zlacker

[return to "I connected Windows XP to the Internet; it was fine"]
1. jmgao+rb4[view] [source] 2024-06-01 09:30:20
>>mouse_+(OP)
Back in the days of blaster, if you were connected to a network with infected machines or had a public IP address because you were connected straight into your cable modem, you would get infected in the windows installer before it finished installing. Nowadays, everything is behind NAT and there aren't any infected Windows XP machines left on your local network, so that's not a problem anymore.
◧◩
2. lupusr+cd4[view] [source] 2024-06-01 09:53:41
>>jmgao+rb4
For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true. Often seen in IPv6 discussions.
◧◩◪
3. rcxdud+1f4[view] [source] 2024-06-01 10:22:10
>>lupusr+cd4
because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.
◧◩◪◨
4. tflol+Gi4[view] [source] 2024-06-01 11:07:07
>>rcxdud+1f4
This looks like the usual ipv6 kool aid batshit. I don't want a bunch of kids and enemy states poking at and port scanning my laptop directly, regardless of whether or not I have a firewall enabled.

And, no, I don't think it's practical for everyone and their grandma to "just set up a bastion"

◧◩◪◨⬒
5. scrps+yF5[view] [source] 2024-06-01 23:12:41
>>tflol+Gi4
This is also spec for IPv4, it was intended to be as publically routable as IPv6 is. NAT is just a consequence of everyone realizing circa early 90s (iirc) IPv4 addresses would run out at the rate the network was growing. Yes NAT acts as an inbound default-deny firewall but that isn't it's purpose.

You have a router, it has a firewall, that is meant to be used to control access to the network, you don't have to assign rules to every device you can assign default interface rules that apply to any connection.

Just because you get a publically routable address doesn't mean the internet defines physics and hops over your router and firewall.

Also as an aside - perimeter security is a very outdated way of looking at security, yes the perimeter is still important but if it is your first and only line of defense you are gonna be in for a bad time, defense in depth as it is called where you look at your systems and networks as layers to an onion is the more modern standard and NAT as a security mechanism has never been standard in either because it isn't.

[go to top]