>>mouse_+(OP)
Well done. YMMV with IP address.

>>mouse_+(OP)
That whole thing is manufactured drama by some youtubers.

I can't say if the infections themselves are real or staged, but they clearly and explicitly set the OS up for failure: they give it a public internet IP, enable file sharing, RDP, remote assistance, then disable the firewall for good measures. No modern OS would fare better in those circumstances.

>>mouse_+(OP)
When you say connected to the internet, do you mean giving it a public IPv4 address or are you behind NAT?

>>mouse_+(OP)
I think the biggest risk you'd have with XP online is using Internet Explorer, as not only is it going to have tons of vulnerabilities that are unpatched, but it'll also be incapable of negotiating SSL with modern websites. And the latter would also be true of any browsers you brought back from that time period to run on it, too, so using Supermium is probably why you're doing well.

It's not like tons of embedded systems aren't still using XP to this day either.

>>mouse_+(OP)
Windows used to have critical vulnerabilities, especially in IE8, making you highly susceptible to hacking. These vulnerabilities have been patched, and the risk is likely lower now.

>>tredre+99
I disagree, I think most modern OSes would be fine, assuming they are up to date and nobody is using secret 0days on you.

>>mouse_+(OP)
Not useful at all.

Go back in time and connect it to a network full of infected hosts, and you'll have a very different experience.

Why is it such a surprise that a machine won't get infected when the common vectors of attack for those OS's no longer exist.

>>mouse_+(OP)
Back in the days of blaster, if you were connected to a network with infected machines or had a public IP address because you were connected straight into your cable modem, you would get infected in the windows installer before it finished installing. Nowadays, everything is behind NAT and there aren't any infected Windows XP machines left on your local network, so that's not a problem anymore.

>>lastdo+If
not just IE - insert Java applets, Adobe Flash; and all the other browser "addons" and plugins - it was a mess. but it also depended on the websites you'd visit. a great deal of malware were spread by ads and even facebook was not spared - its deff not the same as it used to be; adblockers were used back then too - the biggest difference is now we're plagued with javascript and it literally being allowed to do what all malware ever wanted: to spy on users any way the site-op sees fit.

remember malware used to simply crash hard drives, erase everything, sloww your system down, cause bsods... it was mid 2000s when a wise man once said something along the lines of "its amazing that malware can install, auto update, and run flawlessly without the user even knowing - something the OS fails to do"

the browser is not simply safe because the os is safe - certainly the OS helps, but the browser is safe due the latest code techniques and sec folks investing so much time into it. if they solely relied on the os being safe, then we'd all be fools to use a browser - i mean, more than we are in allowing javascript so much power

>>jmgao+rb4
Herd immunity, huh?

>>mouse_+(OP)
Yep. I installed XP64 on a high-end 2008 Thinkpad last year, and it was great fun. I wrote it up here:

https://www.theregister.com/2023/07/24/dangerous_pleasures_w...

A key watchword is to not let any MS code access the Internet. Don't use MS email, chat, media players, etc. Use more modern 3rd party ones and you're much much safer.

It's more or less necessary to use IE to get it set up, but you can install IE 8.0.6001 offline before you start updating it, which also saves about half an hour.

>>mouse_+(OP)
There's a lot of fearmongering around keeping updated, and "connecting Windows XP to the internet is a bad idea" is one of them.

What makes this truly devious is that there's a kernel of truth to it: Connecting Windows XP to the internet will indeed give you a bad day.

That's not what happens most of the time now, though: Most computers, Windows XP or otherwise, are going to be connected to a LAN behind a gateway/router and a firewall sitting between the LAN and the internet. Windows XP is therefore isolated from most of the threats that are indeed very real.

Windows XP itself also has a firewall built-in, though the OOTB settings won't provide adequate protection.

The moral of this is, the best lies are those with hints of truth sprinkled in.

>>jmgao+rb4
For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true. Often seen in IPv6 discussions.

>>mouse_+(OP)
Behind a NAT you're safe even with Win9x. Idk about XP-latest, but you don't want to connect a fresh pre-SP installation right to the uplink cable. I wouldn't do that with any version of windows, even from the "windows server" line.

>>wruza+td4
For science!

>>mouse_+(OP)
I had only one problem, all certificates were outdated, so all https resources didn't work (like 99% of web). I had to download certificate updates to flash drive on another PC to install them, then all worked fine, I used outdated Firefox but it still good.

