zlacker

[return to "I connected Windows XP to the Internet; it was fine"]
1. jmgao+rb4[view] [source] 2024-06-01 09:30:20
>>mouse_+(OP)
Back in the days of blaster, if you were connected to a network with infected machines or had a public IP address because you were connected straight into your cable modem, you would get infected in the windows installer before it finished installing. Nowadays, everything is behind NAT and there aren't any infected Windows XP machines left on your local network, so that's not a problem anymore.
◧◩
2. lupusr+cd4[view] [source] 2024-06-01 09:53:41
>>jmgao+rb4
For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true. Often seen in IPv6 discussions.
◧◩◪
3. rcxdud+1f4[view] [source] 2024-06-01 10:22:10
>>lupusr+cd4
because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.
◧◩◪◨
4. throwa+7i4[view] [source] 2024-06-01 11:00:39
>>rcxdud+1f4
I don't quite understand what you mean by "any ipv6 deployment will have this". When my ISP switched to IPv6, my internal devices were exposed to the internet and the only thing that stopped the incredible amount of bot traffic was my own on-device firewall that I explicitly turned on and configured. Luckily I don't have any smarthome stuff, not sure how I'd configure a firewall on a lightbulb. These devices didn't have a public IPv4 before that. And a bonus - the ISP didn't say anything about this possible consequence, just "we're making some changes".

NAT has more benefits - I don't want anyone to know how many devices I have at home, I don't want anyone to know which one I'm using to access their website, I don't want anyone to try guess the OS and version of my devices, etc. And now I'm scared to have a simple DLNA media server because I can't just install WireGuard on the TV. I'm probably going to buy a router and make my own NAT soon (don't have access into the ISP modem).

I felt better when the whole municipality had a single IP address. A lot of bullshit ads - means the targeting wasn't working. Now they're way too good.

◧◩◪◨⬒
5. RulerO+B15[view] [source] 2024-06-01 17:12:37
>>throwa+7i4
> I don't want anyone to know how many devices I have at home

Even if your ipv6 host or border firewall allows pings through, it's not practical to scan an entire /64. There's just too many addresses in it, and your devices will frequently change them.

> I don't want anyone to know which one I'm using to access their website, I don't want anyone to try guess the OS and version of my devices, etc.

They already do this through fingerprinting that operates with higher-layer protocols.

> And now I'm scared to have a simple DLNA media server because I can't just install WireGuard on the TV.

This is very simple to implement. Ensure it's listening on the link-local address. That's the IP that starts with fe80. These are unrouteable by spec.

◧◩◪◨⬒⬓
6. throwa+w65[view] [source] 2024-06-01 17:53:49
>>RulerO+B15
> They already do this through fingerprinting that operates with higher-layer protocols.

It's very hard to distinguish my iPhone and Mac from the other dozens/hundreds people have in my building just through fingerprinting. Very easy if they have separate IP addresses.

Ad link local - cool, I'll look into that, thanks.

◧◩◪◨⬒⬓⬔
7. crazyg+Ej5[view] [source] 2024-06-01 19:50:55
>>throwa+w65
It's actually very easy just through fingerprinting. You might be surprised.

It doesn't matter if everyone in your building has an iPhone and a Mac as well -- there are things about virtually every single one of them that make them unique.

[go to top]