Hi Brian and all,
It seems that my gateway is the bad one. I have one rule that redirects the traffic from INET addresses to 44.134.x.x addresses back again into the tunnel to the amprgw router. It's an old configuration and I did that to make reachable from Internet a 44net host. It should work only when a hostname in the Ampr.org DNS is associated to those 44net IP address. For sure there's something that I did wrong. Is this a supported routing configuration? Or am I abusing some policies? Later this night I will look into that. My idea is to implement some iptables rules (thanks for sharing) in order to block unwanted traffic.
Sorry for causing this mess! Regards, Marco iw2ohx
On 20/04/2017 16:47, Brian Kantor wrote:
(Please trim inclusions from previous messages) _______________________________________________ In analyzing the log, it's pretty clear that before I started filtering these packets out, amprgw was being used to attack hosts all over the Internet from a huge list of spoofed packet outer source addresses.
New firewall rules require that incoming proto-4 packets have to have an outer source address of one of the registered gateways, and forwarding rules require the inner source address to be on network 44 and on the list of registered hosts. This should help some.
Given those rules, the following gateways have been attempting to send encap packets with non-44 inner source addresses:
23.30.150.141 24.55.194.111 24.147.182.8 24.215.95.200 24.229.88.253 59.167.198.158 67.164.64.8 77.138.34.39 85.186.143.52 85.234.252.133 87.105.249.51 87.251.250.110 91.121.90.186 * 104.49.12.130 104.238.183.161
- this one has been doing it a lot
If people who operate these gateways could look into why they're doing this it would be appreciated.
- Brian
On Thu, Apr 20, 2017 at 05:50:41AM +0000, R P wrote:
May you provide a list of all these gateways you see ? so that their maintainers will be aware and fix the problem ? I hope one of them is not myn ....
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net