Direwolf to LinBPQ config

John WQ6N has found a solution for direwolf and Linbpq that works very well for HF.

Direwolf.conf

bpq32.cfg

 

AEA/Timewave TNCs / Kantronics Manual

AEA/Timewave TNCs

PK-900 -> Manual -> PK900Man.pdf
PK-900 -> Pinout -> PK900Pins.gif

DSP-2232 -> Manual -> There is no soft copy to find, the manual of the PK-900 is 99% the same
DSP-2232 -> Pinout -> PK900Pins.gif

PK-232 -> Manual -> PK232MBXman.pdf
PK-232 -> Manual -> PK232MBXnode.pdf

PK-88 -> Manual -> pk-88.pdf

Kantronics

KPC3 -> Manual -> KPC-3P_Manual_ver9B.pdf
KPC3 -> Pinout -> kpc3ppinout.pdf

KPC 9612 -> Manual -> KPC-9612PMX_Manual.pdf
KPC 9612 -> Pinout -> kpc9612pinout.pdf

KAM98 -> Manual -> KAM98_manual.pdf
KAM98 -> Pinout is the same as KPC3

KAM-XL -> Manual -> KAMXL_manual.pdf
KAM-XL -> Pinout -> kamxlpinout.pdf

 

 

Direwolf and Jnos (review)

In the previous post about Direwolf and jnos i use Direwolf-1.3 and does not know about the SERIALKISS port.
John WQ6N point it out to me… Tnx John WQ6N. Nice one.
Read the previous post.
So maybe I wrote that script for nothing. This is working pretty simple 🙂

In Direwolf 1.5-beta is it possible to use SERIALKISS to connect com to com.
I have try to use a PTY pair created with socat.

I use conspy to look at the output of Direwolf. apt-get install conspy
Use it just like this “conspy 3” The number 3 stands for the tty were Direwolf is running on /dev/tty3.
Hit the escape button a couple of times to exit.

Here is the output of Direwolf

Ok that is working quit well.
I start Direwolf with the option “-d kn” So you can look at the kiss communication between Direwolf and Jnos.

Some text out of the User-Guide.pdf.
“Up to 3 concurrent TCP KISS client applications are allowed at the same time.
You can raise this limit by increasing the value of MAX_NET_CLIENTS, in source file kissnet.c and recompiling.”

Whoooo thats nice up to 3 (and more) applications can connect to Direwolf on the KISSPORT.
And there is also the AGW and the SERIALKISS port. Men where do I start.

John WQ6N

John WQ6N has found something that is useful. He use a Legacy BSD pseudo pair.
There are no Legacy BSD pseudo pairs in Linux any more. But it is possible to create some.

After editing the grub file run the command “update-grub” and reboot.

So now it`s time to set Direwolf and Jnos to use the pty Legacy devices.

Direwolf and Jnos

The scipt…. Small but work quit well

This is what i found in the change.log of Jnos

This is some monitor output of Direwolf.

Dire Wolf version 1.3

Reading config file /direwolf/direwolf.conf
Audio device for both receive and transmit: plughw:0,0 (channel 0)
Channel 0: 1200 baud, AFSK 1200 & 2200 Hz, E+, 44100 sample rate.
Ready to accept AGW client application 0 on port 8000 …
Use -p command line option to enable KISS pseudo terminal.
Ready to accept KISS client application on port 8001 …

Connected to KISS client application …

[0L] PD2LT-2>NODES:<0xfe>
[0L] PD2LT-9>NODES:<0xff>LAPNOS
[0L] PD2LT-9>NODES:<0xfe>LAPNOS

PD2LT-2 audio level = 14(3/3) [NONE] |||||||__
[0.3] PD2LT-2>NODES:<0xfe>

PD2LT-9 audio level = 14(3/3) [NONE] ||||||||_
[0.3] PD2LT-9>NODES:<0xff>LAPNOS

SCS Tracker Driver for BPQ32 switch

SCSTracker.dll

This driver allows BPQ32 applications to make and receive Robust Packet or HF Packet calls using the SCS Tracker TNC. This driver is intended for using the Tracker on HF for forwarding, and only allows one connect at a time. For normal VHF operation or user access on HF, there is a separate driver, SCSTrackerMulti, that supports multiple connections (but not scanning).

