The Internet Radio Linking Project - PowerPoint PPT Presentation

1 / 68
About This Presentation
Title:

The Internet Radio Linking Project

Description:

Patches the rc.irlp file. Removes old listeners on ports 15426/15427 ... Linux security holes are exposed and patched before hackers have a chance to ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 69
Provided by: jona99
Category:

less

Transcript and Presenter's Notes

Title: The Internet Radio Linking Project


1
The Internet Radio Linking Project
I.R.L.P
  • Presented by VE7LTDIRLP System Designer
  • Las Vegas, April 16 2005

2
Topics of DiscussionPresentation No. 1
  • Introduction
  • History of Internet Linked Repeaters
  • How IRLP Started
  • Comparison of the Amateur Radio Voice-Over-IP
    Systems
  • What Does the Future Hold?

3
The Internet Radio Linking Project
  • Part 1

4
Introduction
  • The aim of the Internet Radio Linking Project
    (IRLP) is to provide a simple and easy system to
    link amateur radio systems together using the
    Internet as the communications backbone.
  • Similar linking options exist, but they use
    expensive leased telephone lines or satellite
    equipment. It is not the goal of this project to
    compete, but to work along with other networks to
    improve the technology and improve radio linking
    for all involved parties. The people who benefit
    most from the IRLP are its users.
  • The software and hardware requirements are
    minimal, and the cost to set up a node is low.
    This brings the opportunity for smaller more
    remote locations, or small clubs, to experience
    national linking without the large capital cost
    of a satellite node or leased line.

5
History of Internet Linking
  • Back in December of 1996, I was flipping through
    the many magazines at the University of British
    Columbia amateur radio club. I came across the
    December 1996 issue of the QST Amateur Radio
    magazine that had the words "Link your repeater
    to the Internet" written on it. I had a quick
    read through the issue and found a well written
    article by James Millner, WB2REM entitled 'A New
    "Band" for Your Radio'. At first glance, I was
    hooked. What more could I ask for? It was a
    combination of the two hobbies that I love the
    most.
  • My first connection used VocalTec's Iphone. The
    original article by WB2REM used Iphone to send
    the voice over the internet. I did have some
    problems with the software, mainly in the fact
    that Iphone is not very stable nor is it
    controllable. After running Iphone for close to 6
    months on active connections to Vernon BC and St.
    John NB, I decided that the stability and control
    were key. That is when I started getting into
    using LINUX as an operating system and Speak
    Freely as a client/server.

6
History of Internet Linking (contd)
  • Speak Freely is a voice over IP client/server
    package that transmits live audio (i.e. speech)
    over the internet with surprising clarity and
    quality. This program basically allows any two
    parties anywhere on the internet to have a voice
    conversation with each other in real time. My
    objective, and the objective was to use this
    program to link to radio equipment so that voice
    connections can be made without the operator
    being tied to a computer. This will allow hams
    from all around the world to talk to one another
    without relying on radio conditions.
  • Many amateurs have raised a very important
    question regarding this kind of system What if
    non-ham users start connecting to ham repeaters?
    With all the experienced "hackers" out there, I
    can not say that this system is totally
    bullet-proof. I have designed safeguards into my
    software to reject calls from "non-hams".

7
History of Internet Linking (contd)
  • The main hurdle I had to overcome was the
    interface between the computer and the radio.
    From my experience with VOX circuits under
    Iphone, I decided that I HAD to find an alternate
    way to start sending audio and to key the radio
    when audio came in (from the internet side).
    Since the source code for Iphone was not
    available, I had to look for an alternative. I
    was told about Speak Freely by a friend of mine,
    and I decided to give it a try.
  • I played around with modifying the source code
    for several weeks and finally came up with some
    code that worked. The software starts the link
    radio transmitting once packets have been
    received over the internet and unkeys once they
    stop coming in. The software starts sending audio
    once a signal is received and continues to send
    it until the signal is removed. This logic
    control is performed using the parallel port of
    the computer and all the computer chips are on a
    separate interface controller board.

