44net

44net@mailman.ampr.org

1 participants
3194 discussions

Re: [44net] 44Net Digest, Vol 3, Issue 92
by Steve Wright 03 May '14

03 May '14

On Sun, May 4, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > During some cell site work last night, I seem to have experienced > Comcast dropping packets from point A to point B simply based on the > fact that their IP protocol was GRE (IP protocol 47). I also found some > posts on the Internet that claim Comcast wishes to charge more money to > transport GRE packets. I'm not sure if this is true, or if I made a > mistake somehow in my traffic handling. Therefore... If you really WERE working in a professional role on such equipment, and you ACTUALLY DID notice GRE packets missing, I would hazard a guess that you were perfectly capable of scripting up nc, nmap etc, with some bash or python to do as you ask, instead of trolling this networking group with your political goals. On topic though, I do recall some recent amendments to law (actually rules of a corporation, not real law) where it was specifically forbidden that any ISP rate-limit any service whatsoever, and then charge to un-limit it, so likely the govt is ahead of you on this one. Perhaps an email to the company concerned with a polite request for the same information, and an implied threat to write some network discovery tool might net you dividends you seek, or at least a straight answer - rare as they are.

2 1

Request for Software - IP Protocol Filtering Measurement
by Bart Kus 03 May '14

03 May '14

Hi, During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore... Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link. The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right. --Bart

1 0

spam
by Steve Wright 02 May '14

02 May '14

> On Mon, Apr 28, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > > BTW, your emails trigger gmail's spam filter -- I'm surprised any of this weeks' postings got past the spam filter whatsoever.... Can we get some tech content please, people? Enough of this rules and politics crap.

2 1

Last minute DDoS attackers
by Gustavo Ponza 29 Apr '14

29 Apr '14

... as per information. gus i0ojj ------------- com. 0 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1398772092 1800 900 604800 86400 dnsscan.shadowserver.org. 0 IN A 184.105.143.133 fema.gov. 0 IN NS asia2.akam.net. fema.gov. 0 IN NS eur2.akam.net. fema.gov. 0 IN NS use3.akam.net. fema.gov. 0 IN NS usw4.akam.net. fema.gov. 0 IN NS usc2.akam.net. fema.gov. 0 IN NS usw3.akam.net. fema.gov. 0 IN NS use1.akam.net. . 0 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014042800 1800 900 604800 86400 com. 0 IN NS f.gtld-servers.net. com. 0 IN NS j.gtld-servers.net. com. 0 IN NS g.gtld-servers.net. com. 0 IN NS e.gtld-servers.net. com. 0 IN NS l.gtld-servers.net. com. 0 IN NS k.gtld-servers.net. admin.wilyee.com. 0 IN A 216.187.94.181 130.99.20.198.IN-ADDR.ARPA. 0 IN PTR census4.shodan.io. 1000.e920862c.dnsr.if-is.net. 0 IN A 134.147.203.115 ddosforums.pw. 0 IN SOA dina.ns.cloudflare.com. dns.cloudflare.com. 2014945315 10000 2400 604800 3600 ddosforums.pw. 0 IN NS dina.ns.cloudflare.com. ddosforums.pw. 0 IN NS ian.ns.cloudflare.com. ianawww.vip.icann.org. 0 IN A 192.0.32.8 www.iana.org. 0 IN CNAME ianawww.vip.icann.org. openresolvertest.net. 0 IN A 204.42.254.5 65cf69a0.openresolvertest.net. 0 IN CNAME openresolvertest.net. 1x1.cz. 0 IN A 46.234.99.18 114.70.20.198.IN-ADDR.ARPA. 0 IN PTR census3.shodan.io. isc.org. 0 IN NS ns.isc.afilias-nst.info. isc.org. 0 IN NS ord.sns-pb.isc.org. dnsamplificationattacks.cc. 0 IN SOA a.dns.gandi.net. hostmaster.gandi.net. 1349871047 10800 3600 604800 10800 dnsamplificationattacks.cc. 0 IN MX 10 spool.mail.gandi.net. dnsamplificationattacks.cc. 0 IN MX 50 fb.mail.gandi.net. dnsamplificationattacks.cc. 0 IN A 217.70.184.38 dnsamplificationattacks.cc. 0 IN NS c.dns.gandi.net. dnsamplificationattacks.cc. 0 IN NS b.dns.gandi.net. dnsamplificationattacks.cc. 0 IN NS a.dns.gandi.net. shodan.io. 0 IN NS b.dns.gandi.net. shodan.io. 0 IN NS a.dns.gandi.net. shodan.io. 0 IN NS c.dns.gandi.net. openresolverproject.org. 0 IN A 204.42.254.5 65cf69a0.openresolverproject.org. 0 IN CNAME openresolverproject.org. ietf.org. 0 IN NS ns1.yyz1.afilias-nst.info. ietf.org. 0 IN NS ns1.ams1.afilias-nst.info. ietf.org. 0 IN NS ns1.mia1.afilias-nst.info. ietf.org. 0 IN NS ns0.amsl.com. ietf.org. 0 IN NS ns1.sea1.afilias-nst.info. ietf.org. 0 IN NS ns1.hkg1.afilias-nst.info. iorr.ru. 0 IN SOA ns1.reg.ru. hostmaster.ns1.reg.ru. 1397802273 14400 3600 604800 43200 iorr.ru. 0 IN A 123.123.123.26 iorr.ru. 0 IN A 123.123.123.70 iorr.ru. 0 IN A 123.123.123.17 iorr.ru. 0 IN A 123.123.123.41 iorr.ru. 0 IN A 123.123.123.158 iorr.ru. 0 IN A 123.123.123.67 iorr.ru. 0 IN A 123.123.123.137 iorr.ru. 0 IN A 123.123.123.101 iorr.ru. 0 IN A 123.123.123.61 iorr.ru. 0 IN A 123.123.123.119 iorr.ru. 0 IN A 123.123.123.79 iorr.ru. 0 IN A 123.123.123.190 iorr.ru. 0 IN A 123.123.123.229 iorr.ru. 0 IN A 123.123.123.237 iorr.ru. 0 IN A 123.123.123.4 iorr.ru. 0 IN A 123.123.123.66 iorr.ru. 0 IN A 123.123.123.224 iorr.ru. 0 IN A 123.123.123.183 iorr.ru. 0 IN A 123.123.123.110 74.69.20.198.IN-ADDR.ARPA. 0 IN PTR census1.shodan.io. -----------------

