Re: Is the repeater down?


 

Seems my node also suffered the same attack but weathered the storm. I will attempt during a busy net to disconnect the ports when the repeater is keyed up from the node. This worked in the past and should still work if dead key is coming from port two? At least the repeater would still be in operation. The DTMF commands are simple and would allow members to separate digital traffic from repeater if these are a problem. I agree with Shawn with being able to remote reset the system also, the ability to remote power cycle would be a great go to as last resort before heading up the hill.
I'm not a network guy but all other suggestions should be on the table. One more thing would be a message chain text or something letting people know the system is down.
Just a few thoughts. 
The poor little Pi just could not deal with it, hopefully this is done and over but these guys can be persistent.

Ken W7ECK
Good job getting the system back up.

On Tue, Oct 31, 2017 at 6:49 AM, Paul Butzi (W7PFB) <w7pfb@...> wrote:
I’m a big fan of the Raspberry Pi but I have concerns about using it as an outward facing server, as it’s just a bit short on resources in the face of a distributed attack like this.  But as Shawn points out, the attack failed in the sense that they did not get in.

One obvious precaution would be to stick a little bit of hardware between the Raspberry Pi IRLP server and the repeater which imposes a timeout on how long the server can key the repeater.  That way if the server crashes in this way, the timeout is triggered and either the IRLP server loses the ability to key the repeater or it could just reboot the IRLP server.

-p W7PFB
73, Don’t forget to smile and have fun!

> On Oct 30, 2017, at 11:17 PM, Shawn / K7ATA <shawn@...> wrote:
>
> Shawns insights:
>
> During and after the KBARA net, there was a concerted, and most likely automated, effort to access the IRLP server with the superuser account. This attack failed. ( Hurray for high entropy passwords!)
>
>
> The automatic security logs on the server recorded the automatic, temporary, ban of hundreds of I.P. addresses in a very short span of time.  This large volume of connection attempts exhausted available resources on the server even as they were rejected, causing the server to crash in a bad state.
>
>
> Going forward, I want to explore hardware options that allow for both automatically and remotely resetting the server, as well as increasing the security on the server, making it less tolerant of login errors, more restrictive on who can connect, and making it harder to find and connect to it from the wild internet.
>
>
> --Shawn
> --K7ATA
>
> On 10/30/2017 9:36 PM, Robin Amundson wrote:
>> Wow, you guys are all amazing. Thanks!
>> Robin, WA7CPA
>>
>> On Mon, Oct 30, 2017 at 9:33 PM, Paul Butzi (W7PFB) <w7pfb@... <mailto:w7pfb@...>> wrote:
>>
>>    Shawn will presumably offer his insights.
>>
>>    Shawn went up to Cougar, I rode along.  Jim W7ABD had mentioned to
>>    me that after the KBARA net, the repeater started transmitting
>>    full power but no modulation.  That went on for about 20 minutes,
>>    then the repeater went silent.
>>
>>    Shawn and I found no indication of any power supply problems.  We
>>    rebooted the Raspberry Pi and power cycled the repeater.
>>    Everything came right up.
>>
>>    My guess is that the Raspberry Pi wedged with the keying line
>>    stuck - the repeater then transmitted until something timed out.
>>    With the key held down continuously by the Raspberry Pi, the
>>    repeater could not reset.
>>
>>    No idea on why the Raspberry Pi got into that state, though.
>>
>>    Should be interesting the next time IRLP disconnects the way it
>>    presumably tried to do this morning.
>>
>>    -p W7PFB
>>    73, Don’t forget to smile and have fun!
>>
>>>    On Oct 30, 2017, at 8:28 PM, Ken Kosters <kenkosters@...
>>>    <mailto:kenkosters@...>> wrote:
>>>
>>>    Just talked with Howard and Shawn fixed the problem. Fantastic
>>>    job Shawn.
>>>    I forgot to turn radio on heading home from work or might have
>>>    noticed.
>>>    I would love to know the reason why and how or least educated
>>>    guess. Last time this happened it was issue with firmware on
>>>    controller years ago.
>>>
>>>    Ken
>>>
>>>
>>>    On Oct 30, 2017, at 8:15 PM, Ken Kosters <kenkosters@...
>>>    <mailto:kenkosters@...>> wrote:
>>>
>>>>    I have not heard any jamming problems on UHF and repeater is
>>>>    working fine as I just tested. I would expect it might have been
>>>>    timed out?
>>>>
>>>>    Ken
>>>>
>>>>
>>>>    On Oct 30, 2017, at 7:29 PM, Robin WA7CPA via Groups.Io
>>>>    <robininwashington=yahoo.com@groups.io
>>>>    <mailto:robininwashington=yahoo.com@groups.io>> wrote:
>>>>
>>>>>    I realized late in the day my radio is very quiet. I have
>>>>>    changed antennas, tried my new Alinco, ordered another cheap
>>>>>    Baofeng and antenna.  Now I hear from Howard, W1HMB,  the
>>>>>    Monday QSO party is cancelled because the repeater is down. I
>>>>>    bet someone knows the story. Is it the bad-boy jammer? I
>>>>>    haven't been listening much the last several weeks.
>>>>>
>>>>>    Thanks,
>>>>>    Robin, WA7CPA
>>
>>
>
>
>
>
>





Join snovarc@snovarc.groups.io to automatically receive all group messages.