8
History - Conclusion
  • The whole system is DTMF controllable. The
    control codes lie imbedded in a separate program
    that reads the DTMF tones from the decoder chip
    (located on the interface controller board) and
    activates various parts of the software. DTMF
    codes are used to enable/disable linking,
    open/close links and set identifiers. Every site
    will have the ability to connect direct to any
    other site(s), either using direct connections or
    reflector sites.
  • So in a period of 8 months, I switched from a
    piece of software and hardware that someone else
    built, to my own creation which solved all the
    previous problems I was experiencing! Ever since
    the IRLP started, I have never again looked to
    Iphone or Windows for an option in the IRLP
    system.

9
How IRLP Started
  • The Internet Radio Linking Project was started
    back in November of 1997 as an attempt to use the
    internet to link radio systems across Canada. The
    first full time link that was established ran
    from Vancouver, BC to Saint John, NB. The link
    had many problems and was shut down in March of
    1998 due to the numerous computer crashes and
    repeater lockups it was causing, and the lack of
    user control over the system.
  • I set out to design a better way to use the same
    technology to perform the same task, while
    improving usability, user control, and sound
    quality. My first breakthrough was to replace the
    existing operating system, Windows, with a more
    stable and versatile language. I chose Linux, an
    open source form of the operating system UNIX
    designed by Linus Torvolds, because of its
    superior networking characteristics, its
    reliability, and its ease of programming.

10
How IRLP Started (contd)
  • I designed my own interface board to interface
    the radio to the computer. This allowed a large
    amount of delay to be removed from the system
    because two VOX circuits were no longer being
    used . I also wrote my own custom control
    software, and modified an existing voice-over-IP
    software package to accommodate the project.
  • The final product was a combination of hardware
    and software that created a nearly seamless radio
    link between two remote sites on the internet.
    The product works so well that many people can
    not believe that they are talking through a link
    at all!

11
Amateur Voice Over IP Systems
  • Repeaterlink (1996-1998)
  • Designed to use VocalTechs Iphone software
  • Used Microsoft Windows platform
  • Very unstable Frequent crashes
  • No security Anyone on the net could call your
    repeater
  • Not controllable by radio
  • Software required expensive licensing
  • Used VOX circuits in both directions long
    delays and missed words

12
Amateur VoIP Systems
  • IRLP (1997-present)
  • Built on Speak Freely software (Linux and
    Windows)
  • Based on stable Linux platform
  • Very stable
  • Each connection is radio to radio only no
    headsets
  • Heavy security to ensure Amateur-only access
  • Fully controllable by radio
  • Used hardware DTMF and COS circuitry
  • Scripting makes further development easy
  • Still growing

13
Amateur VoIP Systems
  • ILink (1999-2001)
  • Written by Graeme Barnes, M0CSH
  • Based loosely on Speak Freely software (Windows)
  • Based on Microsoft Windows platform
  • Designed to provide a system for people who
    wanted to use headsets to talk over radio (as
    IRLP would not)
  • Very unstable Could not leave unattended
  • Subscription based security Fairly loose
  • Controllable by radio
  • Used software DTMF and COS circuitry
  • Simple interface to radio
  • No longer in existence

14
Amateur VoIP Systems
  • EQSO (1999-Present)
  • Unknown what base software is (Windows)
  • Based on Microsoft Windows platform
  • Allows use of headset speaker/microphones
  • More stable than Ilink Could leave unattended
  • Fairly loose security
  • I know little about system
  • Mainly concentrated in the UK
  • Very small growth

15
Amateur VoIP Systems
  • Echolink (2000-Present)
  • Written by Jonathan Taylor, K1RFD
  • Uses same software base as Ilink
  • Promoted as a more powerful Ilink replacement
  • Many people switched from Ilink to Echolink,
    basically depleting the Ilink system
  • Still growing

