Hi there
after entering to the DNS attack business (as the one who is attacked) i think of the following
Can an access list rule be done that will have rule per gateway subnet on the main AMPRNET ROUTER ?
I mean if I have a 44.138.1.x that i will be able to have rules for my subnet as i want ?
I ask it because the firewall rule i have added to the miKrotiK (thanks a lot to the ham who gave me the correct syntax) does the job but the tunnel to UCSD still flud with incoming DNS attack noise of about 500KB/s (of course that the router block them to pass through but if i could stop this attack before they even enter to the tunnel from UCSD to me)
NB i still dont understand what is the point standing behind UDP flood may someone explain me ?
I can understand telnet ftp ssh web attempt but not DNS flood may someone explain it to me ?
one more point I have talked with a friend of myn which his job include networking he have a Fixed IP connected to Cisco ASA Firewall and he doesn't see any DNS attacks in the logs he saw here and there SIP attempts (i see at the 44 Net here also some UDP sip but it is almost 0 comparing the DNS attack) so it look like the DNS is related more to the AMPRNET and not to regular internet
or maybe this is a coincidence
anyway it is something i havent seen on the AMPRNET network we had 20 years ago
Regards
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
> Subject:
> Re: [44net] How to config mikrotik router for IPIP (and more)
> From:
> Don Fanning <don(a)00100100.net>
> Date:
> 04/05/2016 04:54 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> Maybe this is a good opportunity for someone to create a basic distribution
> that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and
> ship well or someone can write the image directly on them. Maybe if it's
> packaged, profits could be sent to Brian for gateway maintenance/growth.
I think it would be a good idea to create something like that.
I have done images for another special-purpose Pi application, however in this case it
probably needs a little more work to create a nice "setup" program that allows the user
to enter the variable data and configures the Pi accordingly.
(after all, the instructions that are already on wiki.ampr.org apparently are not enough
to get people started, so providing an image and then tell them to edit config files and
scripts will probably fail the same way)
It is also clear that the default firewall should be OK, and users should be warned not to
install things like open telnet servers on or behind the router.
Rob
Hi group
Now when the mikrotik have a connections sessions screen i see about 150 (yesterday night it was 1200) UDP Port 53 (DNS)sessions coming from about 15 different sites each site have about 10 sessions
total bandwidth it consume is 500 KB/s
What is it ? why a site have to do 10 times DNS queries (or maybe it is a UDP session to port 53 but not a DNS query ) to my host where even no DNS server exist ?
Is there anyone that can tell me the exact command to block it ? i have tried with the web interface to add a firewall rule but nothing happen it looks like im not giving the right rule
Thanks Forward
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
I'm on FiOS (was Verizon now Frontier Comm.) and I'm considering
buying a Pi for ampr.org connection. I'm pretty much stuck with the
Verizon Actiontec MI424WR on the WAN due to ISP requirements and I'm
wondering how it might be best to place the Pi on the LAN. Should it
be in the DMZ or should it stay behind NAT?
Feel free to email me off list if this is OT.
--
Geoff Joy - ke6qh -
AmprNet IP Address Coordinator for San Bernardino & Riverside Counties.
(44.18/16)
Many of the Linux based routers do allow you to add non-standard rules. It
surprised me that the current ASUS family of consumer routers allowed me to
configure a porthole for IPIP without having to use the CLI.
Assi
-----Original Message-----
From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On
Behalf Of Brian Kantor
Sent: Tuesday, April 05, 2016 11:11 AM
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] ISP Router and Pi Cohabitation
(Please trim inclusions from previous messages)
_______________________________________________
On Tue, Apr 05, 2016 at 11:05:38AM -0700, Geoff Joy -KE6QH- wrote:
> I'm on FiOS (was Verizon now Frontier Comm.) and I'm considering
> buying a Pi for ampr.org connection. I'm pretty much stuck with the
> Verizon Actiontec MI424WR on the WAN due to ISP requirements and I'm
> wondering how it might be best to place the Pi on the LAN. Should it
> be in the DMZ or should it stay behind NAT?