>>mouse_+(OP)
Off-topic: I miss dial-up modus operandi. The assumption was internet access was sporadic and at most attempts to access internet would trigger the dial-up catalog.

Have to try to emulate that by removing the default gateway and adding a proxy to the network.

>>lupusr+cd4
because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.

>>tredre+99
AFAICT there was a single YouTube video that started this[0] and they mentioned explicitly several times that this mainly works because they put it in "the open internet" as a server. Disabling the firewall was the icing on the cake and yet that is all sites that reported this[1], no mention about how the computer was not behind, well, anything that a desktop in the last couple of decades would be (and most likely beyond that, i remember around 2002 when i had a modem, i had to visit a web page at my ISP to allow me open various ports as many things were disabled by default).

[0] https://www.youtube.com/watch?v=6uSVVCmOH5w

[1] https://www.xda-developers.com/connected-windows-xp-internet...

>>tredre+99
> No modern OS would fare better in those circumstances.

Of course they would. Modern Linux, FreeBSD and macOS are totally fine connected to the internet directly with ssh enabled and no firewall. Sure; if you expose samba with write access and no password, you’re in for a world of hurt. But so long as your machine is kept up to date with security patches and has some form of authentication on all remote services, it should (generally) survive just fine on the open internet.

Of course defence in depth is still a good idea. But script kiddies aren’t using 0day attacks to portscan the open internet. But security vulnerabilities in network services get fixed.

>>mouse_+(OP)
Diablo II should be running on Linux via Bottles. Do your laptop a favor, remove Windows XP.

>>jmgao+rb4
I would guesstimate about 20-30 seconds was all you needed to be connected for to pick up blaster...

>>wruza+td4
Curiously enough, the youtuber who tried this with windows XP did the same thing with Windows 98 [1]. And it gets hit by strange packets and scans, but that system was fine even when running for a day or two.

1: https://www.youtube.com/watch?v=ssTIx0qm2to

>>badsec+df4
The firewall was disabled by default in XP until SP2...

>>jmgao+rb4
>Nowadays, everything is behind NAT and there aren't any infected Windows XP machines

All end-user PCs have been behind NAT since the late 90s unless the system was a dialup straggler. Enterprise users raw-dogging the internet only have themselves to blame.

>>rcxdud+1f4
I don't quite understand what you mean by "any ipv6 deployment will have this". When my ISP switched to IPv6, my internal devices were exposed to the internet and the only thing that stopped the incredible amount of bot traffic was my own on-device firewall that I explicitly turned on and configured. Luckily I don't have any smarthome stuff, not sure how I'd configure a firewall on a lightbulb. These devices didn't have a public IPv4 before that. And a bonus - the ISP didn't say anything about this possible consequence, just "we're making some changes".

NAT has more benefits - I don't want anyone to know how many devices I have at home, I don't want anyone to know which one I'm using to access their website, I don't want anyone to try guess the OS and version of my devices, etc. And now I'm scared to have a simple DLNA media server because I can't just install WireGuard on the TV. I'm probably going to buy a router and make my own NAT soon (don't have access into the ISP modem).

I felt better when the whole municipality had a single IP address. A lot of bullshit ads - means the targeting wasn't working. Now they're way too good.

>>nubine+Pg4
Yep. Before I knew what it was, I genuinely thought that an issue occurred when my connection established. That’s how fast it was, and it was consistently that fast.

>>mouse_+(OP)
A firewall is a firewall. If TCP/IP routing is properly setup (and afair Windows XP default settings for non-home networks where alright) and you browse the internet responsible, you can survive for quite a while I guess.

>>snakey+4i4
This is absolutely false. This only became common when wireless networking became ubiquitous, which wasn't until probably a decade later.

>>rcxdud+1f4
This looks like the usual ipv6 kool aid batshit. I don't want a bunch of kids and enemy states poking at and port scanning my laptop directly, regardless of whether or not I have a firewall enabled.

And, no, I don't think it's practical for everyone and their grandma to "just set up a bastion"

>>out-of+2c4
> now we're plagued with javascript and it literally being allowed to do what all malware ever wanted: to spy on users any way the site-op sees fit.

This is flat-out untrue. Beyond hyperbole. If JavaScript had the system access that literally any piece of malware sought, the world would be an utter shit show in a way it simply isn’t.

>>lupusr+cd4
Isn't NAT slipstreaming a "real" vector?

https://samy.pl/slipstream/

>>cqqxo4+di4
How did blaster do it so fast?

