(a)buhlerfamily.org> > Date: > 06/15/2016 06:47 PM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > > Sorry if I'm unclear, so what I'm envisioning is setting up tunnels to the > other participants of the 44 net who aren't directly internet routed and > using RIP advertisement for them. Then traffic between me and them can > bypass the main AMPR 44 net router, reducing latency and reducing bandwidth > requirements at the root node. > > In other words, if anyone on my subnets access the internet it would route > through our BGP connected uplink. If they were communicating with another > subnet on the AMPRNet it would tunnel directly to them. > > What do you think? > > Bill Buhler > AF7SJ > Indeed that is how we route here as well. Please don't remove that from the Portal! Rob

1 0

Re: [44net] Help MBOX flood
by lleachii＠aol.com 15 Jun '16

15 Jun '16

Pedro, I use the following iptables rules on my router (this will work for any console-based connection using TCP): # DROPS MULTIPLE SSH CONNECTIONS FROM SAME IP iptables -t filter -I FORWARD -p tcp --syn --dport 22 -i tunl0 -m connlimit --connlimit-above 5 -j DROP # DROPS MULTIPLE SSH ATTEMPTS FROM SAME IP WITHIN FIVE MINUTES iptables -t filter -I FORWARD -p tcp --dport 22 -i tunl0 -m state --state NEW -m recent --name sshconnect --update --seconds 300 --hitcount 5 -j DROP iptables -t filter -I FORWARD -p tcp --dport 22 -i tunl0 -m state --state NEW -m recent --name sshconnect --set The first rule drops any connections greater then five. The last two rules mark and drop more than five attempts from the same IP, for a period of five minutes. You may wish to increase the time frame. I've also added rules to block IPs that attempt to connect (or portscan) on certain TCP and UDP ports (3389/tcp, 123/udp and 161/udp are common, for example) for which I not post services as available to the AMPR Community or the Public Internet connection. In essence, even if an unauthorized person discovered the the port without being firewalled by the portscan rule, they only get 5 chances, with up to 5 concurrent connections at any given 5 minute interval (the amount of attempts vary by implementation of server and client; but once portscanned or disconnected from a given series of attempts, it counts at one connection). Each reattempt after 5, restarts the 5 minute clock. I also block Bogon IP addresses from entering tunl0: # DROPS BOGONS ENTERING AMPRNet # SEE http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt iptables -t raw -I PREROUTING -s 0.0.0.0/8 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 10.0.0.0/8 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 100.64.0.0/10 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 127.0.0.0/8 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 169.254.0.0/16 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 172.16.0.0/12 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 192.0.0.0/24 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 192.0.2.0/24 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 192.168.0.0/16 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 198.18.0.0/15 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 198.51.100.0/24 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 203.0.113.0/24 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 224.0.0.0/4 -i tunl0 -j DROP iptables -t raw -I PREROUTING -s 240.0.0.0/4 -i tunl0 -j DROP I should note that in addition to this, console-based connections that I use for administration only are moved to non-standard ports. So I added another layer of protection with Security Through Obscurity (hence a portscan rule). 73, Lynwood KB3VWG

