44net

44net@mailman.ampr.org

1 participants
3189 discussions

CERT Vulnerability Note VU#636397: IP-in-IP protocol routes arbitrary traffic by default

by Chris KE2A

Reference: https://kb.cert.org/vuls/id/636397 OVERVIEW IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device. Description IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be encapsulated inside another IP packets. This is very similar to IP GRE VPNs and IPSEC VPNs in tunnel mode, except in the case of IP-in-IP, the traffic is unencrypted at all times. As specified, the protocol unwraps the inner IP packet and forwards this packet through IP routing tables, potentially providing unexpected access to network paths available to the vulnerable device. An IP-in-IP device is considered to be vulnerable if it accepts IP-in-IP packets from any source to any destination without explicit configuration between the specified source and destination IP addresses. This unexpected Data Processing Error (CWE-19) by a vulnerable device can be abused to perform reflective DDoS and in certain scenarios used to bypass network access control lists. Because the forwarded network packet may not be inspected or verified by vulnerable devices, there are possibly other unexpected behaviors that can be abused by an attacker on the target device or the target device's network environment. IMPACT An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls. -- 73, Chris KE2A

5 years, 7 months

National AMPR Coordinator - info

by Marco Di Martino (IW2OHX)

Hi all, I have to do a formal communication to ARDC regarding the AMPR organization here in my Country. To whom should I address this ? Thanks Regards, Marco iw2ohx

5 years, 7 months

Mikrotik help needed

by Ian Redden

Hi All; When trying to connect, the IPIP tunnel on my Mikrotik box is flapping. I am using Mikrotik OS 6.46.6. It connects, shows as registered/running, but after a random period of time, the link goes down. Eventually it reconnects and the entire process starts over again. While connected however, I am able to see the RIP routes. Configuration: /interface ipip add allow-fast-path=no local-address=24.xx1.xx4.44 name=ucsd-gw remote-address=169.228.34.84 Any ideas? Speed Test: https://cogeco-on.speedtestcustom.com/result/baacd8c0-a027-11ea-8085-870a92… Ian / VA3IAN

5 years, 7 months

Portal is down

by G1FEF

Heads up, the portal appears to have crashed. Looking into it now… Regards Chris - G1FEF — AMPRNet Administrator

5 years, 7 months

WWconvers Hub_NA

by Charles J. Hargrove

Looking to add another dimension to your BBS? Consider offering a chatroom to your users. There are several groups that meet worldwide on various channels, some channels are used locally for events/nets/emcomm and there are some that act as tech support for ham radio software programs. Here in NYC we use 14736 every Monday night as an alternate way to check-in to our weekly emcomm net (especially when encountering jammers). There is even a growing movement to use state or country-based channel numbers that reflect their 44net assignments like 4468 in NY, 4440 in UT, etc. Various packet bbs packages have chat capability built-in. I know of at least one station looking to incorporate it into FBB, but I have no information on that system. Connection to Hub_NA is easy. Use 44.68.41.2 (gw.n2nov.ampr.org). We currently have stations across the USA and Canada connected to Hub_NA. Come join us, ask questions and share your tips/tricks/ideas! -- Charles J. Hargrove - N2NOV NYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord. NYC-ARECS/RACES Nets 441.100/136.5 PL ARnewsline Broadcast Mon. @ 8:00PM NYC-ARECS Weekly Net Mon. @ 8:30PM http://www.nyc-arecs.org NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM on 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32 "Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders." - Ronald Reagan "The more corrupt the state, the more it legislates." - Tacitus "Molann an obair an fear" - Irish Saying (The work praises the man.) "No matter how big and powerful government gets, and the many services it provides, it can never take the place of volunteers." - Ronald Reagan

5 years, 7 months

Some config error in ampraddr

by Rob Janssen

Since today I get error reply mails from amprgw-adm-owner(a)caida.org on the mail I send to ampraddr(a)gw.ampr.org for DNS updates, which indicate that my mail is somehow forwarded to a mailing list at caida where I am not a member, and thus not allowed to mail: You have tried to post to a list you are not subscribed to. Only members are allowed to post to this list. It appears that the update itself is correctly processed, I get the confirmation mail, but also an error message. Anyone knows what is going on there? Rob

5 years, 7 months

Routing from and to the internet

by Elias Basse

I have just completed setup on a ubiquiti router and am wanting to configure a host for some digital radio services behind the router but wish to use the 44 addresses out to the public internet to allow hotspots and repeaters to connect. Is anyone familiar with setting this up? From the server I am able to reach the internet but it is going out through an address from the isp rather than the 44 address. I used the ampr-ripd script from the wiki and can ping other 44 addresses. Hopefully this is possible, I have had my office allow use of some server and network hardware for ham radio. Best Regards Elias Kd5jfe Sent from my iPhone

5 years, 8 months

Re: [44net] www.ampr.org

by Rob Janssen

>This may cause address conflicts once the addresses are used by the >purchasing entity. >It is probably best to implement a plan to move the addresses to a new >block. There is no need to move those addresses, they are not in the block that has been sold. Since a month or two we are routing 44.192.0.0/10 to internet (amazon) but this still causes issues as over 4000 systems in the 44.224.0.0/15 block have not yet been renumbered. (I get occasional complaints about systems no longer being reachable) Rob

5 years, 8 months

Re: [44net] www.ampr.org

by Rob Janssen

> To make it work you need to route it via your public GW and NAT, so it > does not leave the router with your 44.x.x.x IP. > I think this is a little bit wrong, not to be able to access the portal > from a random HamNET IP. Well, it *does* work from a net-44 IP but it requires sufficiently well setup of the routing... When you have routing setup from the old days (like "route all 44.0.0.0/8 to the radio network") it will not work. It works OK here from my net-44 IP but still I could envision this would cause problems. E.g. just at the day the portal was down for the move, one amateur here wanted to move his system from the IPIP net to our local BGP routed network and he was unable to delete his gw. So he first setup the GRE tunnel and BGP routing but it did not work due to restrictions at our GW (having both IPIP and BGP does not work) and of course then he could still not reach the portal after it was back up. But he managed to do that from an external IP. Maybe the portal should not be in one of those 44.190 networks that are not supposed to be on IPIP, but it should be in another net-44 subnet that is both BGP routed on internet and IPIP routed on the mesh. Then it would work OK. Rob

5 years, 8 months

Re: [44net] www.ampr.org

by Rob Janssen

> I could move it to a different block (not within 44.190/16) and set it up so that it’s part of the tunnel/mesh as well if folks think that will be better? That should solve the problem for Greg and Brian. For me it does not matter. When you do have an external address (which you should have for IPIP, please don't put a tunnel endpoint on a net-44 address!) you could also consider to put the external address in the DNS entry as well. Or maybe an IPv6 address for each of the systems. Rob

5 years, 8 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net