mastodon uno admin Ha risposto nella discussione
Ricerche recenti
Opzioni di ricerca
Amministrato da:
#cgnat
0 post0 partecipanti0 post oggi
Ha risposto nella discussione
@Jarek @landley that assumes #IPv6 addresses are static (Providers in #Germany do "pseudostatic" alike #IPv4 and unless one's a business customer, will forcibly disconnect once each 24 hours and reassign a new IP) and that applications ain't configured to prefer IPv4 over IPv6 just to avoid timeouts and having to check if IPv6 exists since the only "#IPv6only" #ISP I know is #Starlink (and even they do #CGNAT due to customer complaints…)
Ha risposto nella discussione
@landley @jschauma @ryanc @0xabad1dea yeah, the exhaustion problem would've been shoved back with a #64bit or sufficiently delayed by a 40bit number.
Unless we also hate #NAT and expect every device to have a unique static #IP (which is a #privacy nightmare at best that "#PrivacyExtensions" barely fixed.)
- I mean they could've also gone the #DECnet approach and use the #EUI48 / #MAC-Address (or #EUI64) as static addressing system, but that would've made #vendors and not #ISPs the powerful forces of allocation. (Similar to how technically the #ICCID dictates #GSM / #4G / #5G access and not the #IMEI unless places like Australia ban imported devices.
I guess using a #128bit address space was inspired by #ZFS doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...
- Personally I've only had headaches with #IPv6 because not only do I only have #IPv4only #Internet but my #ISP refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of #IPv4's in with my contract!)and stuff like #HurricaneElectric / #HEnet's #Tunnelbroker fail face first due to #Geoblocking and the fact that #ASNs get geolocated, not their #PoPs...
If I was @BNetzA I would've mandated #DualStack and banned #CGNAT (or at least the use of CGNAT in #RFC1918 address spaces) as well as #DualStackLite!
Ha risposto nella discussione
@landley @jschauma @ryanc @0xabad1dea well, #CGNAT has it's own problems and bricks connectivity forr many applications.
bueno, pues a lo mejor hay que ir a casa del señor #pepephone a quemarle los internetes, porque vuelvo a estar sin stremio y algo me dice que es culpa del bloqueo a #Cloudflare OTRA VEZ, a pesar de que me solucionaron la "incidencia" sacándome de #cgnat
el finde pasado no estuve en casa para comprobar si funcionaba, pero ahora mismo esto no chuta.
CGNAT frustrates all IP address-based technologies | Cybersecurity | SIDN
https://alecmuffett.com/article/112584
#OnionNetworking #cgnat
Dropsafe · CGNAT frustrates all IP address-based technologies | Cybersecurity | SIDN
Altro da 
alecm
CGNAT frustrates all IP address-based technologies | Cybersecurity | SIDN
Aside from the observation that this is basically one half of a Tor networking connection, one might also observe MAYBE THERE IS A PROBLEM WITH THE SUPPOSED LEGAL OBLIGATION AT HAND, HERE:
One practical outcome is that government agencies find it harder to identify criminals behind particular IPv4 addresses. According to Europol, access providers are no longer able to meet their legal obligation to provide details of the account holder linked to a given connection. Because, in some cases, a single IPv4 address is shared by thousands of users. As a result, the agency says, investigations often involve examining and tapping the connections of many more people than really necessary.
https://www.sidn.nl/en/news-and-blogs/cgnat-frustrates-all-ip-address-based-technologies
It continues:
In a document entitled ‘Resilience, Deterrence and Defence: Building strong cybersecurity for the EU’, the Commission explains how the EU wants to promote the adoption of IPv6. The ultimate aim is to have one user per IP address to facilitate the investigative activities of the police and security services. Procurement policy, research and project funding, and covenants will be used by the Commission in pursuit of its goals.
Here in the Netherlands, the Ministry of Economic Affairs is currently looking at ways of energising the country’s tardy migration to IPv6.
Sounds lovely…
SIDN - The company behind .nlCGNAT frustrates all IP address-based technologies | Cybersecurity | SIDNIPv4 is creaking at the seams
Oh no, #CGNAT is wreaking havoc again! Our beloved IP address-based #tech is more frustrated than a cat in water. SIDN's #article bravely tackles the issue, but somehow ends up sounding like a Dutch IKEA manual. 
https://www.sidn.nl/en/news-and-blogs/cgnat-frustrates-all-ip-address-based-technologies #IPaddress #Frustration #SIDN #DutchIKEA #HackerNews #ngated
SIDN - The company behind .nlCGNAT frustrates all IP address-based technologies | Cybersecurity | SIDNIPv4 is creaking at the seams
CGNAT frustrates all IP address-based technologies (2019) — https://www.sidn.nl/en/news-and-blogs/cgnat-frustrates-all-ip-address-based-technologies
#HackerNews #CGNAT #IPAddress #Technology #Networking #InternetIssues #2019
SIDN - The company behind .nlCGNAT frustrates all IP address-based technologies | Cybersecurity | SIDNIPv4 is creaking at the seams
Discussione continua
@torproject same with #obfs4 bridges: there is no option to say like ports=80,443 or similar, which makes it cumbersome to get said bridges.
- And yes, for people stuck on #publicWiFi and shitty #MVNO|s this is most likely the only way they can get any #Tor connection work through #CGNAT and #firewall|s, as most do #BlockTor and it's associated #ports alongside common #proxy ports like 8000-9999 and anything they can't #MITM that isn't #HTTPS or #IMAP!
And trying to get places to #DontBlockTor that criminalize the use of #Tor is foolish at best.
