On 02-27-22 22:25, Nightfox wrote to Vk3jed <=-

You have all your ports exposed publicly to the internet? Or perhaps there's an alternative to NAT that I'm not aware of..? I thought pretty much everyone with internet at home would be using a router, and I
thought NAT a standard feature of a router for some level of
protection.

NAT != security. You've fallen for the big myth that NAT is somehow more secure. All it does is screw up some protocols (FTP anyone?), and puts arbitrary limits on incoming traffic (2 BBSs on the same port, NO WAY!).

NAT is an ugly hack to help with IPv4 shortages.

First defence is only have the services (daemons) you need running and listening only on the IP/port combinations you want. If further limiting of access is needed, then there's this wonderful thing called a firewall. ;) iptables on Linux does an excellent job, and even Windows Firewall doesn't do a bad job, if properly configured.


... You were sent here as a warning to others, weren't you?
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au

On 02-28-22 05:03, MRO wrote to Vk3jed <=-

well, we're assuming people here are somewhat powerusers, and they have multiple computers and devices. also it helps to have some type of hardware firewall up. ---

That still doesn't necessarily mean NAT. Firewalls have been around _much_ longer than NAT.


... People are always available for work in the past tense.
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au

Re: Re: the nothing to hide a
By: Vk3jed to MRO on Fri Mar 04 2022 06:57 pm

On 02-28-22 05:03, MRO wrote to Vk3jed <=-

well, we're assuming people here are somewhat powerusers, and they have multiple computers and devices. also it helps to have some type of hardware firewall up. ---

That still doesn't necessarily mean NAT. Firewalls have been around _much_ longer than NAT.

... People are always available for work in the past tense.

so what are we arguing about? you neek saying NAT over and over again. that's all i'm geting.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: Re: the nothing to hide a
By: Vk3jed to MRO on Fri Mar 04 2022 06:57 pm

well, we're assuming people here are somewhat powerusers, and they
have multiple computers and devices. also it helps to have some
type of hardware firewall up. ---

That still doesn't necessarily mean NAT. Firewalls have been around _much_ longer than NAT.

Probably does. Most home users only have a single IP.

Firewalls only preceeded NAT by few years, and stateful firewalls came a couple years after NAT.


- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org

Re: Re: the nothing to hide a
By: Vk3jed to Nightfox on Fri Mar 04 2022 06:55 pm

thought pretty much everyone with internet at home would be using a
router, and I thought NAT a standard feature of a router for some
level of protection.

NAT != security. You've fallen for the big myth that NAT is somehow more secure. All it does is screw up some protocols (FTP anyone?), and puts arbitrary limits on incoming traffic (2 BBSs on the same port, NO WAY!).

You're both conflating NAT and PAT, and neither of them screw up protocols. Stateful firewalls screw up protocols if they're misconfigured and not tracking the full conversation.

;) iptables on Linux does an excellent job

The only thing IPTABLES is good at is that it's stable and free. It's archaic and damn near useless for anything other than port blocking and logging traffic.


- Andre

---
■ Synchronet ■ Radio Mentor BBS - bbs.radiomentor.org

Re: Re: the nothing to hide a
By: Andre to Vk3jed on Fri Mar 04 2022 05:41 am

The only thing IPTABLES is good at is that it's stable and free. It's archai and damn near useless for anything other than port blocking and logging traffic.

I am more of a pf fan than an iptables fan, but Iptables is actually fine for redirecting, man-in-the-middleing and doing other tricks other than blocking and logging.

--
gopher://gopher.richardfalken.com/1/richardfalken

---
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

I am more of a pf fan than an iptables fan, but Iptables is actually fine for redirecting, man-in-the-middleing and doing other tricks other than blocking and logging.

Yes, but that's not IPTABLES doing any of that. All it's doing is managing packet routing and state (I know I'm oversimplifying it, but let's be
realistic about what people actually do with it most of the time).


- Andre

---
þ Synchronet þ Radio Mentor BBS - bbs.radiomentor.org

Re: Re: the nothing to hide a
By: Andre to Arelor on Fri Mar 04 2022 08:22 am

I am more of a pf fan than an iptables fan, but Iptables is actually fine redirecting, man-in-the-middleing and doing other tricks other than blocki and logging.

Yes, but that's not IPTABLES doing any of that. All it's doing is managing packet routing and state (I know I'm oversimplifying it, but let's be realistic about what people actually do with it most of the time).

- Andre

If you want to split hairs, it is not Iptables doing that. It is Netfilter. Iptables is only loading rules into the kernel :-)

--
gopher://gopher.richardfalken.com/1/richardfalken

---
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

On 03-04-22 05:11, MRO wrote to Vk3jed <=-

so what are we arguing about? you neek saying NAT over and over again.

Maybe try reading the message. :)


... An Elephant; A Mouse built to government specifications.
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au

On 03-04-22 05:36, Andre wrote to Vk3jed <=-

That still doesn't necessarily mean NAT. Firewalls have been around _much_ longer than NAT.

Probably does. Most home users only have a single IP.

Another assumption - who says the BBS was going to be hosted at home? Sure, many are (including mine), but I could have used (and did consider using) a
PS.

Firewalls only preceeded NAT by few years, and stateful firewalls came
a couple years after NAT.

Sounds about right.


... Dachshund kennel ad: Get a long little doggie.
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au

On 03-04-22 05:41, Andre wrote to Vk3jed <=-

You're both conflating NAT and PAT, and neither of them screw up protocols. Stateful firewalls screw up protocols if they're
misconfigured and not tracking the full conversation.

Hmm, what about active FTP? DCC (on IRC)? Just to name a couple that have been affected.