>>mouse_+(OP)
Do you have an external IP? I expect you are behind NAT and no one is directly scanning your laptop.

Make it available on public IP wait until IP is listed on shodan telling it is XP and then let us know how long it was running without being infected.

>>mouse_+(OP)
Of course!

The whole security circus is a legend and a paranoïa that mostly serves OS manufacturers. And now that Recall exists, it will be difficult to maintain that Win11 or M$ care about security at all.

>>snakey+4i4
Even discounting dial-up, this really depends on where you are in the world at the time. PPPoE and direct hookup (via the cable/ADSL modem) are still relatively common where I was at the time that Blaster was roaming around, while some countries have forced CGNAT even before CGNAT became a common word, usually for "protecting the children" like Cleanfeed (and even discounting that, event at the time you could still get IPv4 effortlessly there had been, and certainty there are still, crappy ISPs which don't really care about direct connections).

>>Dalewy+bd4
Well now that there's no other XP LAN hosts it's mostly OK. Getting it on an unclean LAN with infected hosts will get you infected, and that was a common occurence back in the day.

>>mouse_+(OP)
So it was behind a firewall. Now do it without a firewall.

>>throwa+7i4
Well, that sounds like a colossal misconfiguration on the ISP's part. A firewall blocking incoming requests has been standard part of ISP routers for a long time.

>>jmgao+Di4
When I got my first broadband Internet connection my contract explicitly prohibited me from using NAT. Apparently my Internet provider was concerned I would use NAT to connect multiple computers thus “stealing” bandwidth. This concern was not completely unfounded since people sometimes would set up one connection and share it with neighboring apartments. Also having one computer per household was normal back then.

>>throwa+7i4
My ADSL connection rides on some non-IP network before it hooks up to a concentrator about an hour away. Most location based services, other than Apple, seem to assume I am in Norwich, NY. So I get these ads that say “They don’t like it when seniors use this one weird trick to save money on car insurance in Norwich but they can’t stop it” and “Horny grandmas want to jump your bone right now in Norwich” and such.

Contrast that to using public WiFi in NYC where everybody knows exactly where you are.

>>tflol+Gi4
I mean, they'd need to figure out your IP address beforehand, something that's a lot harder with ipv6. You've also got a much better chance of punching a packet through a NAT than an ipv6 firewall (and it's now expected behaviour for a lot of applications, as NAT makes it too difficult to just make connections directly).

>>snakey+4i4
I'm afraid this is factually wrong, my computer had a public IP until the early 2010s as around these days modems were just models and not routers too.

And with IPv6 all my devices could be publicly addressed but I've enabled a firewall to block incoming traffic at the router level.

>>joseph+Zf4
In my experience, an weekly-patched, default installation debian Linux cira 2015 get a malware in a week or two on the open internet.

>>lupusr+cd4
I think the usual security objection is that if the NAT router receives a packet from the outside, with its destination set to a local address, the router will just let it through, in the absence of a firewall.

But as far as I can tell, that's only relevant for an attacker who can MITM the connection between the local router and the next ISP router, since clearly the ISP wouldn't know who to forward the local address to. I'd think it isn't within the threat model of the "typical internet user" who'd be running such a poorly-configured network.

>>mouse_+(OP)
I've been using XP for many years and have no complaints about viruses. Moreover, viruses are not created now, but only trojans. and trojans do not get along on old systems; 32 bits is not enough for them to get around))). seriously, modern malware is always for modern hardware, modern tricks on how to deceive the user, and how to get something out of him. what can you take from the user's xp? Nothing! )) i use EEEPC 701 with XP sp3 and i have no problems with it

>>rcxdud+4m4
Wouldn't IPv6 firewalls configured for typical users (i.e., denying unrecognized incoming connections) pose a similar barrier to making direct connections reliably on the application level? Not every user will be willing or able to open a hole in their firewall for every shiny new application that wants one.

>>rcxdud+Ll4
On the other hand... What exactly is the benefit of IPv6 then? I thought the point was to make all my devices addressable on the public internet. How is it useful if the ISP firewall blocks my servers?

And yes, incompetent ISPs are the norm.

>>PaulHo+Yl4
I'm on DOCSIS to the Home / Fiber to the Building, but there seems to be some kind of overlay network and as a result, my PC that's hooked into the modem is on the public internet.

