26 Mar
2020
26 Mar
'20
3:02 p.m.
Hi all
it's very simple
run a tcpdump -ni (inteface) proto 4 (this testing is scrolling fast 24x7)
address1 (gwampr) (GW-of dest host) (thenipencap address3(from bamdit) (dest 44net remote
address (ports 1-65535) being scanned
So the Bandit addresses(Non44net) of the 14 I looked at over a couple of seconds
yestrday are frome
Denmark, Bulgaria,Turkey,Netherlands,USA,Japan,Moldova,Russia
It's crasy
the rule at the GW-ampr gateway address3 should only be in the 44.0.9 and 44.128/10
range. I monitor this real time as I am 'sad'
And like to see who it trying to break in and fail to mine and hosted downstream sub
networks of mt partners.
As other have mentioned before, these use to be blocked
Well they are blocked here.
Sigh!! And I am not a Network Technician
Paul
On 26 March 2020 at 19:29 lleachii--- via 44Net
<44net(a)mailman.ampr.org> wrote:
Rob,
You stated:
So all traffic received on IPIP tunnels should be from net44 only in our case.
Unfortunately not all of it is.
Can you elaborate on the traffic that isn't, please?
Is this traffic from another operator...or a non-operator?
Can you also elaborate if this traffic forwards in any cases?
That's what we're tying to stop. Please note, I haven't identified this is
related to any IPENCAP issue specifically (except that it appears we may have some
operators that forward traffic not destined for them). While I understand your concern,
I'm not sure it's related to IPENCAP 100%.
73,
- Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
______________________________________________
This email has been scanned by Netintelligence
http://www.netintelligence.com/email