25 Mar
2020
25 Mar
'20
11:57 p.m.
I would also caution when it comes to AMPRNet security, especially in
regards to NAT configuration of public to RFC1918 address space.
"Your origin's subnet will automatically be selected as a /16 subnet
however you need to enter in the actual subnet below it in which would
suit your needs. Don't be greedy request what you actually need for
service nodes. This would not include any 802.11 routers for use on
HamWan/HamNet as doing so would make you quite insecure."
To me at least, this terminology is misleading. The layer 1 transport
(wireless vs wired) has little to do with security in this sense. I
think it might be beneficial to add a basic "Security" page to the
wiki, detailing common best practices for operating public services.
Nate KJ7DMC
On Wed, Mar 25, 2020 at 9:41 PM Adam Korab via 44Net
<44net(a)mailman.ampr.org> wrote:
On 3/25/20, 2:07 PM, "44Net on behalf of Rob Janssen via 44Net"
<44net-bounces+ak=mid.net(a)mailman.ampr.org on behalf of 44net(a)mailman.ampr.org>
wrote:
The relevant page has been updated with your
suggested dialogue
Thanks! It is at least an attempt, let's hope it works.
I hope it does.
One minor thing to bring up though, since I went and re-read the text. It says
"ISPs don't configure their routers with publicly routable IP space for end
users, why would you?"
This is by and large false. Some do indeed use 1918 space for customer facing
interfaces, but most do not, as this practice this can break PMTUD due to dropping PTB
messages sent by 1918 numbered interfaces and is not generally not recommended.
--Adam
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net