Re: [44net] Portal registrations

Steve, I agree with you about echo requests, to a point. But the host requirements were written back when a username and password were sufficient for security. (I remember the good-ol' days of the NSFnet in the early 80's). In those days, a "firewall" was something made from approved flame-retardant materials. Today, IT managers routinely spend more time fighting spam and hackers than doing anything else. I know the time I've spent on iptables and postfix rules never fails to remind me of how sad it is that I have to spend any time at all on them. So in the corporate world, it is common for key servers to NOT respond to pings. I did a test with my gateway when I first put it up. I had it running for a month or so without accepting pings from the Internet. As soon as I allowed pings, a variety of attacks began, all within a day or so. Luckily, none were successful. My solution was to allow pings from within AMPRnet, but not from external "commercial" Internet machines. That makes it helpful for experimentation and testing within our ham community, but reduces visibility to the outside. The problem with that approach is that it requires a bit more care and configuration knowledge in iptables or whatever firewall solution someone has in place. For many, that's either something that is too much to deal with or something they try to do but aren't quite able to get the configuration right. Bottom line, I think it would be a mistake to rely on ICMP echo requests/response for proof that a gateway is there or not. Our local repeater coordinating body requires coordination holders to update their record once every two years (or maybe it's three years). It's as simple as logging in and clicking a button indicating that their information is current. The database sends automated reminder emails when the update is due. It has worked well for many years and is not onerous for the administrative/system staff or the repeater owners. Something similar seems like the way to go. Michael N6MEF -----Original Message----- From: 44net-bounces+n6mef=mefox.org(a)hamradio.ucsd.edu [mailto:44net-bounces+n6mef=mefox.org@hamradio.ucsd.edu] On Behalf Of Steve Platt Sent: Wednesday, March 13, 2013 2:25 AM To: AMPRNet working group Subject: Re: [44net] Portal registrations My belief is that systems connected to the Internet should respond to ICMP Echo Requests, it is/was in the Host Requirements RFC I think. It's also so useful in an experimental network that I would not want to turn it off. On the other hand, I strongly believe that allocation of static IP addresses should not *automatically* depend on whether a system is switched on 24/7, nor on whether the system responds to a ping. Static addresses need to be managed manually. If address space is scarce, allocate it dynamically. That's what DHCP is for. Best wishes and thanks to all who keep AMPRnet alive! G4WSZ -- Steve Platt