16
Amateur VoIP Systems
  • Hamlink (2001-2002)
  • Uses same software base as Ilink
  • Tried to use a pay-by-subscription system
  • Based in Australia
  • Some great ideas and features
  • Never grew past the Beta stage

17
What Does the Future Hold?
  • Both IRLP and Echolink will continue to grow
  • Packages such as EchoIRLP will replace a lot of
    Echolink RF nodes, to allow more flexibility and
    stability for RF links
  • More use or IRLP hardware/software for simple
    linking repeater controller
  • More private IRLP links/reflectors will come into
    use
  • More commercial interest in this technology will
    spawn IRLP and Echolink clones.
  • What do you think?

18
The Internet Radio Linking Project
  • Part 2

19
The Internet Radio Linking Project
I.R.L.P
  • Presented by VE7LTDIRLP System Designer
  • Las Vegas, April 16 2005

20
Web Control of Your Node
  • Overview
  • Requirements
  • Features
  • Accessing Your Nodes Admin Page
  • Get Your Node to Call Your PC
  • Live Demonstration (Network Connection Dependent)
  • How to Setup on Your Node

21
Web Control of Your Node
  • Overview
  • Uses Linuxs built in Apache web server and PHP.
  • Allows you to run several node commands via a web
    interface.
  • Can be used from any internet connection.
  • Password protected using Apaches built in
    security.
  • User expandable This is just a template to get
    you started!

22
Web Control of Your Node
  • Requirements
  • An IRLP node running Redhat 7.3 or 9, or Fedora
    Core 3.
  • Other Linux versions may work, but you have to
    install PHP and Apache on your own.
  • A TCP port be opened for remotely accessing the
    web server from the internet
  • 15426 or 15427 may already be open to your IRLP
    box, and may be usable.
  • Port 80 is default, but many ISPs do not allow
    incoming packets on port 80.

23
Web Control of Your Node
  • Requirements (contd)
  • Apache version 1 or 2 (installed easily via YUM)
  • PHP version 4 or 5 (installed easily via YUM)

24
Web Control of Your Node
  • Features
  • Displays the up-to-date status of your node.
  • Allows you to disable/enable your node at the
    press of a button.
  • Allows you to drop the current call at the press
    of a button.
  • Allows you to initiate a call from your node to
    ANY IP address (used for mobile travellers).
  • Automatically detects your IP address, to make
    remote call feature easier.

25
Web Control of Your Node
  • Features (contd)
  • Allows you to send ANY DTMF sequence to the
    decode script.
  • Allows you to display any number of lines of the
    current messages file.
  • Allows you to edit the environment file,
    custom_decode file, custom_on/off files, timing
    file, and others.
  • Displays the output of the last command run via
    the admin interface.

26
Web Control of Your Node
  • Features (contd)
  • All entries are logged into the messages file.
  • Pages are all viewable from WAP devices like the
    RIM BlackBerry.
  • Pages are secured using Apache's built in
    security.
  • You set your own usernames and passwords.

27
Web Control of Your Node
  • Accessing your Node's Admin Page
  • Goto http//www.irlp.net/redirect/
  • Enter in your node number and the TCP port, and
    the script will detect your IP, and direct you to
    your website.
  • When prompted, enter in the username and
    password.
  • All entries are logged into the messages file.

28
Web Control of Your Node
  • Accessing your Node's Admin Page

29
Web Control of Your Node
  • Accessing your Node's Admin Page

30
Web Control of Your Node
  • Get Your Node to Call Your PC
  • Initiate the call from the admin interface.
  • Once the window pops up, select it and use the
    space bar to toggle PTT on and off. You can also
    use the mouse button by clicking and holding
    while you want to speak.
  • When you want to stop the connection, you click
    the End Current Connection button on the admin
    interface.
  • Close speak freely for windows.

