Comment by RiverCrochet

1 month ago

- Did you disable UPnP on your router? If not, any device behind the router can simply ask the router to open a port, typically without authentication, bypassing this "firewall" completely.

- TURN and STUN trivially bypass this side-effect, and a side effect of that is a third party has to often be involved, which can be collecting data later leaked or used against you.

- The monstrosity of NAT is that it's the core thing that drives centralization - because of NAT any two Internet hosts generally have to involve a third party to communicate, a third party which again, can be collecting data later leaked or used against you.

If you don't care about the security implications of the above, then you don't really care about the "firewall" either.

4 comments

RiverCrochet

Reply
dist-epoch  1 month ago

That third party involved is my ISP which will see the packets anyway, even if NAT is not used.

And the attacks you mentioned are initiated from the inside. Not what I stated, that NAT is a sort of a firewall for incoming connections.

  • RiverCrochet  1 month ago

    > That third party involved is my ISP which will see the packets anyway, even if NAT is not used.

    The ISP doesn't meaningfully see packets as long as encryption is used. It sees stuff that if analyzes can be used to make guesses, but that's about it. I probably should have used a better term than "third party" but I was meaning services that collect data on everyone like Facebook, Twitter, etc. These services actually receive meaningful, trackable, surveillable data about you and they would not have to receive as much if NAT wasn't a thing.

    Inside attacks are important. If you don't care about those, saying you like NAT because of any security benefit doesn't make sense.

cyberax  1 month ago

I've yet to see UPnP work...

  • RiverCrochet  1 month ago

    I was surprised as well as it's something I turn off on devices I control and I haven't really assumed it was a thing. But recently at a friends house I decided to install upnpc on my Linux laptop and give this a try:

    | upnpc -a 192.x.x.x 8080 80 tcp

    And to my surprise it just worked. This friend just upgraded to fiber and had just received a new router.