zlacker

[return to "I connected Windows XP to the Internet; it was fine"]
1. jmgao+rb4[view] [source] 2024-06-01 09:30:20
>>mouse_+(OP)
Back in the days of blaster, if you were connected to a network with infected machines or had a public IP address because you were connected straight into your cable modem, you would get infected in the windows installer before it finished installing. Nowadays, everything is behind NAT and there aren't any infected Windows XP machines left on your local network, so that's not a problem anymore.
◧◩
2. lupusr+cd4[view] [source] 2024-06-01 09:53:41
>>jmgao+rb4
For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true. Often seen in IPv6 discussions.
◧◩◪
3. rcxdud+1f4[view] [source] 2024-06-01 10:22:10
>>lupusr+cd4
because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.
◧◩◪◨
4. tflol+Gi4[view] [source] 2024-06-01 11:07:07
>>rcxdud+1f4
This looks like the usual ipv6 kool aid batshit. I don't want a bunch of kids and enemy states poking at and port scanning my laptop directly, regardless of whether or not I have a firewall enabled.

And, no, I don't think it's practical for everyone and their grandma to "just set up a bastion"

◧◩◪◨⬒
5. rcxdud+4m4[view] [source] 2024-06-01 11:36:58
>>tflol+Gi4
I mean, they'd need to figure out your IP address beforehand, something that's a lot harder with ipv6. You've also got a much better chance of punching a packet through a NAT than an ipv6 firewall (and it's now expected behaviour for a lot of applications, as NAT makes it too difficult to just make connections directly).
◧◩◪◨⬒⬓
6. rainon+is4[view] [source] 2024-06-01 12:40:01
>>rcxdud+4m4
They wouldn't need to figure out anything. The "kids and enemy states" are just hosing address ranges. I don't agree with the above commenter that NAT offers any meaningful security in this regard (now they're just hosing your consumer router instead which is probably less secure than the average updates-installed Defender-enabled Windows box). But you're both making points about security through obscurity in different ways.
◧◩◪◨⬒⬓⬔
7. tflol+3u4[view] [source] 2024-06-01 12:57:42
>>rainon+is4
> now they're just hosing your consumer router

There is a dramatic difference in effort between ( owning a device ) and ( owning a router, configuring network access to the device, then owning the device ).

Also psychologically: If I was a rock hard piece of shit and I knew I was at the doorstep of a personal device, I would treat it much more aggressively than a router. I suppose maybe that's just me and not the kids and enemy states.

◧◩◪◨⬒⬓⬔⧯
8. rainon+Mv4[view] [source] 2024-06-01 13:11:50
>>tflol+3u4
I mean, I don't know why you would when the router potentially gives you a foothold across many devices instead of one and the router is likely running multiple services. Yes, that is just you; the threat model I'm describing is widespread automated attacks, not individual or particularly motivated.
◧◩◪◨⬒⬓⬔⧯▣
9. tflol+ew4[view] [source] 2024-06-01 13:16:36
>>rainon+Mv4
You're saying there's less incentive for widespread automated attacks on personal devices?

edit: Changing the subject to insulting me is a bad way to conclude. You're creating an illusion the debate is concluded in your favor instead of responding to points. I don't think any of my points had a sound argument against them.

[go to top]