31
Web Control of Your Node
  • Get Your Node to Call Your PC

32
Web Control of Your Node
  • Live Demonstration
  • http//www.irlp.net/redirect/

33
Web Control of Your Node
  • How to Setup on Your Node - May 2005
  • Run the install script as root.
  • /home/irlp/scripts/install_admin
  • Follow the directions
  • Installs yum
  • Updates your system
  • Updates your kernel
  • Installs Apache, PHP, and dependencies
  • Adds a line to your rc.irlp file
  • Sets up apache user and port

34
Web Control of Your Node
  • How to Setup on Your Node - May 2005 (contd)
  • Patches the rc.irlp file.
  • Removes old listeners on ports 15426/15427
  • Add lines to start a local listener for apache to
    talk to
  • Sets apache user security
  • Runs htpasswd to create password files
  • Sets up web directory links

35
Web Control of Your Node
  • WAP DEVICES

36
Web Control of Your Node
  • WAP DEVICES

37
Questions?
  • What other features would you like to see?

38
The Internet Radio Linking Project
  • Part 3

39
The Internet Radio Linking Project
I.R.L.P
  • Presented by VE7LTDIRLP System Designer
  • Las Vegas, April 16 2005

40
Topics of DiscussionPresentation No. 3
  • Vulnerable Linux Packages
  • Steps to Secure Your Node
  • Keeping Software Up-to-date using the YUM updater
  • Monitoring for Intrusions
  • What to do if Compromised

41
Is Linux Secure?
  • Linux is only as secure as YOU make it.
  • Unlike Windows, in Linux you have full control
    over the services made available to the outside
    world.
  • Knowledge of possible vulnerabilities, and
    knowing how to detect intrusion is the best
    security.
  • Like Windows, Linux has many security updates.
  • Unlike Windows, known Linux security holes are
    exposed and patched before hackers have a chance
    to easily exploit them.

42
Vulnerable Packages
  • The most vulnerable software is that which
    listens to ports attached to the outside
    Internet. Some of these packages include
  • OpenSSH server
  • VSFTPD FTP server
  • Samba file server
  • Sendmail mail server

43
Securing Your Linux Server
  • Shut down all unused listenersntsysv
  • Check to see what is listening and on what
    portsnetstat na grep LISTEN
  • Uninstall any unneeded server software.
  • Close all firewall ports for services you dont
    use from the internet.
  • Dont use obvious root passwords, like your
    callsign, or any plain dictionary word.
  • Dont remotely log into your server using
    plain-text password software like FTP or TELNET.

44
Keep Your Software Updated
  • Use an updater software
  • YUM from Fedora Legacy Project
  • Up2date from RedHat (subscription service)
  • Set it to run periodically.
  • Check the Linux OS site regularly for exploit
    warnings.

45
Monitoring for Intrusion
  • You can use software called tripwire to watch for
    intrusions. Tripwire sets off alarms if special
    binary files are changed on your system.
  • Inspect logs regularly for signs of attempted
    forced entry.
  • Use the RedHat RPM package verifierrpm Va
  • Check output for certain files which indicate an
    intrusion
  • /bin/login
  • /bin/ps
  • /bin/netstat

46
What to do if Compromised
  • If your node is compromised, the best way to
    restore it is to fully rebuild it.
  • Use the backup_irlp script and the online
    instructions to get your node running again.

47
Questions?
48
The Internet Radio Linking Project
  • Part 4

49
The Internet Radio Linking Project
I.R.L.P
  • Presented by VE7LTDIRLP System Designer
  • Las Vegas, April 17 2004

50
Topics of DiscussionPresentation No. 4
  • History of Reflector Software (Speak Freelys
    SFREFLECT)
  • The Reflector Firewall (past and present)
  • Reflector Monitor and Control System
  • Upcoming Reflector Changes

51
SFREFLECT
  • SFREFLECT is the Speak Freely packet replicator
    (reflector).
  • First code for sfreflect was released in 1997.
  • No provisions for packet collision avoidance.
  • Not very useful for IRLP at first due to many
    collisions caused by the half duplex nature of
    IRLP.

