SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #1  
Old 3 February 2020, 14:43
Jim1348 Jim1348 is offline
Confirmed User
 
Join Date: Sep 2013
Location: US
Posts: 249
Port Forwarding Question

This is not a military question, so that is why I am posting in his area. I bought a DVMEGA Cast, which is an AMBE3000 based Multimode IP radio for DMR, D-Star and Fusion, which are three digital modes used on amateur radio VHF/UHF bands. I also installed a DVMEGA DVstick 30, which, as I understand it, allows the DVMEGA Cast to act as a de facto server. I have installed BlueDV AMBE on my Samsung Galaxy S9 and I have been trying to connect to my DVMEGA Cast with the BlueDV AMBE, but I have been unsuccessful.

The directions are a bit unclear to me, but I think what I might need to do is configure my router to allow Port Forwarding, so that I can connect with the BlueDV AMBE Android app.

For those that are, or were, into networking, does that make sense and sound like something I should try?


http://www.dvmega.nl/dvmega/

https://www.gigaparts.com/dvmega-dvstick-30.html

https://play.google.com/store/apps/d...VAMBE&hl=en_US
Reply With Quote
  #2  
Old 3 February 2020, 15:08
hawkdrver's Avatar
hawkdrver hawkdrver is offline
Red Headed Stepchild
 
Join Date: May 2008
Location: AK
Posts: 3,590
Are you planning on using the app from anywhere outside your home network?
Reply With Quote
  #3  
Old 3 February 2020, 15:49
Jim1348 Jim1348 is offline
Confirmed User
 
Join Date: Sep 2013
Location: US
Posts: 249
Port Forwarding Question

Yes, it will be used away from the home network.
Reply With Quote
  #4  
Old 3 February 2020, 16:16
hawkdrver's Avatar
hawkdrver hawkdrver is offline
Red Headed Stepchild
 
Join Date: May 2008
Location: AK
Posts: 3,590
Then you'll need to set up port forwarding. It's not difficult, but it can be a little confusing and there are security implications to consider by opening up your network to the outside world.

Our resident IT gurus may know of another way to do it via VPN, that's about the extent of my nerdery.
Reply With Quote
  #5  
Old 3 February 2020, 18:50
cedsall's Avatar
cedsall cedsall is offline
giving you a number
 
Join Date: Aug 2010
Location: Washington, DC
Posts: 634
Quote:
Originally Posted by hawkdrver View Post
Then you'll need to set up port forwarding. It's not difficult, but it can be a little confusing and there are security implications to consider by opening up your network to the outside world.

Our resident IT gurus may know of another way to do it via VPN, that's about the extent of my nerdery.
Port forwarding exposes the device at the end of the port forwarding to the internet.

Exposing anything to the internet is a bad idea.

DNS (a key function of the internet that requires the server be internet connected) has been around for over 30 years and the developers of DNS servers are still routinely producing security patches to overcome the latest hack.

If you are going to port forward, you'll want to add other limiters such as source ip address to limit your exposure.

That said, one of the early internet hacks (the Mitnick hack in 1979) had Mitnick doing a blind spoof of a source ip address so access controls have limited viability.

If I were going to port forward, I'd make sure the device at the end of the port forward was disposable.
Reply With Quote
  #6  
Old 3 February 2020, 21:38
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 8,542
There's a lot going on in this thread. Let's unpack it a bit and I'll add my commentary

1. The only thing port forwarding is going to do is allow the app to connect to the service while on your home network (or wherever you have the network setup, via the router). It doesn't inherently open your home network to the entire internet. It's more nuanced than that. See #2
2. From my cursory glance* at the BlueDV AMBE Android app, and the AMBESERVER app, it's all done over SSH, so that traffic will be encrypted in transit from point A (the service) to point B (the app on your phone)
3. DNS has nothing to do with any of this.
4. Use a throw-away computer, or set up a Raspberry Pi. Don't use your personal PC/laptop.

*I didn't do a formal code review, just a quick peek

TL:DR: this is so your mobile app can communicate with a device back in your home. If properly configured and maintained, you'll be fine.

Edit to add: If you have the technical chops, you can add further restrictions on what can interact with that service, via your home router.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo

Last edited by CV; 3 February 2020 at 21:45.
Reply With Quote
  #7  
Old 3 February 2020, 21:51
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 8,542
Goddammit, I got sucked in.

My apologies to cedsall, DNS is used if you want to make it accessible to the the wide internet. I could make an argument for why you wouldn't want to and just simply have an IP address provisioned using something like AWS.

From THIS link, you can see how 'sshd' is set up on a Raspberry Pi. Cool project, and cheap enough that it's a good solution for ensuring it's isolated. You can also use the public IP your ISP gave you. Shouldn't be any issues as long as you have basic security hygiene.

This is a good resource: https://nw-digital-radio.groups.io/g/ambe
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #8  
Old 4 February 2020, 06:16
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 14,756
Just get a free Dynamic DNS "name" from one of the big providers like No-IP.com like: hamnerd.no-ip.biz

Find out what port the application listens on.

Set a static IP for that computer outside the DHCP range.

Go into router and port forward from outside to in - ex:

Ham Program, Port 12234 > Local IP 192.168.1.45 Port 12234

Put > hamnerd.no-ip.biz 12234 in your android app.

Profit.

If CV is right, and the app is using SSH, it'll have a user/pass requirement, so should be pretty safe. Even then, unless there is a known flaw, even just connecting "normally" is probably fine - I have email servers and other programs listening for connections, and haven't been "hacked" in 20 years (ever).
__________________

"It's A Long Way, To 61,000 If You Want To Rock And Roll"

"Team Apocalypse"
COVID-19 Deaths: 9,664 (NY )

Economy Wasn't Destroyed For:
2009 "Swine Flu" 12,000 KIA
2017/2018 Influenza 61,000 KIA
1957 "Asian Flu" 70,000 KIA
'68-'72 "Hong Kong Flu" 100,000 KIA

12 April 2009 to 10 April 2010, 60.8 million cases, 274,304 hospitalizations, and 12,469 deaths due to H1N1

2017/2018 Health Care System "Shock": 45 million people getting sick with influenza, 21 million people going to a health care provider, with 810,000 hospitalizations.

Reply With Quote
  #9  
Old 4 February 2020, 22:43
cedsall's Avatar
cedsall cedsall is offline
giving you a number
 
Join Date: Aug 2010
Location: Washington, DC
Posts: 634
Some clarification.

Re: DNS, I was making the point that it's the server that's compromised. DNS servers must be exposed to the internet to work. They've been around for over 40 years and for all that time the industry has been trying to secure them. They still haven't succeeded. Vendors will tell you their wares can withstand exposure to the internet. They're lying.

My point is - if you expose something to the internet (including an ssh server), plan on it to being compromised. Encryption protects traffic in transit, it doesn't secure the exposed service and it's the service that's hacked, not the traffic. Too many people out there with nothing better to do than craft packets to throw random character strings at servers in an attempt to find the next buffer overflow that causes the service to misbehave in a way that's exploitable.

The only way to prevent an internet exposed service from becoming an attack vector is to design a network architecture that isolates the service.
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 08:34.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
SOCNET 1996-2020