Hi group
Now when the mikrotik have a connections sessions screen i see about 150 (yesterday night it was 1200) UDP Port 53 (DNS)sessions coming from about 15 different sites each site have about 10 sessions
total bandwidth it consume is 500 KB/s
What is it ? why a site have to do 10 times DNS queries (or maybe it is a UDP session to port 53 but not a DNS query ) to my host where even no DNS server exist ?
Is there anyone that can tell me the exact command to block it ? i have tried with the web interface to add a firewall rule but nothing happen it looks like im not giving the right rule
Thanks Forward
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
I'm on FiOS (was Verizon now Frontier Comm.) and I'm considering
buying a Pi for ampr.org connection. I'm pretty much stuck with the
Verizon Actiontec MI424WR on the WAN due to ISP requirements and I'm
wondering how it might be best to place the Pi on the LAN. Should it
be in the DMZ or should it stay behind NAT?
Feel free to email me off list if this is OT.
--
Geoff Joy - ke6qh -
AmprNet IP Address Coordinator for San Bernardino & Riverside Counties.
(44.18/16)
Many of the Linux based routers do allow you to add non-standard rules. It
surprised me that the current ASUS family of consumer routers allowed me to
configure a porthole for IPIP without having to use the CLI.
Assi
-----Original Message-----
From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On
Behalf Of Brian Kantor
Sent: Tuesday, April 05, 2016 11:11 AM
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] ISP Router and Pi Cohabitation
(Please trim inclusions from previous messages)
_______________________________________________
On Tue, Apr 05, 2016 at 11:05:38AM -0700, Geoff Joy -KE6QH- wrote:
> I'm on FiOS (was Verizon now Frontier Comm.) and I'm considering
> buying a Pi for ampr.org connection. I'm pretty much stuck with the
> Verizon Actiontec MI424WR on the WAN due to ISP requirements and I'm
> wondering how it might be best to place the Pi on the LAN. Should it
> be in the DMZ or should it stay behind NAT?
I'm not familiar with that particular router, but most residential routers
don't have a provision for allowing the IPIP protocol through the NAT so you
pretty much have to use the DMZ for AMPRNet tunneling.
- Brian
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
Step one would be to create an interactive script that asks some basic
questions like your ampr address allocation and sets up the routes and
rules. I have been meaning to do this. Sadly winter is pretty much
over.
I documented the way I did it in pretty good detail:
http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html
Of course there is more than one way to skin a cat. You don't have to
add a USB Nic, you could use a VLAN capable switch for example. That
is always the rub, one size may not fit all.
I skipped explaining a basic firewall, as I think its a bitch much for
most people already, and is documented elsewhere. The best info I had
at the time was LX1DUC's info, but I wanted to take explaining certain
things a bit more that I initially thought weren't the most clear.
http://marc.storck.lu/blog/2013/08/howto-setup-an-amprnet-gateway-on-linux/http://marc.storck.lu/blog/2013/08/basic-paranoid-iptables-firewall-for-an-…
I have found everyone in any aspect of the hobby has a different level
of understanding. Writing a disk image to a SD card might be a first
timer for someone for example. Then you need to explain that.
A good start would be for more people to share details on their gateway setup.
>Maybe this is a good opportunity for someone to create a basic distribution
>that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and
>ship well or someone can write the image directly on them. Maybe if it's
>packaged, profits could be sent to Brian for gateway maintenance/growth.
For those of you running Linux, Iptables + Fail2ban work very well against
port exploit and brute force attempts.
Obviously, it also helps using a mainstream distribution with active
maintenance.
Assi kk7kx.
-----Original Message-----
From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On
Behalf Of Geoff Joy -KE6QH-
Sent: Tuesday, April 05, 2016 8:20 AM
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] strange login attempts to AMPR Hosts
Probes of IP addresses are VERY common. T
...snip..
Geoff Joy - ke6qh -
AmprNet IP Address Coordinator for San Bernardino & Riverside Counties.
(44.18/16)
Hi group
The mikrotik router log show me every half minute a telnet and SSH login attempt it last for hours
the strange thing is that the IP it is using was not active in the AMR DNS up to yesterday and right after i have add it to the DNS and connected the router the login attempt tried
I have traced two off the breakers and one is in Poland and other is in China
Is it common that someone try to brake our network hosts ? do you see such things at your hosts too ?
how someone discover so quick about an active host in a Whole class A network ?
What is your solution \ reaction for such a brake attempts ??
Thanks for every clarifications
Regards
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Hi there
I got few hours ago Mikrotik router
I must say it look impressive from the web interface it have
I have some questions
May anyone send me the commands needed to make an IPIP tunnel (lets start with IPIP Tunnel to the UCSD Router)
and if any route command needed to be add please write it to me as well
Im new to the mikrotik routers but they look very professional certainly comparing the TP-link stuff
2) can a interface of the microtik (say the lan port) have two ip addresses (like the Cisco Router do with the command : ip address a.b.c.d 1.2.3.4 (subnet) secondary ) ?
3) The router lan port have no default gateway and therefore if i connect the router lan (which is also connected to the wifi part of it)
Is there any way to connect the router lan port to the net and have it to be able to get a default gateway ?
Thanks For any help
Regards
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
> The best for now is to give up, and use some Linux device (like
> Raspberry Pi) to set 44networking.
We've been telling him that for weeks now...
Of course, now he has a MikroTik router which is much more flexible than the average router.
These things (as tiny as they are) can run a virtual machine! (the feature called Metarouter)
It may be possible to run a small virtual machine with Linux on it, that either does the
tunnel and RIP processing, or is running the script to re-configure the main router all the
time to add/remove the tunnels.
That way it may be possible to get it working even on this low-end router, with the advantage
that it has multiple ethernet ports and even WiFi.
It would actually be nice to have a solution for the appliance operator to get an IPIP tunnel,
although there of course are many challenges to overcome.
I should find time to play with the Metarouter running plain Linux...
Rob
> I can set it up to run with
> cron so that it emails you the list of commands needed to update it
> every hour. After a few hours of this, you may understand why it is
> provided as an automatic script!
This is why a Linux system (e.g. Raspberry Pi) running ampr-ripd is so much easier!
Did you ever try to run Linux under Metarouter and run ampr-ripd on that?
I think an OpenWRT image is available that could be stripped down to a bare Linux
system that could handle the tunnel routing as a Metarouter on certain types of MikroTik.
(RB750, RB2011 etc)
Of course Ronen will not be able to figure that out himself, but maybe he could run it
when a ready-made image is available for download. I have not yet tried Metarouter
myself, always enough things to do :-)
Rob
Lately I have a lot of domain response traffic from china, probably a dns amplification attack targeting the host 42.202.148.15.
The used address which gets that traffic is mainly 44.182.20.27. Other hosts of this subnet also receive traffic via the ucsd tunnel (44.182.20.*, 44.182.230.*).
These addresses have no registered host name and thus should be dropped by the gateway, but this is not happening.
Anyone knows an explanation or is it a gateway bug?
Marius, YO2LOJ
