Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: WinLink Check-In - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WinLink Check-In

This weekend (June 22-23) the Amateur Radio Relay League  and Radio Amateurs of Canada and holding their annual Field Day (http://www.arrl.org/field-day) exercise in North America.  Amateur radio operators participate in an emergency preparedness exercise where they deploy their equipment outside the comfort of their home radio shacks and many operate on alternative/emergency power sources.  Each year around this time, I realize that I've forgotten that this is coming up, and I hurriedly assemble my kit at the last minute and I try to fit in more than I can accomplish on my own.  In other words, it's a realistic drill for me.

In the early days of the Internet Storm Center when large-scale scanning worms were threatening the basic infrastructure of the Internet we discussed falling back to packet radio as a communications option.  Fortunately, those discussions remained theoretical and we didn't have to put it into practice.  However, each year at Field Day, I'm reminded of the possibility that the right combination of disasters could fracture the Internet noticeably.

This makes me think of WinkLink 2000 (http://www.winlink.org/)

WinLink 2000 describes itself as "a worldwide system of volunteer sysops, radio stations and network assets supporting e-mail by radio, with non-commercial links to internet e-mail."  Basically it provides e-mail service where the last mile is via amateur radio.  It's used by ships at sea, and in emergency radio service when the local infrastructure is severely damaged.

I think this service would be very useful in an Internet-threatening scenario.  Which is why I'm putting out the call to any readers who are also winlink-enabled.  Send an email in to us (handlers@sans.edu) from your winlink account.  Let us know if you'd be interested in participating in any Internet disaster response activities that we may have in the future.

Kevin Liston

292 Posts
ISC Handler
So the solution to internet failure is to depend upon a system dependant upon the internet? Sounds kind of foolish to me. If email is working, then just use regular email.

Winlinks seems barely suitable for portable email in remote areas, but foolish for more than that.

They also seem to be pretty loathed in the ham radio community.
Anonymous
I'm a ham, but I don't have WinLink set up (or compatible radios, gateways, etc.). Just saying Hi.
Kevin

5 Posts
I'm a fellow HAM too, also not on WinLink. One tool the local ARES group uses for message passing is FLMSG and FLWRAP (both available at http://www.w1hkj.com/). They allow for text message and light file transfer over the ham bands.

Use case: disaster scenario where phones are tied up. This tool can be used to pass orders for medications, counts of available beds, etc. from a hospital to a central public health agency. Benefits: data is transfered quicker than speaking over the air waves, no need for the back and forth confirmation since data is typed in instead of having to be copied down from what could be misheard over the airwaves.

This also adds a bit of "security by obscurity" since you need to have the software setup on the proper settings to capture the data.
Ryan

4 Posts
Nearly 20 year ham and MARS radio operator here. While of course you tend to only hear the bad stuff but I have heard much good about winlink. Seems a convoluted approach just to get email.

The wisest approach for an emergency communications system would be a radio only message system 100% isolated from the internet.

The Department of Defense nearly banned the use of winlink in MARS due to security concerns. That alone says a lot!

Here in Connecticut we have had our share of disasters lately and the winlink gateways in my area repeatedly failed during many of these storms. Heard that hams at a nearby town EOC spent hours trying to send a word document over winlink using hf radio as a backup route. A Red Cross employee got tired of waiting on them and quickly sent the file using a netbook and sat-phone by a window.

Another story floating about involving hams up in Maine getting in trouble with the county due to a security incident involving winlink. Conflicting stories on how bad it was but apparently a new winlink system let a virus in. County MIS looked at the winlink software and found it had too many security issues and banned it. Story is one of the hams involved was a county employee and was nearly fired over the incident.

Very current story here in Connecticut about a ham that is a state police radio technician in similar trouble over installing winlink software at state police radio tower stations. Dont know if it was over security concerns or not getting permission. That system has been gone for nearly two months now so I suspect the story has merit.

All this over trying to get email access? Completely unnecessary considering how many internet access options we have today.

IMHO hams need to be hams not wannabe ISP operators. Mixing the two seems to be a recipe for trouble.
Ryan
3 Posts
Sorry, old fingers...

I have heard much good about winlink

should read....

I have not heard much good about winlink
Ryan
3 Posts

Sign Up for Free or Log In to start participating in the conversation!