Re: [44net] A new era of IPv4 Allocations : Agree

On 11 Aug 2021, at 15:00, pete M via 44Net <44net(a)mailman.ampr.org> wrote: You really dont see the big picture and only look at local solution for your specific need and case. What if a large group of ham make it possible to run a very large network of microwave links and you can connect to it from your home with a simple little radio from tp-link at 45$ US. Now you would like to connect to other ham. and you would like to have other ham to connect to your service you provide from that connection. How to you propose to have your need fufill with firewalling? How do you propose to have no other traffic than ham stuff that connect to your services? Will you manage login/password system to let only ham access some SDR receiver you provide? How many ham will you manage? do you have the coding skill to implement such things over other working software ? If not you, the other ham that would love to leave free accress to all ham? With your solution of firewalling they are left in the dirt. I see your next point comming. The ham that feed the links to the internet should firewall on their side. Ok , and how should they manage other hams that are not connected inside their RF network? make eception in the firewall rules? And what if someone on the internet spoof some IP adress? Cause it is easy to do so. We have seen this just the spring and there could still be some doing it right now undetected yet. And what about the LARGE firewall rules the rf link provider will need to create as each new user that want or dont want to be behind the big firewall? Pierre VE2PF ________________________________________ De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de Rob PE1CHL via 44Net <44net(a)mailman.ampr.org> Envoyé : 11 août 2021 04:28 À : 44net(a)mailman.ampr.org Cc : Rob PE1CHL Objet : Re: [44net] A new era of IPv4 Allocations : Agree You already proved yourself wrong in the answer to Ruben. It does not matter how you layout your network, there is always the risk of bad people no matter how you do it. So everyone has to put a firewall close to their precious computers that allows outsiders to access only what they want them to access. You can partly use the source address for some of that validation, but that should only be used for noncritical access rules like "are they allowed to use my NTP and DNS server" and not critical rules like "are they allowed to operate my transmitter, or enter information in my system". For that, a separate authentication method is always required. It has been discussed before, it would be nice to have a global authorization system where you can validate that a user you have not registered locally is a valid radio amateur license holder, e.g. user VE2PF can be validated using some method like username/password, user certificate, etc. So people who forced their entry into the network still do not have that. But there is no way that some split in the network address range is going to provide anywhere near that, it will just be snakeoil security and it requires only one unguarded network entry to allow bad people to access that entire network, even when it is an "intranet". Rob _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net