Ha risposto nella discussione
@herrorange how?
Like I really wounder why...
Is it due to shitty #CGNAT at the #ISP end and #Skype doing aggresssive #HolePunching through any #NAT or some other #ISP-side shenanigans?
Soplan vientos de cambio en las tendencias de desarrollo de sistemas informáticos. Queda una semana para el apocalipsis #Docker y quienes tengan solo #IPv4 con #cgnat se van a divertir tratando de hacer pulls. Recordando que a partir del 1 de marzo de 2025 solo se podrán hacer 10 pulls por hora por IPv4. Con cuenta registrada, solo 40 por hora. No queda claro si esas cuentas pueden ser desde la misma IPv4, pero ya estará obligando a crear configuración adicional y complicar (todavía más) todo.
Mmmh, wenn wir hier irgendwann auf Glasfaser wechseln, wird wohl das Thema Carrier Grade NAT akut. Für mich als Betreiber eines Home-Servers sehr relevant. Offenbar gibt es verschiedene gute Lösungen, die ich bereits im Vorfeld testen werde. Hoffe, so bin ich auf den "Tag X" vorbereitet.
With #IPv6 there's no reason for ISPs to be stingy with public IPs. Over-provisioning shared IPs and #CGNAT are now archaic workarounds for a problem that no longer exists.
#internetaccess #networking #tcpip
Discussione continua
Issues aside it's now 15 years since I started using #Tor / @torproject & @guardianproject / #Orbot on #Android full-time.
- Not just for #privacy, but because it acts as a #PerformanceProxy on #throttled #German mobile networks!
Because in #EDGEland they yeet users to 64kBit/s if not even lower to 16kBit/s past paid bandwith and instead of properly renegotiating the bandwith, they trottle connections by reducing the packet rate / dropping packets, making it as #laggy as a #GSO-based #SATCOM connection!
Ha risposto nella discussione
@kubikpixel @malwaretech @tomscott or to put it into perspective:
I worked at a telco, and whilst clients were above-average in terns of bahaviour, one does get a high single digit or low double-digit amount of LEA requests per day per x million customers.
Now imagine the average #VPN has similar utilization as a #CGNAT, so easily they'll have #LawfulInterception going on 24/7 because logless VPNs are a lie and besides circumventing #Geoblocking they don't do anything else...
- In fact I'd argue it'll be more privacy friendly to self-host a VPN on-demand with flexible hoster or just having a fixed IP at home, simply because those usually have a higher bar for getting surveillance approved.
TLDR: Just get @torproject @tails_live @tails / #Tails and good.
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Ha risposto nella discussione
@wmd @miqokin also the same Issues are by my own experience are better solved via @torproject / #Tor, @guardianproject 's #Orbot & @micahflee 's #OnionShare just to name a few.
- Not to mention most #MobileNetworks illegally use #RFC1918 space like 10.0.0.0/8 for #CGNAT, intentionally bricking #VPN|s in order to force #progessionals and #businesses in way more expensive contracts as they need a "real" VPN for work...
chaos.social🌈☔🌦️🍄 (@wmd@chaos.social)@kkarhan@infosec.space @miqokin@denden.world another is protection from your 1st mile provider. Being on broken wifi, or wireless networks that are free but sell your data. Or where they limit your internet access a lot (only http/https allowed).
There's plenty of reasons for VPN. Enough to avoid such oversimplified harsh claims.
If you do stuff that puts you in the spotlight though, and need internet for it, yes, consider tor, but also do way more research than reading 1 toot.
(2/2)
Alright getting the new #Calyx #hotspot set up was pretty fucking easy. Went with the Inseego Mifi X Pro 5G (M3000) since it has an ethernet port.
Was simply a matter of unplugging the ethernet port from the #Starlink router and plugging it into the #Inseego mifi and enabling said Ethernet port on the Mifi.
Since both #Tmobile and Starlink both use #CG-NAT I really didn't need to change anything in my #Synology router.
Only thing I did do is I turned on IP passthru and enabled that on the Ethernet. Basically putting the Mifi into "bridge" mode that Starlink used to call it.
And now we're cooking.
And now I can kiss #ElonMusk and Starlink goodbye and save about $75 a month in broadband costs.
At least Starlink is going to let me return my equipment for "up to" a $200 refund.
Whatever.
#Sweden has a pretty convoluted way for private users to get Internet access: We deal with ISPs, but they in turn deal with Communication Operators.
This week my city network changed their CO, while I still have an ongoing contract with my existing ISP. The change of CO meant that things started getting routed through different equipment, and so my home ended up getting new IP address assignments.
#IPv6 was relatively simple: I just switched my prefix everywhere I had set it, and restarted some services. I'd hate to have to do this at work, but at home it was done in an hour or so.
The legacy protocol, however.. For the first time in my life I was cursed with #CGNAT. Happily it was just a matter of registering with my ISP for a routable #IPv4 address, but from now on, this luxury will cost me a small sum every month: One IPv4 address is around $5/month. My /56 IPv6 subnet is free. Let's help get rid of the legacy protocol once and for all...
Hier ein #CGNAT Beispiel eines regionalen Glasfasernetzbetreibers https://radar.cloudflare.com/adoption-and-usage/as30766
Selbst der Wireguard Tunnel ist nicht stabil.
Dieser #LegacynetServiceProvider bietet nichtmal #IPv6 an. Betrieb von Diensten für die Familie ohne Relay Server nicht möglich.
Zu dem Leserbrief über Glasfaser Anschlüsse aus dem @ct_Magazin
~1000 #IPv4 Adressen müssen für ca. 15k Kunden reichen.