24 Apr
2014
24 Apr
'14
8:56 a.m.
Jann,
I believe Cory's point here is that you can (relatively safely) make the assumption
that someone coming from a 44-net IP is likely going to be someone in the amateur radio
community. However, that doesn't tell you who they are. This is the distinction I
believe Cory is trying to make that source IP is not authentication. If your goal is to
provide a service that relies on knowing you're talking with a specific person, then
you need to start looking at authentication methods, a number of which have been
discussed, such as usernames/passwords, certs, etc.
Nigel
K7NVH
On Apr 23, 2014, at 11:24 PM, Jann Traschewski <jann(a)gmx.de> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On 24.04.2014 01:42, Cory (NQ1E) wrote:
We also need to be careful about the terminology
we use when referring to
security, in order to avoid mistaken assumptions. Source addresses can be
used in our case to provide a convenient filter against the majority of
incoming junk internet traffic. However, this must not be confused for
"authentication" or knowing *who* is sending you the packets. Make sure
you understand the risks when opening up a service on your network. If
you're trying to filter out most undesirables, source filtering can be
okay. However, if you need to know who you are talking to, you must use
another method. Also, myself and several others on this list may be in a
good position to help if you need assistance in this area.
I don't need to know who I am talking to. I only need to know that I am
talking to a radio amateur. Since the net44 address space is provided
for radio amateurs *only* I offer radio services for people coming from
net44 IP addresses (e.g. I like the way
http://kb3vwg-010.ampr.org/tools/aprscode works)...
(Please don't start the "spoofing" discussion now. Services need
bidirectional communication to work...).
I think most of us were happily providing radio services on the IPIP
mesh in the "former days" before we started with BGP direct connected
gateways... So why should this have changed now? What is wrong thinking
to find radio amaterus behind source44 addresses?
73,
Jann
DG8NGN
--
Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany
Tel.: +49-911-696971, Mobile: +49-170-1045937, E-Mail: jann(a)gmx.de
Ham: DG8NGN / DB0VOX, http://www.qsl.net/dg8ngn
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net