52
SFREFLECT
  • I added a simple gateway/time delay system into
    SFREFLECT that created a mini firewall
  • Only one IP can reflect packets at any time
    (capture IP).
  • Each time a packet is received from the capture
    IP, it resets. a small 100 millisecond timer. Any
    packets received on the data port from other
    IPs are discarded.
  • Once the timer has elapsed, the first IP with a
    data packet becomes the capture IP.
  • The new IP address is sent to the logging
    command, which logs the IP and node number of the
    capture IP.
  • The system is low overhead, and works very well.

53
Reflector IPTABLES Firewall
  • To protect the reflector stream from unwanted
    connections, an IPTABLES firewall is used.
  • IPTABLES can be used to discard or reject packets
    based on the source IP address.
  • OLD SYSTEM - PAST
  • IP addresses were parsed from the hosts file and
    added to a very large firewall script.
  • The script was run, and 1500 nodes were added to
    the script.
  • Problem was Anytime an IP changed in the
    network, reflector had to rerun firewall script.
  • Reflectors with smaller processors were being
    overloaded.
  • While firewall script ran, reflector was
    exposed for a few seconds.

54
Reflector IPTABLES Firewall
  • NEW SYSTEM - PRESENT
  • Nodes perform a PGP authentication to the
    reflector on each call.
  • Node is added to a list of connected nodes, and
    allowed through the firewall by adding ONE rule.
  • SFREFLECT outputs a list of connected IP
    addresses.
  • Every 15 minutes, the lists are compared, and any
    node still allowed through the firewall but not
    connected is removed from the firewall.
  • Reaction time to lockouts is instant Reflector
    commands node to disconnect.
  • Processor load reduced 1000 fold.

55
Reflector Monitoring and Control
  • Capture IPs are monitored in real time through a
    simple TCP listener interface.
  • Capture interface is password protected.
  • Any channel can be actively monitored.
  • Multiple connections can be made to the monitor
    port.
  • Can be used from WAP devices like the BlackBerry.

56
Reflector Monitoring and Control
57
Reflector Monitoring and Control
  • Control is performed through a new PHP based web
    interface.
  • Allows active control of reflectors from an easy
    to use and understand interface.
  • Can be used from WAP devices like the BlackBerry.
  • Each channel uses a separate password Allows
    for 10 different users on each of the 10
    channels.
  • Most common reasons for lockouts are already
    provided.
  • Lists the active nodes in a drop down box.
  • More secure than the old TCP system used in the
    past.

58
Reflector Monitoring and Control
59
Reflector Monitoring and Control
60
Upcoming Reflector Changes
  • Allow the reflector owner to switch modes of
    the reflector to satisfy current need
  • Emergency mode only certain nodes can connect
  • Local mode any node can connect and listen,
    only certain listed nodes can talk
  • Addition of the ability to mute people rather
    than blocking them
  • Adding the ability to link reflector channels
    together across the same or different reflectors
    with reliable results.

61
Questions?
62
The Internet Radio Linking Project
  • Part 5

63
The Internet Radio Linking Project
I.R.L.P
  • Presented by VE7LTDIRLP System Designer
  • Las Vegas, April 16 2005

64
Topics of DiscussionPresentation No. 5
  • Remote Receiver Project
  • Current Setup
  • Future Ideas

65
Remote Receiver Project
  • Uses IRLP and Linux to install internet remote
    receivers.
  • Minimal hardware required.
  • Uses separate CTCSS tones for separate receivers.

66
Future Ideas
  • Somehow determine and adjust the delays
    associated with each receiver to make signals
    arrive at the same time.
  • Use Signal-to-Noise ratio detection, and send
    signal quality with audio stream.
  • Somehow vote the signals seamlessly in real time.

67
Local Houston IRLP Repeater
  • 444.300 MHz
  • Plus offset,
  • 100.0 Hz tone

68
Questions?
Write a Comment
User Comments (0)
About PowerShow.com