Although the Tracker is an ax.25 controller, the driver only allows it to be used by one session at a time, so you must use the ATTACH command to allocate the port before making a call. So if your Tracker port is BPQ32 port 3, enter

ATTACH 3

Possible responses are:

#BPQ11:GM8BPQ-2} Ok

#BPQ11:GM8BPQ-2} Error – Invalid Port   // Port is not a Tracker port.

#BPQ11:GM8BPQ-2} Error – Port in use   // Port is in use.

Once attached to a port, you can issue commands to the TNC. These are the same as you would use to control the Tracker from a terminal, except that you don’t type an ESC before each command.

You can also select which mode a connect will be made in be entering HFPACKET or RPACKET. So to make a Robust call, enter

ATT 3
RPACKET
C CALLSIGN

For a normal (300 Baud HF Packet) call enter:

ATT 3
HFPACKET
C CALLSIGN

Configuration.

The driver configuration is specified in the bpq32.cfg file

The driver is defined to BPQ32 as an External port, and needs some driver-specific configuration

The first line of the config defines what BPQ Application incoming calls should connect to. If omitted, calls go to the command handler.

If you are using the Rig Control feature for scanning, add the RIGCONTROL command next.

If you want to listen for both normal and Robust packet connects, use the SWITCHMODES n command. This specifes how long to spend in each mode. Note Rigcontrol will override this.

If you want users to be able to connect to any of your applications, use the USEAPPLCALLS command.

If you want the controller to start in Robust mode, and return to that mode after a connect, use DEFAULT ROBUST

All commands that are essential to run with BPQ32 are sent automatically. You only need to include any special setup you need.

The commands that are preset are in two groups. One set is sent before the commands you specify, so can be changed. The others are sent after your commands, as they are essential for correct operation with BPQ32.

Sent before your config

Sent after your config

MYCALL is set to the PORT config PORTCALL if specified, otherwise to NODECALL. Any MYCALL in the config file is ignored.

Other possible configuraton parameters are:

FORCE ROBUST
Only use Robust Packet. Disable any switch to Normal Packet

WL2KREPORT
send Frequency info to the WINLINK database. See here for details.

UPDATEMAP
The modem logs connects to the Nodemap if you have specified a LOCATOR in your BPQ32.cfg. If you specify UPDATEMAP, stations heard will also be sent to the map.

BEACONAFTERSESSION
Send Beacon after each session

Sample SCS Trcker Configuration

© John Wiseman GM8BPQ/G8BPQ

SCS Tracker Multiconnect Driver for BPQ32 switch

TrkMulti.dll

This driver allows the SCS Tracker TNC to be used in Host Mode for user access to BPQ32 applications. The Tracker can be used in KISS mode for this purpose, but the Tracker’s dynamic parameter tuning works only in Host Mode. There is a separate driver, SCSTracker that supports scanning, but only a single connect at a time, primarily for use for BBS forwarding.

Configuration.

The driver configuration is specified in the bpq32.cfg file

The driver is defined to BPQ32 as an External port, and needs some driver-specific configuration

All commands that are essential to run with BPQ32 are sent automatically. You only need to include any special setup you need. Any Tracker Commands can be entered. The PACKETCHANNELS command is used to set the number of connects accepted (Default is 10)

The commands that are preset are in two groups. One set is sent before the commands you specify, so can be changed. The others are sent after your commands, as they are essential for correct operation with BPQ32

Sent before your config

Sent after your config

MYCALL is set to NODECALL. Any MYCALL in the config file is ignored.

Sample SCS Tracker Multi Configuration.

© John Wiseman GM8BPQ/G8BPQ

New DoS

If you have not already seen it, experiences it, or read about it, working to head off another reflection DOS vector. This time it is memcached on port 11211 UDP & TCP. There are active exploits using these ports. Reflection attacks and the memcached is not new. We know how reflection attacks work (send a spoofed packet to a device and have it reflected back (yes please deploy source address validation and BCP 38).

Operators are asked to review their networks and consider updating their Exploitable Port Filters (Infrastructure ACLs) to track or block UDP/TCP port 11211 for all ingress and egress traffic. If you do not know about iACLs or Explorable port filters, you can use this white paper details and examples from peers on Exploitable Port Filters:

http://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/

Enterprises are also asked to update their iACLs, Exploitable Port Filters, and Firewalls to track or block UDP/TCP port 11211 for all ingress and egress traffic.

Deploying these filters will help protect your network, your organization, your customers, and the Internet.

This should help protect you if you add this to your firewall.