24 Apr
2014
24 Apr
'14
1:24 a.m.
On 24.04.2014 01:42, Cory (NQ1E) wrote:
We also need to be careful about the terminology we
use when referring to
security, in order to avoid mistaken assumptions. Source addresses can be
used in our case to provide a convenient filter against the majority of
incoming junk internet traffic. However, this must not be confused for
"authentication" or knowing *who* is sending you the packets. Make sure
you understand the risks when opening up a service on your network. If
you're trying to filter out most undesirables, source filtering can be
okay. However, if you need to know who you are talking to, you must use
another method. Also, myself and several others on this list may be in a
good position to help if you need assistance in this area.
I don't need to know who I am talking to. I only need to know that I am
talking to a radio amateur. Since the net44 address space is provided
for radio amateurs *only* I offer radio services for people coming from
net44 IP addresses (e.g. I like the way
http://kb3vwg-010.ampr.org/tools/aprscode works)...
(Please don't start the "spoofing" discussion now. Services need
bidirectional communication to work...).
I think most of us were happily providing radio services on the IPIP
mesh in the "former days" before we started with BGP direct connected
gateways... So why should this have changed now? What is wrong thinking
to find radio amaterus behind source44 addresses?
73,
Jann
DG8NGN
--
Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany
Tel.: +49-911-696971, Mobile: +49-170-1045937, E-Mail: jann(a)gmx.de
Ham: DG8NGN / DB0VOX, http://www.qsl.net/dg8ngn