zlacker

[return to "I connected Windows XP to the Internet; it was fine"]
1. jmgao+rb4[view] [source] 2024-06-01 09:30:20
>>mouse_+(OP)
Back in the days of blaster, if you were connected to a network with infected machines or had a public IP address because you were connected straight into your cable modem, you would get infected in the windows installer before it finished installing. Nowadays, everything is behind NAT and there aren't any infected Windows XP machines left on your local network, so that's not a problem anymore.
◧◩
2. lupusr+cd4[view] [source] 2024-06-01 09:53:41
>>jmgao+rb4
For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true. Often seen in IPv6 discussions.
◧◩◪
3. rcxdud+1f4[view] [source] 2024-06-01 10:22:10
>>lupusr+cd4
because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.
◧◩◪◨
4. tflol+Gi4[view] [source] 2024-06-01 11:07:07
>>rcxdud+1f4
This looks like the usual ipv6 kool aid batshit. I don't want a bunch of kids and enemy states poking at and port scanning my laptop directly, regardless of whether or not I have a firewall enabled.

And, no, I don't think it's practical for everyone and their grandma to "just set up a bastion"

◧◩◪◨⬒
5. utensi+ph5[view] [source] 2024-06-01 19:29:42
>>tflol+Gi4
Yeah, I think it is very explicitly a bad thing for all devices to be directly exposed to the entire internet- firewall or no. NAT is a pain, sure, but it does have the benefit of forcing you to have a network isolated from the internet, and only allow external access when explicitly configured to do so.

I have exactly one machine which needs to be accessible from outside the local network. The rest of them should never be. Do I want to spend extra time ensuring that each and every single device on my network is secure, or do I want to do the inverse and assume all devices are secure and only spend effort to make the one machine exposed?

I can't imagine anyone who would actually want or need their WiFi toaster to be publicly routable, WiFi cameras, every computer. There's absolutely no reason for it. Instead of relying on network isolation, we expect users to just implicitly rely on who knows how many different firewall implementations. Hopefully your router configures it by default.

◧◩◪◨⬒⬓
6. semi+xV5[view] [source] 2024-06-02 02:39:16
>>utensi+ph5
Are you sure about that 'never'? that no device will ever try to use p2p fonnections?

Even then id still rather ensure every device is appropriately firewalled. 'not worrying about it's sounds like a hardened shell with a juicy center. What happens when a device does get compromised and tries to spread to your local network?

[go to top]