I want to comment on this first point.
Of course assuming 44/8 to be 100% ham radio access is overstated. But if one uses only IPIP/tunnels for 44 traffic, you can safely assume it to hold true, because: - even if it could be a spoofed address, the return path will go via a tunnel if a tunnel for that subnet exists - if there is no tunnel for that, reply traffic it will go via ampr-gw via its internet if and will be dropped, since packets with source 44 from the internet are filtered because of that 44/8 routing rule some talked about.
So basically the only traffic from a 44 to another 44 subnet can work bidirectionally only via IPIP mesh or private tunnels. If there is a ilegitimate traffic there, it can be only by accidental or intentional misconfiguration at one of the IPIP/tunnel partners.
Marius, YO2LOJ
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Jann Traschewski Sent: Sunday, June 14, 2015 04:39 To: AMPRNet working group Subject: [44net] Two questions
1. Around 99% of all webcams on the HAMNET are *only* reachable if you establish the connection using a *source-44* ip address. Do you think this restriction is enough if you don't want to expose the webcam to the internet but want to share with other AMPRNet users?
(...)