3 4

Re: [44net] Help MBOX flood
by William Lewis 13 Jun '16

13 Jun '16

Pedro: I use Fail2Ban as well, and created my own Jail to help with this. First, you will need to created jail. In the Fail2Ban directory "filter.d" create a new text file called "jnos.conf" In the file called "jnos.conf" place the following text. _____________________________________ # Fail2Ban configuration file # # Author: Wm Lewis - KG6BAJ # # $Revision$ # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # # # # # failregex = ^.* <HOST>:.*bad login.*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # # ignoreregex = ___________________________________ Next, after creating this file, in the main Fail2Ban directory, add the following to your "jail.local" file. ______________________________ # # Custom Made Bans # [jnos] enabled = true port = anyport filter = jnos logpath = /jnos/logs/nos.log banaction = shorewall action = %(action_mwl)s maxretry = 2 ______________________________ *** Note #1 : Your BANACTION may be different, depending on what your box is using as a default ban method. Look at some of the other jail entries, ( like [postfix] ). You may need to change the BANACTION to match the others. If your other jails are working with Fail2Bans default settings, you could comment out the "banaction = shorewall" with a hash so it reads "#banaction = shorewall" Obviously I use shorewall for my firewall. Your system may be using something else. Note #2 : Your path to your jnos log file may have to be tweaked to something like "/jnos/logs/filename.extension" I am using a version of jnos where I can specify that jnos logs are called "nos.log" and rotated every 24 hours. Your jnos may be custom built to call the logs something else. After you've install the "jnos.conf" jail file, and added the jnos jail settings, then restart Fail2Ban. Assuming you've made any appropriate directory tweaks needed to what I supplied, and assuming you've also adjusted your "jail.local" files email address to be your own, you should start getting emails telling you when Fail2Ban bans an IP address from the jnos logs for a bad login attempt. Note, I put MAXRETRY = 2. This tells the jail to allow 2 bad login tries, and then ban on the third bad attempt. Hope this helps. I currently show over 1300 banned IP addresses from jnos using this method. 73 Bill Lewis / KG6BAJ At 11:39 AM 6/12/2016, you wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >Hello, > >Since last months my JNOS MBOX is being attacked: > >15:24:59 94.53.236.39:55248 - MBOX (supervisor) bad login >15:25:07 113.162.86.77:35247 - MBOX (support) bad login >15:25:09 190.140.17.22:53348 - MBOX (root) bad login >15:25:14 92.27.102.224:38887 - MBOX (support) bad login >15:25:14 114.109.125.48:42069 - MBOX (administrator) bad login >15:25:35 190.140.17.22:54146 - MBOX (root) bad login >15:25:50 92.27.102.224:40191 - MBOX (support) bad login >15:26:33 182.184.71.162:41259 - MBOX (root) bad login >15:26:49 182.184.71.162:41259 - MBOX (sh) bad login >15:26:50 89.22.213.165:33979 - MBOX (root) bad login >15:27:52 89.22.213.165:34979 - MBOX (root) bad login > >None of the users tried have granted permit. > >Installed fail2ban but not avail. >Attacking IPs change continuosly, routing to loopback no help >Due heavy load jnos eventually hangs. > >Is it there any way/suggestion to stop this ? > >Appreciate any help. >73, lu7abf, Pedro Converso >44.153.0.1 or conversoft.com.ar >pconver(a)gmail.com >_________________________________________ >44Net mailing list >44Net(a)hamradio.ucsd.edu >http://hamradio.ucsd.edu/mailman/listinfo/44net --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

1 0

Help MBOX flood
by Pedro Converso 13 Jun '16

13 Jun '16

Hello, Since last months my JNOS MBOX is being attacked: 15:24:59 94.53.236.39:55248 - MBOX (supervisor) bad login 15:25:07 113.162.86.77:35247 - MBOX (support) bad login 15:25:09 190.140.17.22:53348 - MBOX (root) bad login 15:25:14 92.27.102.224:38887 - MBOX (support) bad login 15:25:14 114.109.125.48:42069 - MBOX (administrator) bad login 15:25:35 190.140.17.22:54146 - MBOX (root) bad login 15:25:50 92.27.102.224:40191 - MBOX (support) bad login 15:26:33 182.184.71.162:41259 - MBOX (root) bad login 15:26:49 182.184.71.162:41259 - MBOX (sh) bad login 15:26:50 89.22.213.165:33979 - MBOX (root) bad login 15:27:52 89.22.213.165:34979 - MBOX (root) bad login None of the users tried have granted permit. Installed fail2ban but not avail. Attacking IPs change continuosly, routing to loopback no help Due heavy load jnos eventually hangs. Is it there any way/suggestion to stop this ? Appreciate any help. 73, lu7abf, Pedro Converso 44.153.0.1 or conversoft.com.ar pconver(a)gmail.com

4 3

Raspberry Pi 3 image
by Brian 12 Jun '16

12 Jun '16

I'm in the process of uploading an image of jessie for the RPI 3 to https://sourceforge.net/projects/uronode/files/?source=navbar If you wish to give it a go, that's where it'll be in approximately an hour from this post. It's made from the kit sold near the TAPR booth at this year's Hamvention at Dayton. You'll need to edit files in /etc/ax25, /etc/postfix, and the file /usr/local/bin/ax25 other than that it should be ready to go. I did notice the main repositories that came with it failed but an apt-get update fixed those issues. It was made using the uronode-pi.tgz script available in the tools section of the same sf.net site. -- <rhetorical> Why is it linux users can install and operate *any* version of M$ Windoze but the same can't be said in reverse?</rhetorical> 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

1 0

Banana Pi
by Brian 09 Jun '16

09 Jun '16

Greetings; Is it me or does the Jessie version of the Banana Pi OS fail to include kernel modules for the ax25 stack?.. and if so would a custom compile of the kernel work? Curious as if anyone else has gone through this one before. I know it's fine with the Raspberry Pi but I'm not that familiar with a Banana Pi. -- <rhetorical> Why is it linux users can install and operate *any* version of M$ Windoze but the same can't be said in reverse?</rhetorical> 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

