On 24.04.2014 01:42, Cory (NQ1E) wrote:
We also need to be careful about the terminology we use when referring to security, in order to avoid mistaken assumptions. Source addresses can be used in our case to provide a convenient filter against the majority of incoming junk internet traffic. However, this must not be confused for "authentication" or knowing *who* is sending you the packets. Make sure you understand the risks when opening up a service on your network. If you're trying to filter out most undesirables, source filtering can be okay. However, if you need to know who you are talking to, you must use another method. Also, myself and several others on this list may be in a good position to help if you need assistance in this area.
I don't need to know who I am talking to. I only need to know that I am talking to a radio amateur. Since the net44 address space is provided for radio amateurs *only* I offer radio services for people coming from net44 IP addresses (e.g. I like the way http://kb3vwg-010.ampr.org/tools/aprscode works)...
(Please don't start the "spoofing" discussion now. Services need bidirectional communication to work...).
I think most of us were happily providing radio services on the IPIP mesh in the "former days" before we started with BGP direct connected gateways... So why should this have changed now? What is wrong thinking to find radio amaterus behind source44 addresses?
73, Jann DG8NGN