1 0

chargen service
by Brian Kantor 29 Apr '14

29 Apr '14

You should check to make sure that you have the 'chargen' service disabled on your hosts, and block it in your routers if you can. I've already contacted the people whose system was involved in this attack. - Brian ----- Forwarded message ----- Subject: Exploitable chargen service used for an attack: 44.x.x.x. It appears that a public "chargen" service on your network, running on IP address 44.x.x.x, participated in a large-scale attack against a customer of ours today, generating large UDP responses to spoofed probes that claimed to be from the attack target. chargen is an old testing service that generates large quantities of traffic with only a small request required. It is commonly enabled by default on old printers and other connected appliances, but it has no useful purpose over the open internet. Please block UDP port 19 (inbound and outbound) at your network edge, as this should stop these chargen attacks without blocking legitimate traffic. If the endpoint device that generated this traffic is configurable, please further investigate whether it is running a chargen service (and disable it, if so) -- commonly exploited devices include Cisco hardware that has "udp small servers" mistakenly enabled, old printers, old UNIX boxes with "chargen" running under inetd, and Windows boxes with the "Simple TCP/IP services" package installed. Also, it is worth checking if it is a machine that has been compromised, as some malware directly generates port 19 traffic, simulating chargen, and in this way masks its presence. If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack. ----- End forwarded message -----

2 1

Re: [44net] chargen service
by kb9mwr＠gmail.com 29 Apr '14

29 Apr '14

Jerry, Stick this in the DD-WRT administration command shell box: /sbin/iptables -A OUTPUT -p udp --dport 19 -j DROP

1 0

Re: [44net] chargen service
by Jerry Kutche 29 Apr '14

29 Apr '14

Brian. Can u tell me how. Been having some kind of issues here. Also think my router it sick. Have a new one on way. Buffalo wzr-600dhp running dd-wrt latest .. Non beta.. 73 jerry On Apr 29, 2014 1:34 PM, Brian Kantor <Brian(a)UCSD.Edu> wrote: > > (Please trim inclusions from previous messages) > _______________________________________________ > You should check to make sure that you have the 'chargen' service > disabled on your hosts, and block it in your routers if you can. > > I've already contacted the people whose system was involved in this attack. > - Brian > > > ----- Forwarded message ----- > > Subject: Exploitable chargen service used for an attack: 44.x.x.x. > > It appears that a public "chargen" service on your network, running > on IP address 44.x.x.x, participated in a large-scale attack against a > customer of ours today, generating large UDP responses to spoofed probes > that claimed to be from the attack target. > > chargen is an old testing service that generates large quantities of > traffic with only a small request required. It is commonly enabled by > default on old printers and other connected appliances, but it has no > useful purpose over the open internet. > > Please block UDP port 19 (inbound and outbound) at your network > edge, as this should stop these chargen attacks without blocking > legitimate traffic. If the endpoint device that generated this traffic > is configurable, please further investigate whether it is running a > chargen service (and disable it, if so) -- commonly exploited devices > include Cisco hardware that has "udp small servers" mistakenly enabled, > old printers, old UNIX boxes with "chargen" running under inetd, and > Windows boxes with the "Simple TCP/IP services" package installed. Also, > it is worth checking if it is a machine that has been compromised, as > some malware directly generates port 19 traffic, simulating chargen, > and in this way masks its presence. > > If you are an ISP, please also look at your network configuration and > make sure that you do not allow spoofed traffic (that pretends to be from > external IP addresses) to leave the network. Hosts that allow spoofed > traffic make possible this type of attack. > > ----- End forwarded message ----- > > _________________________________________ > 44Net mailing list > 44Net(a)hamradio.ucsd.edu > http://hamradio.ucsd.edu/mailman/listinfo/44net >