I'm not familiar with that particular router, but most residential routers
don't have a provision for allowing the IPIP protocol through the NAT so you
pretty much have to use the DMZ for AMPRNet tunneling.
- Brian
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
Step one would be to create an interactive script that asks some basic
questions like your ampr address allocation and sets up the routes and
rules. I have been meaning to do this. Sadly winter is pretty much
over.
I documented the way I did it in pretty good detail:
http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html
Of course there is more than one way to skin a cat. You don't have to
add a USB Nic, you could use a VLAN capable switch for example. That
is always the rub, one size may not fit all.
I skipped explaining a basic firewall, as I think its a bitch much for
most people already, and is documented elsewhere. The best info I had
at the time was LX1DUC's info, but I wanted to take explaining certain
things a bit more that I initially thought weren't the most clear.
http://marc.storck.lu/blog/2013/08/howto-setup-an-amprnet-gateway-on-linux/http://marc.storck.lu/blog/2013/08/basic-paranoid-iptables-firewall-for-an-…
I have found everyone in any aspect of the hobby has a different level
of understanding. Writing a disk image to a SD card might be a first
timer for someone for example. Then you need to explain that.
A good start would be for more people to share details on their gateway setup.
>Maybe this is a good opportunity for someone to create a basic distribution
>that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and
>ship well or someone can write the image directly on them. Maybe if it's
>packaged, profits could be sent to Brian for gateway maintenance/growth.
For those of you running Linux, Iptables + Fail2ban work very well against
port exploit and brute force attempts.
Obviously, it also helps using a mainstream distribution with active
maintenance.
Assi kk7kx.
-----Original Message-----
From: 44Net [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On
Behalf Of Geoff Joy -KE6QH-
Sent: Tuesday, April 05, 2016 8:20 AM
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] strange login attempts to AMPR Hosts
Probes of IP addresses are VERY common. T
...snip..
Geoff Joy - ke6qh -
AmprNet IP Address Coordinator for San Bernardino & Riverside Counties.
(44.18/16)
Hi group
The mikrotik router log show me every half minute a telnet and SSH login attempt it last for hours
the strange thing is that the IP it is using was not active in the AMR DNS up to yesterday and right after i have add it to the DNS and connected the router the login attempt tried
I have traced two off the breakers and one is in Poland and other is in China
Is it common that someone try to brake our network hosts ? do you see such things at your hosts too ?
how someone discover so quick about an active host in a Whole class A network ?
What is your solution \ reaction for such a brake attempts ??
Thanks for every clarifications
Regards
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Hi there
I got few hours ago Mikrotik router
I must say it look impressive from the web interface it have
I have some questions
May anyone send me the commands needed to make an IPIP tunnel (lets start with IPIP Tunnel to the UCSD Router)
and if any route command needed to be add please write it to me as well
Im new to the mikrotik routers but they look very professional certainly comparing the TP-link stuff
2) can a interface of the microtik (say the lan port) have two ip addresses (like the Cisco Router do with the command : ip address a.b.c.d 1.2.3.4 (subnet) secondary ) ?
3) The router lan port have no default gateway and therefore if i connect the router lan (which is also connected to the wifi part of it)
Is there any way to connect the router lan port to the net and have it to be able to get a default gateway ?
Thanks For any help
Regards
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
> The best for now is to give up, and use some Linux device (like
> Raspberry Pi) to set 44networking.
We've been telling him that for weeks now...
Of course, now he has a MikroTik router which is much more flexible than the average router.
These things (as tiny as they are) can run a virtual machine! (the feature called Metarouter)
It may be possible to run a small virtual machine with Linux on it, that either does the
tunnel and RIP processing, or is running the script to re-configure the main router all the
time to add/remove the tunnels.
That way it may be possible to get it working even on this low-end router, with the advantage
that it has multiple ethernet ports and even WiFi.
It would actually be nice to have a solution for the appliance operator to get an IPIP tunnel,
although there of course are many challenges to overcome.
I should find time to play with the Metarouter running plain Linux...
Rob
