this post was submitted on 07 Sep 2024
525 points (97.6% liked)

Technology

60042 readers
1944 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Discord isn’t exactly known for generous file-sharing limits, still, the messaging app offered a 25MB limit to free users. The company has now updated its support page to reflect the upload limit for free users has been lowered to 10MB.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 3 months ago (3 children)

Gonna be real here, I'm in tech, there is no fucking way I'm gonna open my PC to the entire fucking internet. Vulnerabilities are everywhere and no code is perfect. Firewalls and nat help stop so many attacks from the start.

Even if ipv6 is common I will assume most implementations will be nat based.

[–] [email protected] 2 points 3 months ago (1 children)

brother, use a firewall. NAT does nothing for this, a single stateful firewall will do more for device security than a NAT existing solely by itself.

A nat doesn't even do anything other than provide some basic level of device anonymity. If you didn't have a firewall it would still be accessible, you would just need to either be really good at guessing ports, or sniff for traffic that's relevant lol.

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago) (1 children)

Except the NAT device will stonewall traffic on every port except the ones I open, for my entire network, and then I can just worry about securing the software listening on those few ports, instead of having to worry about the firewalls on every device I own.

Tldr default nat behavior is a state full firewall.

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago) (1 children)

that's literally what a stateful firewall does.

It only allows corresponding return traffic to outgoing traffic that a device has internally sent outwards.

if you disabled that, it wouldn't do that. But even a NAT without a stateful firewall might end up doing this depending on how it's configured and your open ports due to how the forwarding is handled. This is how we get around NATing for P2P traffic, though the trick is to just send two NATed users to the others ip and port at the same time to establish a connection that can "isAlive" from there. If you had no firewall you would only need to know the IP and port to do this.

plus not to mention you can run internal firewalls on each device specifically which would do basically the same thing anyway. But then again i don't use windows so that's way easier.

[–] [email protected] 0 points 3 months ago (1 children)

Yes, thank you for repeating what I just said, and justifying my desire for a nat. I do infact actually know a few things about computer networks and tcp/ip since I spent 7 years writing software to interface with and monitor them.

[–] [email protected] 2 points 3 months ago

the only realistic scenario in which you would use a NAT under IPv6 is if you felt like using IPv4 addresses internally. Outside of that it serves very little purpose.

[–] [email protected] 5 points 3 months ago

IPv6 does not require you to open your machine to the Internet, even without making use of a NAT. Sure you get an IP that's valid on the whole internet, but that doesn't mean that anyone can send you traffic.

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

You definitely use a firewall, but there's no need for NAT in almost all cases with ipv6. But even with a firewall, p2p becomes easier even if you still have to do firewall hole punching