this post was submitted on 24 Jun 2024
675 points (98.0% liked)
Programmer Humor
31230 readers
133 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It also means you no longer need the kludge that is NAT. Full E2E connectivity is really nice -- though I've found some network admins dislike this idea because they're so used to thinking about it differently or (mistakenly) think it adds to their security.
Why do you say NAT doesn't make a network more secure?
Unless you've gone out of your way to disable the H.263 NAT ALG, NAT actually allows websites and other services to open either random ports on your machine (if using business firewalls) or ports on any device on your network (many consumer routers).
If your router allows you to disable SIP ALG and H.263 ALG, you should. If it doesn't, well, maybe they've been patched? If you've applied a kernel firmware update to your router the last 1-2 years you may be safe (though not many vendors will bother updating the kernel when updating their routers). You'll lose access to SIP phones and some video calling services over IPv4, but at least some Javascript on a random blog won't be able to hack your printer.
This wouldn't work with IPv6, as these two protocols just work with IPv6 (and IPv4, as it was designed). ALGs are hacks around protocols, rewriting packets to make all of the problems NAT causes go away.
More info on this here: https://www.armis.com/research/nat-slipstreaming-v2-0/
Thank you