Before IPv6 it was a classic internal LAN with IPs like 192.168.0.1.

>>rcxdud+4m4
They wouldn't need to figure out anything. The "kids and enemy states" are just hosing address ranges. I don't agree with the above commenter that NAT offers any meaningful security in this regard (now they're just hosing your consumer router instead which is probably less secure than the average updates-installed Defender-enabled Windows box). But you're both making points about security through obscurity in different ways.

>>rainon+is4
> now they're just hosing your consumer router

There is a dramatic difference in effort between ( owning a device ) and ( owning a router, configuring network access to the device, then owning the device ).

Also psychologically: If I was a rock hard piece of shit and I knew I was at the doorstep of a personal device, I would treat it much more aggressively than a router. I suppose maybe that's just me and not the kids and enemy states.

>>mouse_+(OP)
It is still possible to use an Amiga and connect it to the Internet. It is still possible to use VHS tapes and watch films on them. I am not sure why you would want to do this. Maybe your computer is fine now, but if you are targeted by an attacker, you make it easier, or if someone steals your laptop, I guess there is no encryption by default. Better to use Linux on old machines. And in 2024 we have great emulators or virtual machines for more than 10 years to make old games work fine. Cool that you made it work, but I have no idea why. Maybe for fun, or testing, but for everyday use, nah, thx.

>>tflol+3u4
I mean, I don't know why you would when the router potentially gives you a foothold across many devices instead of one and the router is likely running multiple services. Yes, that is just you; the threat model I'm describing is widespread automated attacks, not individual or particularly motivated.

>>rainon+Mv4
You're saying there's less incentive for widespread automated attacks on personal devices?

edit: Changing the subject to insulting me is a bad way to conclude. You're creating an illusion the debate is concluded in your favor instead of responding to points. I don't think any of my points had a sound argument against them.

>>throwa+6s4
The biggest benefit is exponentially higher complexity, assuring continued job growth for network engineers.

>>tflol+ew4
No brother, I'm not, but I'm starting to feel that what I am saying might be beyond the likelihood of comprehension. Look, I'm a big fan of NAT. Huge. It's not a security control. Neither is v6. It sure is cool though.

>>ddalex+Dj4
Because there were so many infected machines probing through the entire IPv4 space then.

>>throwa+6s4
The point is not needing a NAT translation table and running out of ports on your router. My provider also delivers an IPv6 configuration with all ports closed. I can enable incoming traffic for the devices that need it.

>>cqqxo4+Ui4
They didn't say JavaScript has system access, just that it can be used to spy on users (in the browser, and everything seems to be moving to the browser).

>>bzzzt+yB4
Running out of ports how? Someone is hosting 65536 public services in their home network? Why not just pay for an additional public ipv4 then?

I can't configure anything technical about my internet. Any change is paid, and often simply not possible.

>>mouse_+(OP)
I've disabled windows defender and gutted the OS of all it's features that I don't need for the past 26 years and never had any problems. I always resist the next update as long as I can get away with it (usually some software I need to use will only work on the next update) It's probably really stupid but I've yet to suffer for it. I mainly use my PC for creative purposes, Steam, and Web browsing. If my identity is in danger someone must be putting it to good use.

>>tetris+Dc4
More that NAT forces your network gear to filter inbound connections from the outside internet by default. This works with one device behind one router as a billion devices behind a billion routers.

>>tetha+sh4
For a really ancient OS like Windows 98, I'd think >99.99% of exploits out there target newer OSes & simply don't work on Win98. Safety by obscurity.

That said: for every idiot who hooks up a Windows 98 machine to the internet, there might be some other idiot checking whether exploits targeting it, still work. Or exploit kits that sniff an OS, and select exploits to apply accordingly.

Vulnerabilities tend to have a long tail...

>>throwa+7i4
> I don't want anyone to know how many devices I have at home

Even if your ipv6 host or border firewall allows pings through, it's not practical to scan an entire /64. There's just too many addresses in it, and your devices will frequently change them.

> I don't want anyone to know which one I'm using to access their website, I don't want anyone to try guess the OS and version of my devices, etc.

They already do this through fingerprinting that operates with higher-layer protocols.

> And now I'm scared to have a simple DLNA media server because I can't just install WireGuard on the TV.

This is very simple to implement. Ensure it's listening on the link-local address. That's the IP that starts with fe80. These are unrouteable by spec.

>>RulerO+B15
> They already do this through fingerprinting that operates with higher-layer protocols.

