44net

44net@mailman.ampr.org

3188 discussions

www.ampr.org

by Rob Janssen

When I visit http://www.ampr.org/ I get a page with only the text "www http" on it. When I visit the https site I get the usual site. Rob

5 years, 7 months

portal down

by Ruben ON3RVH

Hi all, Anyone reported the portal down yet? Can't even read the server hosting it (81.174.235.134) 73 Ruben ON3RVH

5 years, 7 months

Configuring a gateway with Ubiquiti Edgerouter 10x

by Keith Kasin

Greetings, I am trying to set up my Edgerouter 10x as a gateway. When I get to the step ubnt@ubnt:~$ set interfaces ethernet eth0 address <put your AMPRNet network assignment> I enter my allocation 44.18.50.0/28 and get an error. I can set 44.18.50.1/28 or just 44.18.50.1 however this does not yield a route when I enter the “show ip route” command. Should I be using my broadcast address, 44.18.50.15 in this position? I am sorry if I sound dense here so any guidance is appreciated as I work my way through this set up. Thank you, Keith AI6BX

5 years, 8 months

Returning YV.

by Gabriel Medinas

Greetings to all, just to inform you that returning to teamwork at AmprNet, Venezuela is connected again, renewing some things in my local structure with the JNOS Linux program through yv5kxe.ampr.org (44.152.0.60). We are especially grateful to Chris - G1FEF who personally granted the possibility of this YV return on this network after 20 years. We are in settings, I am mainly working to adjust my old JNOS to the new dynamic of AmprNet especially to the RIP44d update that does not work in JNOS doing it manually, I am working on a project to use other compatible hardware to achieve other gateways for use APRS and the DXCluster yv5kxe. 73 de Gabriel YV5KXE yv5kxe.ampr.org

5 years, 8 months

Ubiquiti AMPR-ripd

by Elias Basse

Is anyone familiar with ripd on the ubiquiti series of routers? I have a test device edgerouter pro that I am attempting to get working however I am unable to route through the ipip tunnel that has been built per both wiki articles. Any pointers would be appreciated. Many thanks, Elias Sent from my iPhone

5 years, 8 months

BGP annuncement of same address Block from 2 sites ?

by R P

Hi there Is it possible to announce same Address Block from two different sites ? with preferred way for one site ? The idea is to have redundancy in case that one site connectivity fail the traffic will pass to the other site automatically Both site will be connected by radio as well so Network connectivity will not stop I know that BGP support it is it also the way in the AMPRNET BGP announcement ? Has anyone done it ? or doing it in the AMPRNET community ? Thanks Forward Ronen - 4Z4ZQ

5 years, 8 months

BGP Announcment Procedure

by R P

Hi there Who deal today with BGP announcement procedure ? We want to start announce part of our 44 net BGP i started the procedure with Brian who take care of it now ? Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org

5 years, 8 months

Re: [44net] Large increase in inbound suspicious traffic from public internet to systems on 44 net?

by Rob Janssen

> On Thu, 2020-03-12 at 11:30 -0500, Shawn M Garringer via 44Net wrote: > > I am wondering if anyone else is seeing the following: starting on 5 > > March 2020 and continuing through the present I have detected a large > > spike in inbound traffic to several of my AMPR 44 IP addresses (on > > 44.50.1.0/24). The spike has been large enough that my logging ELK > > stack is struggling to keep up. > A good number of folks have seen a spike in scans by botnets spoofing > IPs but not just on 44-net. Commercial ISPs have seen similar spikes of > traffic and have taken proactive measures to try and halt these brute > force attacks. I see no visible increase in the traffic graphs for our internet gateway, but of course I do confirm that there is a continuous stream of port scanning going on, partly from individuals and partly from jerks like censys.io, shodan.io, stretchoid.com, binaryedge.ninja etc etc who are continuously scanning the internet for vulnerabilities and keep searchable databases where their users can instantly locate who is running e.g. a MikroTik router when there is a new known vulnerability (of course only when it its firewall is not properly configured). All this together is responsible for 1-2 Mbit/s of traffic on our /16. So yet, it is quite noticable. Of course we do not log all that, but we do have some auto-block features that trigger when people scan for wellknown ports (like mentioned above) within unassigned address space. Rob

5 years, 8 months

Large increase in inbound suspicious traffic from public internet to systems on 44 net?

by ampr＠shawngarringer.org

Hello group, I am wondering if anyone else is seeing the following: starting on 5 March 2020 and continuing through the present I have detected a large spike in inbound traffic to several of my AMPR 44 IP addresses (on 44.50.1.0/24). The spike has been large enough that my logging ELK stack is struggling to keep up. This traffic is coming from the public internet. Most of these are looking at standard ports 443, 80, 25, and 22. These are being directed to IP addresses in my subnet that are not in use, and therefore are being dropped (but logged) at the firewall. Nothing is running on these IPs so there is no way the traffic is in response to anything I can find coming from my network. I realize devices periodically scan the "entire internet" but this is more than that... in one day I saw 100,000 TCP SYN from a single public IP address. That is a significant spike and I am not certain why they sent so much traffic from a single IP to a single IP. Wondering if anyone else is seeing the same? 73 DE KC0AKY

5 years, 8 months

Re: [44net] Security - Nested IPIP

by Rob Janssen

> So all traffic received on IPIP tunnels should be from net44 only in our case. Unfortunately not all of it is. > Can you elaborate on the traffic that isn't, please? > Is this traffic from another operator...or a non-operator? > Can you also elaborate if this traffic forwards in any cases? As I explained before, what I sometimes DO see is IPIP traffic from gateway A.B.C.D with an internal packet with source A.B.C.D and destination 44.137.X.Y (inside our network). That traffic should have been sent with source address 44.P.Q.R in the internal packet, where 44.P.Q.R is the net44 address of that specific gateway at A.B.C.D. As I got repeated logs in the firewall of these occurrences (one was from a Polish gateway, I remember) I added a firewall rule to allow such traffic. The reply will of course be routed directly over internet, not via the tunnel, so it is questionable if the connection would get established. Probably not, when the user has the typical stateful firewall on his internet connection. Yesterday I have removed the extra rule and I am watching the firewall log, but I have not yet observed another instance of this error after about 12 hours. So maybe some people have woken up and fixed their config already. Rob

5 years, 8 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net