Is bsnl ever going to fix its current latency issue.

  • Thread starter Thread starter dvn880
  • Start date Start date
  • Replies Replies 52
  • Views Views 10,480
@vignesh_venkatesan Normal people with no knowledge in networking will suffer from CG-NAT for gaming and VoIP purposes and also other cons as mentioned in those links I posted such as port forwarding, P2P performance etc. Who wants to pay extra for public IP?

NAT is not a security tool. Here's a research paper to help you understand better.

www.f5.com

The Myth of Network Address Translation as Security

www.f5.com www.f5.com

Conclusion
The myth that NAT provides any significant security in light of today’s sophisticated attacks needs to be put to rest. From a technical viewpoint, in fact, NAT provides:
  • No security to IPv6 hosts, as NAT is unnecessary for them.
  • No security for stateless NAT hosts.
  • No security for stateful NAT host outbound attacks.
  • Minimal protection for stateful NAT host ingress attacks, since modern attacks assume the presence of a NAT device and readily compromise or circumvent those devices.
  • No tools for responding to security attacks that routinely occur.
Click to expand...
 
Dark_Nate said:
There's no customer advantage to CG-NAT.
Click to expand...

I'm saying NAT will protect the vast majority of basic users devices from getting hacked and then participating in botnet/DDoS attacks.

Of course, like mentioned in previous post, ISPs can hand out public IP on user request for those users who need it.
 
@vishalrao

I'm saying NAT will protect the vast majority of basic users devices from getting hacked and then participating in botnet/DDoS attacks.
Click to expand...
At the cost of disruption of basic internet functionality for everyone? Turn off ICMP global and remote access, problem solved. NAT will never be able to protect idiotic users who will download and run unknown executables/run outdated firmware and software.

What's up with people saying NAT is a security measure? Experts have been debunking it since it's creation. NAT is NOT a security tool.
www.f5.com

The Myth of Network Address Translation as Security

www.f5.com www.f5.com

Of course, like mentioned in previous post, ISPs can hand out public IP on user request for those users who need it.
Click to expand...
Pay for the public IP address when you are already paying expensive bills for large data quota? No thank you.
 
Last edited:
@Dark_Nate there is this concept of "attack surface" in security domain. Using NAT will vastly reduce this attack surface for most basic users.

I agree NAT is not a security tool and basic users can easily get hacked via other vectors like browser/OS/software they run.
 
@vishalrao

CG-NAT's perceived "protection" is not worth it at the cost of open NAT for everyone else.

There are better ways to protect customers. Like ensuring default logins of the router/modems/ONT is changed during installation. Also disabling ICMP global and remote access is going to give greater security measure than CG-NAT ever could.

Since you are talking about normal people, this means they use ISP modem, the ISP modem could come with default ICMP global and remote access disabled.

If CG-NAT is key to the future of networking security, developed nations would not be talking about getting rid of it and deploying IPv6.

I can give you my public IP address and you will never be able to even establish a connection let alone break through due to simple measures as stated above.
 
Pretty much all devices are Chinese made and come with in-built backdoors/loopholes to get easily exploited even if default logins are changed I bet :D
 
@vishalrao According to the US DoD and other agencies only Hauwei has been confirmed to have backdoors.

Also Project Zero and other independent security researchers study routers for a living. If there are intentional backdoors we would've known by now.
 
You must log in or register to reply here.
Back