It's very hard to distinguish my iPhone and Mac from the other dozens/hundreds people have in my building just through fingerprinting. Very easy if they have separate IP addresses.

Ad link local - cool, I'll look into that, thanks.

>>jmgao+yh4
Yes, but in the video it isn't and he explicitly disables it. Windows XP even warns about it after he does it.

>>tflol+Gi4
Yeah, I think it is very explicitly a bad thing for all devices to be directly exposed to the entire internet- firewall or no. NAT is a pain, sure, but it does have the benefit of forcing you to have a network isolated from the internet, and only allow external access when explicitly configured to do so.

I have exactly one machine which needs to be accessible from outside the local network. The rest of them should never be. Do I want to spend extra time ensuring that each and every single device on my network is secure, or do I want to do the inverse and assume all devices are secure and only spend effort to make the one machine exposed?

I can't imagine anyone who would actually want or need their WiFi toaster to be publicly routable, WiFi cameras, every computer. There's absolutely no reason for it. Instead of relying on network isolation, we expect users to just implicitly rely on who knows how many different firewall implementations. Hopefully your router configures it by default.

>>throwa+w65
It's actually very easy just through fingerprinting. You might be surprised.

It doesn't matter if everyone in your building has an iPhone and a Mac as well -- there are things about virtually every single one of them that make them unique.

>>lupusr+cd4
> For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true.

It is not the address translation mechanism that does the protecting but rather the state tracking.

Until very recently I was with an ISP with IPv6, and things like my home printer had IPv6 addresses—but just because they were globally addressable did not mean that they were globally reachable.

>>throwa+7i4
> When my ISP switched to IPv6, my internal devices were exposed to the internet and the only thing that stopped the incredible amount of bot traffic was my own on-device firewall that I explicitly turned on and configured.

When my (previous) ISP switched on IPv6 none of my internal devices could be connected to because my Asus did stateful packet inspection and only allowed in replies to connections that were previously initiated.

> NAT has more benefits - I don't want anyone to know how many devices I have at home, I don't want anyone to know which one I'm using to access their website

Given that temporary IPv6 addresses tend to rotate every 24 hours it will kind of hard to track individual devices by IP in a 2^64 address space.

You could rotate addresses 10 million times per second, using each only once, and it would take over 5000 years to exhaust a single /64.

> I felt better when the whole municipality had a single IP address. A lot of bullshit ads - means the targeting wasn't working. Now they're way too good.

I now have to use a ISP-supplied router (for GPON), but when I still had my Asus on the DSL/IPv6 ISP I could tell it to reboot every night and I would get a new IPv4 address and a new IPv6 prefix every day.

>>rainon+is4
> The "kids and enemy states" are just hosing address ranges.

If you could scan one million addresses every second it would take about 500,000 years to scan just one /64. Not sure how practical that would be.

When I was still with an ISP that did IPv6 my Asus would block any incoming connection attempt unless it was a reply (SPI firewall), though it may have (IIRC) allowed pings in by default.

>>mouse_+(OP)
You missed one other mitigation tool: 0patch

It's usefulness is limited on XP but you might have applications that are captured. They also haven't closed the door (at least as of last year) to patching any future major-drama events that come up: https://0patch.zendesk.com/hc/en-us/articles/360018274139-Do...

>>63stac+nj4
NAT slipstreaming only works if your router allows protocols like SIP, FTP, WebRTC, and other such protocols that NAT breaks, luckily.

Unfortunately, I'm pretty sure that's all routers I've ever seen. You can protect yourself if you're willing to break web applications and applications built on web technology. Just disable all of the SIP ALGs in your router and you'll have the security of IPv6 on IPv4!

>>joseph+Zf4
Modern Windows is fine, too. You may even be able to use Windows 7 that way these days. A lot has changed since XP SP2.

>>tflol+Gi4
This is also spec for IPv4, it was intended to be as publically routable as IPv6 is. NAT is just a consequence of everyone realizing circa early 90s (iirc) IPv4 addresses would run out at the rate the network was growing. Yes NAT acts as an inbound default-deny firewall but that isn't it's purpose.

You have a router, it has a firewall, that is meant to be used to control access to the network, you don't have to assign rules to every device you can assign default interface rules that apply to any connection.

Just because you get a publically routable address doesn't mean the internet defines physics and hops over your router and firewall.

