HackerLangs
TopNewTrendsCommentsPastAskShowJobs

xl-brain

36 karmajoined 16년 전

comments

xl-brain
·4일 전·discuss
It appears to be trained on Eric Weinstein quotes.
xl-brain
·6개월 전·discuss
I don't disagree with your comment that the best de facto firewall is a proper firewall. I think you are reacting against the idea that I am saying IPv6 is less secure than IPv4. I am not saying that.

The point of my original post is that the author's take is controversial because people are skeptical about whether networks ARE being secured when NAPT is not present.

They are right to be skeptical, in my opinion, because the rollout of IPv6 has been bungled over and over again. That is not a problem with IPv6, its a problem with the adoption of IPv6.
xl-brain
·6개월 전·discuss
I think you missing my point. My point is not that IPv6 cannot be secured, it is that the author's take is controversial because people are skeptical about whether networks ARE being secured when NAT is not present. This skepticism is backed up by the research paper that I quoted and real world experience. IPv6 is deployed in many places incorrectly and without the good defaults. IPv4 NAPT in residential networks acts as a last line of defense because most users have been incapable of turning it off.

I suppose I will distill my thought into the assertion that the author should have prefixed his title with "In capable hands,"...
xl-brain
·6개월 전·discuss
This is splitting hairs. The point stands that PAT is the de facto firewall for most soho users.
xl-brain
·6개월 전·discuss
Nope, I agree with the findings here:

https://arxiv.org/abs/2509.04792?
xl-brain
·6개월 전·discuss
https://arxiv.org/abs/2509.04792?

"Collectively, our results show that NAT has indeed acted as the de facto firewall of the Internet, and the v4-to-v6 transition of residential networks is opening up new devices to attack."
xl-brain
·6개월 전·discuss
Think about what 99% of SOHO users have: PAT (Nat Overload). This NAT impacts the way a connection is established in BOTH directions. Inbound connection attempts from the Internet to the NAT public IP address of the SOHO router can go no further than the router. We are talking what 99% of users have installed.

Maybe this is the reason for some of the disagreement. I am focusing on what is installed at 99% of user installations (PAT). I would agree with the comments that a 1-to-1 NAT offers no EXTRA security.
xl-brain
·6개월 전·discuss
Yes, it is the case. In the real world, there are malfunctioning ALGs, permissive defaults, and connectionless protocols that are poorly tracked by these sloppy, underpowered "SPI" devices.
xl-brain
·6개월 전·discuss
You are stuck on the theory of what is protecting this population. In practice, less than 1% of these users can or will turn NAT off.

Can you imagine how great things would work out with a public IP on all your nana's computers, NAT turned off, protected by the prowess of her Arris gateway's stateful firewall?
xl-brain
·6개월 전·discuss
The tension here is the difference between theory and reality. In reality, IPv4 NAT is the only thing protecting most users in their homes. If you force IPv6 on this same population, you have to give them an equivalent posture by default.

This is kind of like writing an argument that motorcycles are not unsafe because they lack 4 wheels. This is true, but if you put my grandmother on one and ask her to drive across town, she would not survive it.