... Observe the procedures of a general alert.
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au

Re: Re: the nothing to hide a
By: Vk3jed to MRO on Sun Mar 06 2022 08:43 pm

On 03-04-22 05:11, MRO wrote to Vk3jed <=-

so what are we arguing about? you neek saying NAT over and over again.

Maybe try reading the message. :)

you: nat nat nat. it's not nat. nat nat nat
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Vk3jed wrote to Nightfox <=-

On 02-27-22 22:25, Nightfox wrote to Vk3jed <=-

NAT != security. You've fallen for the big myth that NAT is somehow
more secure. All it does is screw up some protocols (FTP anyone?), and puts arbitrary limits on incoming traffic (2 BBSs on the same port, NO WAY!).

It's in no way a secure model, but I liked my first setup, where I had a single IP address and a Linux box with 2 network cards. I ran all of my services on the box directly with iptables running, and NATed the rest of my lan over the second card.

Easy, less hassle with NAT, and everything worked.

Admittedly, this was in kindler, gentler times.



... No ceremonies are necessary.
--- MultiMail/DOS v0.52
■ Synchronet ■ .: realitycheckbbs.org :: scientia potentia est :.

Re: Re: the nothing to hide a
By: MRO to Vk3jed on Sun Mar 06 2022 08:18 am

Re: Re: the nothing to hide a
By: Vk3jed to MRO on Sun Mar 06 2022 08:43 pm

On 03-04-22 05:11, MRO wrote to Vk3jed <=-

so what are we arguing about? you neek saying NAT over and over
again.

Maybe try reading the message. :)

you: nat nat nat. it's not nat. nat nat nat

All these nats. I think someone needs to start spraying for bugs.
---

Sincerely,
Jon Justvig
Stepping Stone BBS
telnet://steppingstonebbs.com
http://steppingstonebbs.com
---
■ Synchronet ■ Stepping Stone BBS - steppingstonebbs.com

On 03-04-22 06:56, poindexter FORTRAN wrote to Vk3jed <=-

It's in no way a secure model, but I liked my first setup, where I had
a single IP address and a Linux box with 2 network cards. I ran all of
my services on the box directly with iptables running, and NATed the
rest of my lan over the second card.

Easy, less hassle with NAT, and everything worked.

Yeah not a bad option, if you need only one IP. And there's other ways to harden Internet facing systems, if needed.


... Command not found. Damn, it was here a minute ago... hold on...
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au

Quoting Boraxman to Ogg <=-

I totally agree. We don't expect privacy so it isn't an issue for many
people.

I'm a quad, and I have Amazon Services throughout the house. For myself,
the abdication of my privacy isn't a convenience, it is how I can be as independent as I can.

Security v. Freedom is a lofty argument. The more something is secure, the
less freedom we have. Many people forget this and want 100% of both. Well, there is nothing that is ever 100% secure nor is there anything that is
ever 100% free -- I think of how much a "free" dog costs in medical bills
after the fact.

The best someone can do is strive to strike a balance between the two.

However, for most people, they don't understand the concept of IoT and
never update their TVs, refrigerators, toasters, you name it. Whatever they have in their LANs that pull an IP is vulnerable and a security risk.

People also don't value their information. They don't understand that the myriad of trash they are getting in their email or twit feed, etc. is
largely their own making.

Before we can increase electronic security, we need the public to be
educated on what electronic security touches. I think the average person
would be confounded and overwhelmed with some of the specifics.

Jazzy J


* AmyBW v2.16 *
... I use Windows... on my car, on my house, but not on my computer!

---
■ Synchronet ■ BayouBBS.Net, Ports 23, 6401 and 6402

Jazzy J wrote to Boraxman <=-

@MSGID: <622DDCFC.2296.dove-internet@jayscafe.net>
@REPLY: <62084A5E.5205.dove-int@bbs.mozysswamp.org>

Quoting Boraxman to Ogg <=-

I totally agree. We don't expect privacy so it isn't an issue for many people.

I'm a quad, and I have Amazon Services throughout the house. For
myself, the abdication of my privacy isn't a convenience, it is how I
can be as independent as I can.

Security v. Freedom is a lofty argument. The more something is secure,
the less freedom we have. Many people forget this and want 100% of
both. Well, there is nothing that is ever 100% secure nor is there anything that is ever 100% free -- I think of how much a "free" dog
costs in medical bills after the fact.

The best someone can do is strive to strike a balance between the two.

However, for most people, they don't understand the concept of IoT and never update their TVs, refrigerators, toasters, you name it. Whatever they have in their LANs that pull an IP is vulnerable and a security
risk.

People also don't value their information. They don't understand that
the myriad of trash they are getting in their email or twit feed, etc.
is largely their own making.

Before we can increase electronic security, we need the public to be educated on what electronic security touches. I think the average
person would be confounded and overwhelmed with some of the specifics.

Jazzy J

Who is going to educate the public though? There is no real incentive for the companies selling these products to do it, in fact, they would thrive of ignorance and lack of knowledge, as people would default to just purchasing something to fix a problem.

I think people don't care because they don't want to have to fight, or be inconvenienced. So instead they try to rationalise away giving away their privacy and control.

I'm not optimistic about where technology and our relationship is going, not at all.

... MultiMail, the new multi-platform, multi-format offline reader!
--- MultiMail/Linux v0.52
■ Synchronet ■ MS & RD BBs - bbs.mozysswamp.org

Re: the nothing to hide a
By: Digital Man to Phigan on Sun Feb 27 2022 01:33 am

Most Synchronet BBSes (e.g. web.synchro.net).

Aha, up there under "Forum". Not bad! I had not seen anyone set that up yet, only the telnet client in a web page thing. Going to check out themeability or whatever. Thanks :)

---
■ Synchronet ■ Final Zone BBS - finalzone.ddns.net - www.xadara.com