Also as an aside - perimeter security is a very outdated way of looking at security, yes the perimeter is still important but if it is your first and only line of defense you are gonna be in for a bad time, defense in depth as it is called where you look at your systems and networks as layers to an onion is the more modern standard and NAT as a security mechanism has never been standard in either because it isn't.

>>wruza+td4
Do the zombie botnets still search for jurassic OSes to exploit? I feel like connecting the XP system to the Internet might be fine because all the botnets are searching for unpatched Windows 10 systems, maybe 8, 7, but not XP...

>>j16sdi+Jm4
Which tool do you use to detect malwares on Debian?

>>throwa+6s4
Without bidirectional NAT, hole-punching works. Two sides of a p2p connection can coordinate with an intermediary to learn each other's addresses. They send each other a packet, which gets dropped by the other side. Their firewall sees the outgoing packet though, and opens the port. The next time they send each other packets, they will be allowed through. The intermediary is only needed to do the initial handshake instead of for all packets.

With NAT, it doesn't work because the ports get remapped, and the intermediary doesn't know how they will get remapped on the p2p connection, so they can't coordinate to send on the correct ports to open the firewall.

Or UPnP can work. By default, your router drops incoming packets on all ports. If you want to e.g. run a game server, then on startup, it hits a standard API to tell the router to forward that one port. On shutdown, it can tell it to close the port (you could potentially also have the router require keepalives to keep the forward alive. I'm not familiar with the details of UPnP and related protocols).

Without a public IP, you need intermediate servers to relay all traffic to you, which centralizes the web. With p2p working, you can e.g. have high quality video calls with friends/family instead of dealing with the garbage quality tech companies allow. Or I can share with my mom photos of her grandkids with effectively unlimited storage; for 2 years of 2 TB Google storage, I can buy 20 TB of disks.

>>throwa+SD4
Running out of ports is usually a misunderstanding, but a device doing stateful NAT will have a limit on how many states it can manage, and it's usually not fun when it goes over the limit.

>>mouse_+(OP)
I refurbish and sell Windows XP machines as a side business; there's a surprisingly large market for them. My customers mostly break down into the following groups:

1) People looking to play retro games

2) People looking to work with legacy hardware, especially in manufacturing and healthcare

3) People who want the comfort/familiarity of an older operating system

I'm always careful to issue a disclaimer that Windows XP should never be used for anything where you need security, in practice, I don't see much of an issue. The reality is that although XP is a tempting target in terms of vulnerability, it's not widely used enough to be useful to modern malware.

The machines I sell come with Windows XP Delta Edition[1], which as far as I know comes with all the available updates for XP already installed - no Legacy Update necessary. I've been using the Mypal browser [2], but will definitely try Supermium!

[1] https://xpdelta.weebly.com/xp.html [2] https://github.com/Feodor2/Mypal68/releases

>>j16sdi+Jm4
I am not sure exactly what you're saying: Are you saying that you had experience in 2015 that your "default installation" Debian Linux server got malware on the open internet despite it being fully updated weekly?

If I read that right, I would like two things clarified:

1: what "default installation" means. Do you have any open network ports?

2: What does "get a malware" mean? Do you mean it was possible to get malware because a user downloaded som random binary off of the internet? Or do you mean that entirely passively, some malware remotely exploited some network service?

I would like to contribute my experience: I have been responsive for running many Debian servers on the internet for that last 25 years. During those years I have not once encountered one of my systems being compromised. Of course, you might say that I have just been unknowingly compromised. While this is indeed possible, it is possible for all systems to be compromised without owners knowing it.

>>Infamo+Vl4
I live in an apartment block where each flat is likely spending £30-60 per month on broadband. Even accounting for the odd power user, I reckon we could get away with sharing a 1-2 Gbps connection and benefit from the collective cost savings. Legal accountability aside, I kinda like the idea of a neighbourhood network commune.

>>throwa+7i4
Pro tip: buy a computer for and make it into a router .. There are some great cheap fanless machines out there (servethehome has reviews)...

You could also just use an old pc...

For software opnsense, pfsense, openbsd, freebsd, Linux (openwrt could be used too if you want embedded)

It is a pain to start ... But satisfying when it works :)

>>Infamo+Vl4
Circa 2003 when we got the first WiFi access point set up (with no password), we started noticing people with laptops appearing next to our homes. It took us a few seconds to realize they found a free WiFi and walked around to find a spot with better signal.

>>alex_d+sm4
>my computer had a public IP until the early 2010s as around these days modems were just models and not routers too.

