17 May
2017
17 May
'17
6:42 a.m.
All,
If it helps understanding the low traffic, personally I lost commercial
Internet between 01:10 UTC and 03:10 UTC.
Also, I saw something rather strange while my Internet was "out"
2017-05-16 21:32:23.893 0.529 ICMP 44.60.44.1:0 ->
71.163.244.1:3.0 2 696 1
I'm not quite sure why (and how) my new Verizon gateway sent an IPENCAP
packet to my tunl0 interface, while I was offline, prior to obtaining a
WAN IP...and elicited a response...even though it should have failed,
they could have captured these packets encaped and bound for AMPRGW.
All I can tell is:
- the inner and outer source IP addresses could not have been a bogon
(unless ampr-ripd bypasses the RAW iptables as well) and did not equal
44.60.44.0/24
- the destination inner address must have been some IP for which I have
a local route - but NOT on table 44; and does not equal 44.60.44.0/24
- my Kernel appears to be leaking information that an IP exists locally
- my best guess is they attempted to reach the outside IP of their
downstream router via the tunnel, and no route exists
I believe this behavior should have failed with kmod-ipip, as I have a
firewall rule in place to accept IPENCAP only from your valid GW IPs. As
most may now know, I bring-my-own-device on my Verizon FiOS because I
observed the IPENCAP forward rule removed multiple times without my
intervention. Their router is downstream only to allow MOCA bridging
(and to connect as the gateway when I have a service ticket, as they
will only troubleshoot with it).
- Lynwood
KB3VWG