44net

44net@mailman.ampr.org

3194 discussions

44Net Digest, Vol 3, Issue 44
by Gabriel Medinas 27 Feb '14

27 Feb '14

Hello Rob, thanks for your information, I changed to 44.0.0.1 from 169.228.66.251, but dont see here any rip broadcast from this IP, i waiting if arrive in any moment. 73 de Gabriel. YV5KXE YV AmpNet Coordinator 44net-request at hamradio.ucsd.edu wrote: > Subject: > [44net] RIP UDP question > From: > Gabriel Medinas <gmedinas at gmail.com> > Date: > 02/26/2014 05:48 PM > > To: > 44net at hamradio.ucsd.edu > > > Hello all, > > I want test to receive the RIP2 broadcast in my JNOS but dont work: > > Trace jnos monitor: > > (tun0) 169.228.66.251->192.168.2.110 UDP Don't use that version. Use the one that is from 44.0.0.1 -> 224.0.0.9 instead. (there are two RIP broadcasts and some time ago Brian already considered to stop the one from 169.228.66.251 to the public IP adress. This one is sent to a different portnumber so your jnos probably does not recognize it) Rob

2 1

Re: [44net] 44Net Digest, Vol 3, Issue 44
by Rob Janssen 26 Feb '14

26 Feb '14

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > [44net] RIP UDP question > From: > Gabriel Medinas <gmedinas(a)gmail.com> > Date: > 02/26/2014 05:48 PM > > To: > 44net(a)hamradio.ucsd.edu > > > Hello all, > > I want test to receive the RIP2 broadcast in my JNOS but dont work: > > Trace jnos monitor: > > (tun0) 169.228.66.251->192.168.2.110 UDP Don't use that version. Use the one that is from 44.0.0.1 -> 224.0.0.9 instead. (there are two RIP broadcasts and some time ago Brian already considered to stop the one from 169.228.66.251 to the public IP adress. This one is sent to a different portnumber so your jnos probably does not recognize it) Rob

1 0

RIP UDP question
by Gabriel Medinas 26 Feb '14

26 Feb '14

Hello all, I want test to receive the RIP2 broadcast in my JNOS but dont work: Trace jnos monitor: (tun0) 169.228.66.251->192.168.2.110 UDP 0000 ........pLaInTeXtpAsSwD.....,.......[yZ.........,.........Y..... 0040 ....,.......E..>........,.......Q.v>........,I@.....2.D>........ 0080 ,.@.....[yZ.........,.......[yZ.........,I......2.D>........,... 00c0 ....W...........,...................,........K..........,....... 0100 ............,........&..........,^..................,.......v... 0140 ........,........K..........,........K..........,.......yc...... 0180 ....,........K..........,.......^e0.........,........K.......... 01c0 ,........K...... (tun0) 192.168.2.110->169.228.66.251 ICMP UnreachablePort Returned 169.228.66.251->192.168.2.110 UDP 192.168.2.110 is my JNOS IP in LAN (also 44.152.0.60) 169.228.66.251 (amprnetgw-ucsd) The jnos return a ICMP UnreachablePort, have check firewall, ip forwading in opensuse 13.1 linux, router and in my autoexec.nos: ip upstairs 224.0.0.9 rip ttl 43200 start rip #rip accept 44.0.0.1 rip accept 169.228.66.251 rip trace 9 rip.log My question, why my jnos said unreachablePort? Thanks. Gabriel YV5KXE

1 0

Re: [44net] Suggestion?
by kb9mwr＠gmail.com 24 Feb '14

24 Feb '14

Thanks Chris. Now if there is a problem originating from one of the gateways we know who to get a hold of. It may also be desirable if their callsign had a link to method of contact (email) that is on file for them. But I heard a whois function is in the works, and I assume that will have something like that. Steve

4 3

anyone seeing these?
by Brian 23 Feb '14

23 Feb '14

I've been getting absolutely bombarded with dns query frames most of which come from commercial IPs (that are now blocked) however I'm seeing some from what appears to be 44/8, but I suspect most of these are spoofed. There's always the chance someone's been compromised. An example from wireshark: 72 13.058158 44.96.84.78 44.88.0.9 DNS Standard query A oitutrxutxx.www.luse7.com I know this IP is not configured so it must be spoofed (aka: no DNS) and it doesn't appear to be alive, nor is this the only one from 44/8. 140 35.327781 44.180.172.99 44.88.0.9 DNS Standard query A ttx.www.luse8.com 595 181.341697 44.219.111.186 44.88.0.9 DNS Standard query A m.www.luse9.com I'm sure this is a DNS worm of sorts but it was attacking my MFNOS node (which does not even have a dns server compiled in it) at the rate of 500,000 frames a minute. While harmless to such, it's still bandwidth used for nothing. Has anyone seen these sort of junk dns requests before? -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

2 1

Suggestion?
by kb9mwr＠gmail.com 23 Feb '14

23 Feb '14

On the gateways list page or under the details (at: https://portal.ampr.org/gateways_list.php) could another column be added to show the associated call sign of the person who maintains that entry? Right now there really doesn't seem to be a way to tell.