You realize that wasn't the norm though right?

>>netsha+2G5
What is the cost for someone running a botnet to probe for old OSs also? They can just take something off the shelf and run it on someone elses machine.

>>utensi+ph5
Are you sure about that 'never'? that no device will ever try to use p2p fonnections?

Even then id still rather ensure every device is appropriately firewalled. 'not worrying about it's sounds like a hardened shell with a juicy center. What happens when a device does get compromised and tries to spread to your local network?

>>throw0+rp5
SPI firewall looks interesting, appreciate the education.

>>throw0+rp5
Yeah that is an absolutely bonkers amount of time so you're probably right in that the approach of low-effort wide net-casting attackers would have to change. I'm curious to know how Shodan etc. deal with this.

>>mouse_+(OP)
The problem is that most XP that is still in active use doesn't have modern updates, are using IE, and are still on.

And showing a single contraindication doesn't mean it's "crap" just means you haven't been exploited yet.

But it isn't like you are paying bills on it, so enjoy.

>>rainon+ZY5
Shodan ran an NTP pool time server on IPv6 and harvested the addresses of machines that checked in to get the time. Pretty clever.

>>lupusr+cd4
Because it's really important to know the difference between NAT and a firewall if you are into networks. And IPv6 discussions generally involve such people. In this case it's nothing to do with NAT and everything to do with being behind a firewall.

>>Suppaf+PT5
It was. Our 56k modem was a PCI card. Later we had ISDN and ADSL modems (I still use the latter to this day). I only got a router (a Linksys device) to attach multiple computers to the internet. It was a few years before ISPs started bundling routers and WiFi APs.

>>globul+Mc6
I hadn’t made that connection about 56k and public IPs until now. I just used it at the time before I had any of the knowledge I did now. Interesting!

>>jeroen+Tz5
I use windows 7 since >10 years, without firewall, virus scan and only with handpicked updates. As long you live behind a NAT and use a modern browser and mail client, nothing will happen. No viruses, no botnets, no malware.

I didn't test this with a virus check, but I have a bitcoin wallet with 0.1 BTC and without password on my HDD. Still there.

>>throw0+6o5
Firewalls are a thing!

>>thebru+ti6
I didn't think about it before I got the router. I found it a bit annoying because I had to think about things like port forwarding. Previously everything just worked without any configuration (like P2P file sharing or running a game server). I'm not sure I really understood it even then, though. Just followed instructions parrot fashion.

>>globul+wx6
Yep, same for me. I was just a teenager wanting to play games and then suddenly I had to know about port forwarding.

>>Zambyt+uU5
If any random probe targeting Win10 has a 1% success rate, and similar probe targeting XP has a 0.01% success rate, what probes would you let your botnet send out?

Probing for obscure OS that isn't there on the other end = opportunity cost.

>>crazyg+Ej5
https://www.amiunique.org/ is scary and eye opening

>>mouse_+(OP)
In other news, everybody uses a router nowadays, with firewall activated by default.

>>RetroT+YO6
> what probes would you let your botnet send out?

Both probably. I don't see where the "opportunity cost" is when you can trivially do both. Please describe the opportunity cost in detail; that is what I am asking about.

>>mouse_+(OP)
The author must think all malware comes with an obvious GUI interface…

>>ivraat+KK5
They released XP well into Windows 7, I'm surprised that there's that much incompatibility with modern versions of windows when running software.

>>ivraat+KK5
Wait, is this legal/allowed?

>>mouse_+(OP)
I imagine if you used the initial release of Windows XP, without any service packs or updates, and you tried browsing the web with Internet Explorer 6, you'd get infected quite quickly.

>>orland+sp8
No, but realistically speaking, no one cares. If some big youtuber made a video about it it would likely be shut down.

>>orland+sp8
All the laptops I sell with Windows XP have Windows XP or newer OEM license keys included with them, so yes, it is legal, or at least legal enough that I don't think Microsoft or anyone cares. XP Delta Edition has the same featureset as XP Pro for licensing purposes, though the licensing of some of the software with it is muddier.

That said, as there's currently no way to legally buy Windows XP from Microsoft (or any official source), it's not really harming anyone to just install it wherever, in my view.

I also sell Windows 10 machines, and they all come with genuine licenses (often also OEM, or I buy them). I often get questions about whether my Windows 10 systems are genuine Windows, but nobody has ever asked about XP.