Jann,
I believe Cory's point here is that you can (relatively safely) make the assumption that someone coming from a 44-net IP is likely going to be someone in the amateur radio community. However, that doesn't tell you who they are. This is the distinction I believe Cory is trying to make that source IP is not authentication. If your goal is to provide a service that relies on knowing you're talking with a specific person, then you need to start looking at authentication methods, a number of which have been discussed, such as usernames/passwords, certs, etc.
Nigel K7NVH
On Apr 23, 2014, at 11:24 PM, Jann Traschewski jann@gmx.de wrote:
(Please trim inclusions from previous messages) _______________________________________________ On 24.04.2014 01:42, Cory (NQ1E) wrote:
We also need to be careful about the terminology we use when referring to security, in order to avoid mistaken assumptions. Source addresses can be used in our case to provide a convenient filter against the majority of incoming junk internet traffic. However, this must not be confused for "authentication" or knowing *who* is sending you the packets. Make sure you understand the risks when opening up a service on your network. If you're trying to filter out most undesirables, source filtering can be okay. However, if you need to know who you are talking to, you must use another method. Also, myself and several others on this list may be in a good position to help if you need assistance in this area.
I don't need to know who I am talking to. I only need to know that I am talking to a radio amateur. Since the net44 address space is provided for radio amateurs *only* I offer radio services for people coming from net44 IP addresses (e.g. I like the way http://kb3vwg-010.ampr.org/tools/aprscode works)...
(Please don't start the "spoofing" discussion now. Services need bidirectional communication to work...).
I think most of us were happily providing radio services on the IPIP mesh in the "former days" before we started with BGP direct connected gateways... So why should this have changed now? What is wrong thinking to find radio amaterus behind source44 addresses?
73, Jann DG8NGN
-- Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany Tel.: +49-911-696971, Mobile: +49-170-1045937, E-Mail: jann@gmx.de Ham: DG8NGN / DB0VOX, http://www.qsl.net/dg8ngn _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net