I think he is trying to say he receives: Outer (IPIP) pair: from 169.228.34.84 to his gateway (<###.###.###.###>) -> Inner pair (encapsulated): from <any non 44net address-bandits> to <gb7cip hosted 44net: gateway routes> This is how any internet originated traffic looks like, and everything comes over ampr-gw (44.0.0.1/169.228.34.84).
There is not much one can do about it, except unregistering the hosts in the DNS, which will prevent forwarding by the ampr gateway.
Marius, YO2LOJ
On 11.11.2020 14:27, lleachii--- via 44Net wrote:
Paul,
Wait...are you saying that you're receiving IPENCAP packets from a registered gateway - that contains malicious or invalid traffic?
Or that you see malicious traffic with an internal source IP matching the subnet registered to GB7CIP??? (AMPRGW doesn't send 44 packets unless they's BGP, as I recall...)
Or that you're receiving routes from a source other than AMPRGW???
In networking context, it's not completely clear what you mean by "pairs of addresses". I don't understand the need to obfuscate the IPs.
<gb7cip hosted 44net: gateway routes>
- KB3VWG
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net