Hi all it's very simple run a tcpdump -ni (inteface) proto 4 (this testing is scrolling fast 24x7)
address1 (gwampr) (GW-of dest host) (thenipencap address3(from bamdit) (dest 44net remote address (ports 1-65535) being scanned
So the Bandit addresses(Non44net) of the 14 I looked at over a couple of seconds yestrday are frome Denmark, Bulgaria,Turkey,Netherlands,USA,Japan,Moldova,Russia
It's crasy the rule at the GW-ampr gateway address3 should only be in the 44.0.9 and 44.128/10 range. I monitor this real time as I am 'sad' And like to see who it trying to break in and fail to mine and hosted downstream sub networks of mt partners.
As other have mentioned before, these use to be blocked Well they are blocked here. Sigh!! And I am not a Network Technician Paul
On 26 March 2020 at 19:29 lleachii--- via 44Net 44net@mailman.ampr.org wrote:
Rob,
You stated:
So all traffic received on IPIP tunnels should be from net44 only in our case. Unfortunately not all of it is.
Can you elaborate on the traffic that isn't, please?
Is this traffic from another operator...or a non-operator?
Can you also elaborate if this traffic forwards in any cases?
That's what we're tying to stop. Please note, I haven't identified this is related to any IPENCAP issue specifically (except that it appears we may have some operators that forward traffic not destined for them). While I understand your concern, I'm not sure it's related to IPENCAP 100%.
73,
- Lynwood
KB3VWG _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
This email has been scanned by Netintelligence http://www.netintelligence.com/email