On Sat, Jun 10, 2017 at 02:44:45AM +0000, Tom C wrote:
What about the RIP44 broadcast? I added a line to log to /var/etc/syslog when the load_ipipfilter runs this morning. I was concerned I wasn't getting the broadcasts but it ran at 1320UTC and it ran at 1920UTC so I think I'm getting them. To verify, are they addressed to the external address registered in the portal? I want to add an iptables log rule to log when they come in.
Thanks.
--tom/n2xu
The RIP44 transmissions originate every 5 minutes as IPIP encapsulated UDP packets for port 520 from 169.228.34.84 and sent individually to the commercial (external) address of every gateway. They are IPIP encapsulated packets, so without de-encapsulating them, the RIP is not visible.
The content of each transmission is a series of encapsulated packets with an inner source address of 44.0.0.1 and an inner destination of 224.0.0.9, the RIP multicast address.
There are currently 25 full and one partially-full packets sent to each gateway. There is a 100-microsecond delay between successive packets. The total transmission time for all 26 packets to all 433 gateways is under 2 seconds.
Note that if an ICMP unreachable response to the transmission is received, no further packets will be sent to that gateway during the current 5-minute cycle, but will resume on the next run 5 minutes later.
A typical packet as seen in tcpdump is below. - Brian
20:02:04.969185 IP (tos 0x0, ttl 64, id 13740, offset 0, flags [none], proto IPIP (4), length 552, bad cksum 0 (->4af3)!) 169.228.34.84 > 83.162.216.88: IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 532) 44.0.0.1.520 > 224.0.0.9.520: RIPv2, Response, length: 504, routes: 25 or less Simple Text Authentication data AFI IPv4, 44.46.0.11/32, tag 0x0004, metric: 1, next-hop: 216.106.6.183 AFI IPv4, 44.46.17.0/24, tag 0x0004, metric: 1, next-hop: 107.172.42.138 AFI IPv4, 44.46.19.0/24, tag 0x0004, metric: 1, next-hop: 131.151.102.29 AFI IPv4, 44.46.32.0/24, tag 0x0004, metric: 1, next-hop: 75.132.48.79 AFI IPv4, 44.46.64.0/24, tag 0x0004, metric: 1, next-hop: 104.131.81.118 AFI IPv4, 44.46.128.0/24, tag 0x0004, metric: 1, next-hop: 99.98.226.199 AFI IPv4, 44.48.0.10/32, tag 0x0004, metric: 1, next-hop: 205.171.203.226 AFI IPv4, 44.48.0.16/30, tag 0x0004, metric: 1, next-hop: 104.236.122.16 AFI IPv4, 44.48.0.40/29, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.1.0/29, tag 0x0004, metric: 1, next-hop: 98.158.218.169 AFI IPv4, 44.48.5.0/29, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.6.0/29, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.8.0/22, tag 0x0004, metric: 1, next-hop: 96.82.54.108 AFI IPv4, 44.48.12.0/24, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.16.0/24, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.17.0/30, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.18.0/26, tag 0x0004, metric: 1, next-hop: 216.252.59.3 AFI IPv4, 44.48.31.0/30, tag 0x0004, metric: 1, next-hop: 73.146.173.214 AFI IPv4, 44.48.128.0/24, tag 0x0004, metric: 1, next-hop: 104.4.69.20 AFI IPv4, 44.50.0.69/32, tag 0x0004, metric: 1, next-hop: 199.10.4.185 AFI IPv4, 44.50.192.0/27, tag 0x0004, metric: 1, next-hop: 108.160.233.78 AFI IPv4, 44.50.192.128/29, tag 0x0004, metric: 1, next-hop: 199.10.4.185 AFI IPv4, 44.52.11.32/28, tag 0x0004, metric: 1, next-hop: 74.94.164.116