zlacker

[return to "I connected Windows XP to the Internet; it was fine"]
1. jmgao+rb4[view] [source] 2024-06-01 09:30:20
>>mouse_+(OP)
Back in the days of blaster, if you were connected to a network with infected machines or had a public IP address because you were connected straight into your cable modem, you would get infected in the windows installer before it finished installing. Nowadays, everything is behind NAT and there aren't any infected Windows XP machines left on your local network, so that's not a problem anymore.
◧◩
2. lupusr+cd4[view] [source] 2024-06-01 09:53:41
>>jmgao+rb4
For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true. Often seen in IPv6 discussions.
◧◩◪
3. rcxdud+1f4[view] [source] 2024-06-01 10:22:10
>>lupusr+cd4
because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.
◧◩◪◨
4. tflol+Gi4[view] [source] 2024-06-01 11:07:07
>>rcxdud+1f4
This looks like the usual ipv6 kool aid batshit. I don't want a bunch of kids and enemy states poking at and port scanning my laptop directly, regardless of whether or not I have a firewall enabled.

And, no, I don't think it's practical for everyone and their grandma to "just set up a bastion"

◧◩◪◨⬒
5. rcxdud+4m4[view] [source] 2024-06-01 11:36:58
>>tflol+Gi4
I mean, they'd need to figure out your IP address beforehand, something that's a lot harder with ipv6. You've also got a much better chance of punching a packet through a NAT than an ipv6 firewall (and it's now expected behaviour for a lot of applications, as NAT makes it too difficult to just make connections directly).
◧◩◪◨⬒⬓
6. rainon+is4[view] [source] 2024-06-01 12:40:01
>>rcxdud+4m4
They wouldn't need to figure out anything. The "kids and enemy states" are just hosing address ranges. I don't agree with the above commenter that NAT offers any meaningful security in this regard (now they're just hosing your consumer router instead which is probably less secure than the average updates-installed Defender-enabled Windows box). But you're both making points about security through obscurity in different ways.
◧◩◪◨⬒⬓⬔
7. throw0+rp5[view] [source] 2024-06-01 20:41:46
>>rainon+is4
> The "kids and enemy states" are just hosing address ranges.

If you could scan one million addresses every second it would take about 500,000 years to scan just one /64. Not sure how practical that would be.

When I was still with an ISP that did IPv6 my Asus would block any incoming connection attempt unless it was a reply (SPI firewall), though it may have (IIRC) allowed pings in by default.

◧◩◪◨⬒⬓⬔⧯
8. rainon+ZY5[view] [source] 2024-06-02 03:31:28
>>throw0+rp5
Yeah that is an absolutely bonkers amount of time so you're probably right in that the approach of low-effort wide net-casting attackers would have to change. I'm curious to know how Shodan etc. deal with this.
[go to top]