3 4

Fwd: [Uronode] FCC serves Comcast
by Boudewijn (Bob) Tenty 08 Jun '16

08 Jun '16

Repeat (sorry about the formatting in my previous reposting) -------- Forwarded Message -------- Subject: [Uronode] FCC serves Comcast Date: Tue, 07 Jun 2016 13:19:12 -0400 From: Brian <n1uro(a)n1uro.ampr.org> Reply-To: n1uro(a)n1uro.ampr.org Organization: Amateur Radio Services To: uronode(a)tapr.org, eastnet(a)n1uro.ampr.org With regards to my dealings with Comcast and the faulty firmware installed in their CPE devices, the FCC has informed me that they've officially served Comcast with a direct order to resolve this problem or respond to the complaint within 30 days of receipt of the complaint. Since Comcast has admitted to me about their firmware bugs it'll be interesting to see how this is accomplished and if it's within their 30 day window. A copy of their communication is included below. " Your Ticket No. 950514 was served on Comcast Cable Communications on Jun 7 for its review and response. Comcast Cable Communications will likely contact you in an effort to resolve your issue. A response is due to the FCC no later than 30 days from today. Comcast Cable Communications will respond to you directly by postal mail. You can view a list of frequently asked questions at: https://consumercomplaints.fcc.gov/hc/en-us/articles/205082880. We appreciate your submission and help in furthering the FCC’s mission on behalf of consumers. This email is a service from FCC Complaints. Delivered by Zendesk [NKGKWV-K6P1] " This is somewhat positive news for us on the amprnet. -- <rhetorical> Why is it linux users can install and operate *any* version of M$ Windoze but the same can't be said in reverse?</rhetorical> 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

1 0

Fwd: [Uronode] FCC serves Comcast
by Boudewijn (Bob) Tenty 08 Jun '16

08 Jun '16

I repost this from the UroNode list with permission from the author. -------- Forwarded Message -------- Subject: [Uronode] FCC serves Comcast Date: Tue, 07 Jun 2016 13:19:12 -0400 From: Brian <n1uro(a)n1uro.ampr.org> n1uro(a)n1uro.ampr.org With regards to my dealings with Comcast and the faulty firmware installed in their CPE devices, the FCC has informed me that they've officially served Comcast with a direct order to resolve this problem or respond to the complaint within 30 days of receipt of the complaint. Since Comcast has admitted to me about their firmware bugs it'll be interesting to see how this is accomplished and if it's within their 30 day window. A copy of their communication is included below. " Your Ticket No. 950514 was served on Comcast Cable Communications on Jun 7 for its review and response. Comcast Cable Communications will likely contact you in an effort to resolve your issue. A response is due to the FCC no later than 30 days from today. Comcast Cable Communications will respond to you directly by postal mail. You can view a list of frequently asked questions at: https://consumercomplaints.fcc.gov/hc/en-us/articles/205082880. We appreciate your submission and help in furthering the FCC’s mission on behalf of consumers. This email is a service from FCC Complaints. Delivered by Zendesk [NKGKWV-K6P1] " This is somewhat positive news for us on the amprnet. -- <rhetorical> Why is it linux users can install and operate *any* version of M$ Windoze but the same can't be said in reverse?</rhetorical> 73 de Brian - N1URO email: (see above) Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode http://uronode.sourceforge.net http://axmail.sourceforge.net AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

1 0

Re: [44net] Unable to Receive rip44 Datagram
by Rob Janssen 07 Jun '16

07 Jun '16

> On Tue, 2016-06-07 at 13:25 -0400, James Sharp wrote: > >/I haven't run in to 443 "filtering", but I have run into instances where /> >/the ISP will drop TCP connections that are active for more than a few /> >/minutes, forcing openvpn to restart the connection. / > Chances are your issue is the same as mine was. The CPE (router) has a > built in watchdog timer that cuts all sockets after a few minutes. Using > port 443 wouldn't make any difference. To the average web user this > isn't an issue because each time a page is opened/refreshed a new socket > is created, thus a new timer engages. The same may be said for services > such as pop3/smtp/etc. where you're engaging a new socket each time you > pop or send email. As long as the attachments aren't that big where you > may exceed the watchdog's timer you'll never notice this. So you can never download a file that takes more than a few minutes to complete? Terrible! Now I understand why some companies try to enforce a "download manager" to download a file of a measly 30 MB. So I can continue where I left off, yeah sure. Well it is clear that everyone should devise their own solution for tunneling and we should not change the global system to cater for limits that certain users encounter. There will always be a more severe limitation found by someone. It is better to solve these issues locally, where you have fellow users (victims) that can understand what is and what isn't possible. Colocated (virtual) servers with small storage capacity are very cheap today. Usually they are the entry level of server location, the hoster advertises their $3.99/mo server and knows that "everyone" will upgrade to more storage and pay a lot extra. But for a gateway these are perfectly usable, you can perfectly run it with 512MB RAM and 8GB disk. Put it in the IPIP mesh with the usual tunl0 and ampr-ripd, and then everyone in the area can make their VPN connection to there. Without NAT problems, and working round nasty ISPs. (you can make a VPN over almost anything if you wish) Rob

2 1

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net