Re: Is the repeater down?

Paul Butzi (W7PFB)

I’m a big fan of the Raspberry Pi but I have concerns about using it as an outward facing server, as it’s just a bit short on resources in the face of a distributed attack like this. But as Shawn points out, the attack failed in the sense that they did not get in.

One obvious precaution would be to stick a little bit of hardware between the Raspberry Pi IRLP server and the repeater which imposes a timeout on how long the server can key the repeater. That way if the server crashes in this way, the timeout is triggered and either the IRLP server loses the ability to key the repeater or it could just reboot the IRLP server.

-p W7PFB
73, Don’t forget to smile and have fun!

On Oct 30, 2017, at 11:17 PM, Shawn / K7ATA <shawn@...> wrote:

Shawns insights:

During and after the KBARA net, there was a concerted, and most likely automated, effort to access the IRLP server with the superuser account. This attack failed. ( Hurray for high entropy passwords!)

The automatic security logs on the server recorded the automatic, temporary, ban of hundreds of I.P. addresses in a very short span of time. This large volume of connection attempts exhausted available resources on the server even as they were rejected, causing the server to crash in a bad state.

Going forward, I want to explore hardware options that allow for both automatically and remotely resetting the server, as well as increasing the security on the server, making it less tolerant of login errors, more restrictive on who can connect, and making it harder to find and connect to it from the wild internet.


On 10/30/2017 9:36 PM, Robin Amundson wrote:
Wow, you guys are all amazing. Thanks!
Robin, WA7CPA

On Mon, Oct 30, 2017 at 9:33 PM, Paul Butzi (W7PFB) <w7pfb@... <mailto:w7pfb@...>> wrote:

Shawn will presumably offer his insights.

Shawn went up to Cougar, I rode along. Jim W7ABD had mentioned to
me that after the KBARA net, the repeater started transmitting
full power but no modulation. That went on for about 20 minutes,
then the repeater went silent.

Shawn and I found no indication of any power supply problems. We
rebooted the Raspberry Pi and power cycled the repeater.
Everything came right up.

My guess is that the Raspberry Pi wedged with the keying line
stuck - the repeater then transmitted until something timed out.
With the key held down continuously by the Raspberry Pi, the
repeater could not reset.

No idea on why the Raspberry Pi got into that state, though.

Should be interesting the next time IRLP disconnects the way it
presumably tried to do this morning.

-p W7PFB
73, Don’t forget to smile and have fun!

On Oct 30, 2017, at 8:28 PM, Ken Kosters <kenkosters@...
<mailto:kenkosters@...>> wrote:

Just talked with Howard and Shawn fixed the problem. Fantastic
job Shawn.
I forgot to turn radio on heading home from work or might have
I would love to know the reason why and how or least educated
guess. Last time this happened it was issue with firmware on
controller years ago.


On Oct 30, 2017, at 8:15 PM, Ken Kosters <kenkosters@...
<mailto:kenkosters@...>> wrote:

I have not heard any jamming problems on UHF and repeater is
working fine as I just tested. I would expect it might have been
timed out?


On Oct 30, 2017, at 7:29 PM, Robin WA7CPA via Groups.Io
<mailto:robininwashington@...>> wrote:

I realized late in the day my radio is very quiet. I have
changed antennas, tried my new Alinco, ordered another cheap
Baofeng and antenna. Now I hear from Howard, W1HMB, the
Monday QSO party is cancelled because the repeater is down. I
bet someone knows the story. Is it the bad-boy jammer? I
haven't been listening much the last several weeks.

Robin, WA7CPA

Join to automatically receive all group messages.