4 3

purposeful interloper...
by Jerome Schatten 23 Feb '14

23 Feb '14

Now this guy appears every 60 sec., and he obviously knows what he's doing. Anyone else seeing him? How does he do it? Sat Feb 22 14:12:57 2014 - tun0 recv: IP: len 74 169.228.66.251->192.168.1.149 ihl 20 ttl 50 prot IP IP: len 54 67.185.10.74->44.135.160.40 ihl 20 ttl 46 DF prot UDP UDP: len 34 48465->6781 Data 26 0000 CQ AMPR! CQ AMPR! CQ AMPR! Sat Feb 22 14:12:57 2014 - tun0 recv: IP: len 74 169.228.66.251->192.168.1.149 ihl 20 ttl 50 prot IP IP: len 54 67.185.10.74->44.135.160.40 ihl 20 ttl 46 DF prot UDP UDP: len 34 48465->6781 Data 26 0000 CQ AMPR! CQ AMPR! CQ AMPR! (encap) 67.185.10.74->44.135.160.40 DF UDP CQ AMPR! CQ AMPR! CQ AMPR! Sat Feb 22 14:12:57 2014 - tun0 sent: IP: len 56 192.168.1.149->67.185.10.74 ihl 20 ttl 254 prot ICMP ICMP: type Unreachable code Port Returned IP: len 54 67.185.10.74->44.135.160.40 ihl 20 ttl 46 DF prot UDP UDP: len 34 48465->6781 Data 26 jerome - ve7ass ------

3 2

Re: [44net] Cisco IOS Example?
by Jason Begley 23 Feb '14

23 Feb '14

Email me off list for some examples. I hope you are using something bigger than a 2651xm because the config gets too large for nvram otherwise. I'll also send you a script for converting the encap file to tunnels/routes too. 73 Jason ky9j -------- Original message -------- From: Phil Pacier - AD6NH <ad6nh(a)aprs2.net> Date: 02/15/2014 4:34 PM (GMT-05:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: [44net] Cisco IOS Example? (Please trim inclusions from previous messages) _______________________________________________ Good day all. Does anyone have a rough example of a 44Net tunnel setup for Cisco IOS? I only have a /32 to play with and would like to put it on the WAN router. Thanks! -- Phillip Pacier - AD6NH APRS Tier2 Network Coordinator --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

7 6

Every 10 seconds...
by Jerome Schatten 22 Feb '14

22 Feb '14

Maybe someone knows who '44.64.193.1' is and can contact him? tnx jerome - ve7ass Fri Feb 21 20:08:58 2014 - tun0 recv: IP: len 96 24.229.88.253->192.168.1.149 ihl 20 ttl 240 prot IP IP: len 76 44.64.193.1->224.0.0.5 ihl 20 ttl 1 tos 192 prot 89 0000 ...,.,.......r.....................(.................... Fri Feb 21 20:08:58 2014 - tun0 recv: IP: len 96 24.229.88.253->192.168.1.149 ihl 20 ttl 240 prot IP IP: len 76 44.64.193.1->224.0.0.5 ihl 20 ttl 1 tos 192 prot 89 0000 ...,.,.......r.....................(.................... (encap) 44.64.193.1->224.0.0.5 prot 89 0000 ...,.,.......r.....................(.................... (encap) 44.135.160.40->44.64.193.1 ICMP Time ExceededTime-to-live Returned 44.64.193.1->224.0.0.5 prot 89 0000 ...,.,.. Fri Feb 21 20:08:58 2014 - tun0 sent: IP: len 76 192.168.1.149->24.229.88.253 ihl 20 ttl 254 prot IP IP: len 56 44.135.160.40->44.64.193.1 ihl 20 ttl 254 tos 192 prot ICMP ICMP: type Time Exceeded code Time-to-live Returned IP: len 76 44.64.193.1->224.0.0.5 ihl 20 ttl 0 tos 192 prot 89 0000 ...,.,..

4 5

Odd Portal Login
by William Lewis 19 Feb '14

19 Feb '14

Is it just me..... or when first logging into the portal, it appears to not take your username and password, and gives you a second login screen. And then the second login screen does log you in. Am I the only one seeing this ?? Wm Lewis (KG6BAJ) AMPR Net IP Address Coordinator - Northern and Central California Regions (A 100% Volunteer Group) (530) 263-1595 (Home/Office) ______________________________________________ ---------- This message is for the designated recipient only and MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this E-mail is prohibited.

4 3

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net