1 0

help?
by Jerry 28 Apr '14

28 Apr '14

I have been having severe issues staying connected to the internet all day.. I did two things as a test.. I think its related to my Net 44 box. 1) Turned off the JNOS/URO box 2) Removed it from DMZ Going to see how things look. I think it is getting hit with junk from the internet . If so I may be forced to leave it off.. if so.. But not sure how to tell.. Other than if I can stay connected and so far it has improved a thousand fold.. If anyone knows how to stop this let me know. A Script I can install on my dd-wrt enabled buffalo wzr600dhp router would be best or anything I can run on linux. Thanks 73 jerry n9lya Join Dropbox today <https://db.tt/72qWEIC2> https://db.tt/72qWEIC2 N9LYA/K9BBS <http://w9bbs.no-ip.org:8080/> http://w9bbs.no-ip.org:8080 K9BBS IP 44.48.0.42 Linbpq 6.0.7.2 Debian Linux 6.0.7 Dell_Server_2600_4GBRAM_73GBHD_Dual_Dual_Core_CPU_1.8Ghz W9HU <http://w9bbs.no-ip.org:8081/> http://w9bbs.no-ip.org:8081 W9HU IP 44.48.0.44 PilinBPQ 6.0.7.2 Raspbian-wheezy-7_Rpi_B_700MHz_256MBram_128GB-SD-class10 N9LYA-5 IP 44.48.0.46 Jnos 2.0j N9LYA-9 IP 44.48.0.41 Uronode 2.1 Debian Linux 6.0.7 HP 3.4Ghz 2GB Ram 2TB Hard drive W9BBS-3 IP 44.48.0.45 MSYS 1.20Beta4 Dell XP Sp3 40GB HD 756 MB Ram NODE's I CO-SYSOP KC9JIH-7:LEHIGH K9UY-7:NOIRAM <http://www.mitchellwx.com/> http://www.mitchellwx.com wview 5.20.2 <http://www.n9lya.com/> http://www.n9lya.com <http://www.hfskipnet.net/> http://www.hfskipnet.net <http://www/indianapacketcouncil.com> http://www/indianapacketcouncil.com <http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-5&timerange=3600&tail=3600> http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-5&timerange=3600&tail=3600 <http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-3&timerange=3600&tail=3600> http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-3&timerange=3600&tail=3600 My net44 subnet 44.48.0.41 uronode.n9lya.ampr.org uronode.n9lya 44.48.0.42 k9bbs.ampr.org k9bbs 44.48.0.43 w9otr.ampr.org w9otr 44.48.0.44 w9hu.ampr.org w9hu 44.48.0.45 w9bbs.ampr.org w9bbs 44.48.0.46 n9lya.ampr.org n9lya n9lya-3 73 Jerry N9LYA HF Skipnet Coordinator HF Skipnet Midwest HUB ARRL Net Manager - Packet Indiana AmprNet IP Coordinator Indiana Indiana Packet Coordinator Sysop N9LYA/K9BBS/W9BBS/W9OTR W9OTR Hoosier Amateur Radio Digital Society W9HU Hoosier Radio Society

5 6

How-To BGP?
by Jim Alles 28 Apr '14

28 Apr '14

Ok, so I am a licensed HAM, an amateur that has no formal education or job experience regarding networking. However, I believe I have a better handle on IT than most hams in general, present company excluded. (Anything I can do to help) I am assisting the Penn State Amateur Radio Club, a student organization, to get a couple of 1Gb network backbone connections lit up. One is dedicated to a D-star gateway (K3CR). The other location is the ham shack, for web browsing and other future uses, such as APRS Igate, IRLP or Asterisk. We will have a /29 assigned by the University. The two Microtik routers we have purchased are capable of BGP. The university will not advertise 44net, or allow me to announce BGP. sigh. Does anyone have any suggestions? Another regional resource we have in the state of Pennsylvania is PennREN. It is a partnership that built out fiber optics in a figure-eight footprint all around the state. They can provide connectivity (I would like to get a VPN server co-located in their facilities), but they also have dark fiber available. My long-term vision is to have a 501c(3) organized by hams light up a couple of those strands to create a regional 44net. Local hams/clubs would each have to provide their own 'last mile' I believe there is a group in Pittsburgh already doing something similar. I want to learn enough to understand the conversation. Thanks for the video! Jim Alles, KB3TBX

4 3

Re: [44net] What is 44net?
by Bryan Fields 26 Apr '14

26 Apr '14

On 4/24/14, 6:54 PM, K7VE - John wrote: > I think the better model is BGP "nodes" which provide VPN to subnets. > The BGP node admins would provide the VPN authentication to know what > subnets were attaching and BGP would provide Internet connectivity > (including subnets). +1 I trust my VPN users and announce via BGP to the global routing table. If you want to trust my routes cool, if not that's cool too. I think everyone is over-thinking this. It does no good if the majority of traffic over 44net allocations is ping and traceroute. Let shit flow and see what happens. IF some one starts abusing it, shut it down and fix it. It's like a repeater when there is a jammer. Once you're aware of it, you shut it down till they go away and you're not liable for it. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

17 49

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net