Subj : Re: the nothing to hide a
To   : Nightfox
From : Vk3jed
Date : Fri Mar 04 2022 18:55:00

-=> On 02-27-22 22:25, Nightfox wrote to Vk3jed <=-

 Ni> You have all your ports exposed publicly to the internet?  Or perhaps
 Ni> there's an alternative to NAT that I'm not aware of..? I thought pretty
 Ni> much everyone with internet at home would be using a router, and I
 Ni> thought NAT a standard feature of a router for some level of
 Ni> protection.

NAT != security.  You've fallen for the big myth that NAT is somehow more
secure.  All it does is screw up some protocols (FTP anyone?), and puts
arbitrary limits on incoming traffic (2 BBSs on the same port, NO WAY!).

NAT is an ugly hack to help with IPv4 shortages.

First defence is only have the services (daemons) you need running and
listening only on the IP/port combinations you want.  If further limiting of
access is needed, then there's this wonderful thing called a firewall. ;)
iptables on Linux does an excellent job, and even Windows Firewall doesn't do a
bad job, if properly configured.


.... You were sent here as a warning to others, weren't you?
--- MultiMail/Win v0.52
 þ Synchronet þ Freeway BBS, Bendigo Australia.  freeway.apana.org.au

.