fsebugoutzone.org:9999

       Post AXGSeaOR59krZDFdXk by lamp@berserker.town
 (DIR) More posts by lamp@berserker.town
 (DIR) Post #AXFO9t9IhjRRmlJpJ2 by lamp@berserker.town
       2023-07-01T10:13:27Z
       
       0 likes, 1 repeats
       
       Does #IPv6 have something like #UPnP? Since stateful firewalls are necessary for complimentary security but there should be a way for a client to ask the router for exceptions
       
 (DIR) Post #AXFPSniVE21GOUMlZQ by DasSkelett@noc.social
       2023-07-01T10:28:00Z
       
       0 likes, 0 repeats
       
       @lamp yes indeed, there is the Port Control Protocol PCP (https://en.wikipedia.org/wiki/Port_Control_Protocol) as successor to NAT-PMP, again successor to UPnP (the port forwarding part of it). It has explicit support for IPv6, but whether all the cheap consumer CPEs support PCP with IPv6 is a different question...
       
 (DIR) Post #AXFPketQlpWMEwzcnI by lamp@berserker.town
       2023-07-01T10:31:19Z
       
       0 likes, 0 repeats
       
       I think a typical household internet connection should be fully functional without having to change settings on the router at all.Being able to function as a server is necessary for peer to peer topology, and P2P networking is needed for the lowest latency real-time communication: video conferencing, gaming, #VR... And #STUN/TURN just seems ridiculous.
       
 (DIR) Post #AXFpZMjeXOkPY1hA4e by RoboMWM@berserker.town
       2023-07-01T15:20:36Z
       
       0 likes, 0 repeats
       
       @lamp when I home hosted a tf2 server a decade ago they mailed about excessive usage or somethin, and nowadays most isps have a bandwidth cap..
       
 (DIR) Post #AXGM06gxUYwq8rEJqy by falcon@mastodon.falconk.rocks
       2023-07-01T21:23:57Z
       
       0 likes, 0 repeats
       
       @lamp I&#39;m completely unconvinced that stateful firewalls in the edge device are actually necessary for security.  Sure, maybe someone can exploit your TCP/IP stack with 0day, but what&#39;s more likely to have it - the device that gets constant updates, or the router that gets them basically never?  The thing to do here is probably have a host firewall, at which point the host can just open ports on itself to the internet when needed.
       
 (DIR) Post #AXGO2zY6hlIklYaplo by dennisglindhart@mstdn.dk
       2023-07-01T21:46:49Z
       
       0 likes, 0 repeats
       
       @lamp https://en.wikipedia.org/wiki/Port_Control_Protocol
       
 (DIR) Post #AXGQSoAXq0oauQ0gBE by lamp@berserker.town
       2023-07-01T22:14:00Z
       
       0 likes, 0 repeats
       
       @falcon Ideally devices should be sufficiently firewalled or secured by default to be connected directly to the internet.The problem is that then anyone could DoS you by sending hundreds of mbps of unsolicited packets and overloading your device or connection. Imagine if you&#39;re on a wireless connection and all these packets have to get through to your device&#39;s firewall so it can decide what to do with those packets.And imagine if it was metered! Nothing you can do to stop it!This is why cellular networks are firewalled at the ISP. The ISP&#39;s much more power routers are much better at dealing with attack and prevent wasting valuable wireless bandwidth and protect you from unfair charges.
       
 (DIR) Post #AXGQhuT0hljymjqdua by falcon@mastodon.falconk.rocks
       2023-07-01T22:16:42Z
       
       0 likes, 0 repeats
       
       @lamp In my experience, ISPs generally do not operate a firewall for you.  If there&#39;s too much inbound traffic toward you they may QoS it, or they may operationally block DoS attacks against their customers, or if your IP is subject to DDoS they will announce a null route for you to source quench the traffic.  The firewalls you&#39;re using uPnP to interact with are CPE.
       
 (DIR) Post #AXGR8s2Dr5mn3qArI0 by lucasmz@hachyderm.io
       2023-07-01T22:21:35Z
       
       0 likes, 0 repeats
       
       @lamp @falcon mine isnt
       
 (DIR) Post #AXGS4c6bEqScS7ku8m by lamp@berserker.town
       2023-07-01T22:32:02Z
       
       0 likes, 0 repeats
       
       @falcon It appears mobile ISPs do, and that makes sense. Conventional hard-line ISPs don&#39;t as far as I&#39;ve seen, but it&#39;s not so much of an issue if the CPE has a strong uplink and still helpful vs weaker wifi connections. But that seems like a vulnerability: a lot of cable internet providers have a data cap, so could someone sending unsolicited packets burn up your data allotment and cause overage charges on you while you can&#39;t do anything about it???
       
 (DIR) Post #AXGSGLC3wTnjTau25Y by falcon@mastodon.falconk.rocks
       2023-07-01T22:34:07Z
       
       0 likes, 0 repeats
       
       @lamp I think either way (firewalling or not) this ends up being a support call generator.  On the other hand, if the connection is never established because the other end isn&#39;t listening or has a CPE firewall, what you have is a SYN flood, and network operators frequently take care of that kind of thing amongst each other.
       
 (DIR) Post #AXGSeaOR59krZDFdXk by lamp@berserker.town
       2023-07-01T22:38:32Z
       
       0 likes, 0 repeats
       
       @falcon on udp though... it might be hard to tell whether a stream of packets is an attack or intentionally wanted. maybe you set up a video stream to your house or something...
       
 (DIR) Post #AXGSlvDA4y5cA0TYdk by falcon@mastodon.falconk.rocks
       2023-07-01T22:39:51Z
       
       0 likes, 0 repeats
       
       @lamp Yes.  It&#39;d be nice to have a more structured way to complain about malicious traffic to your ISP, but on the other hand, problems with this kind of thing (outside the pro gamer world anyway) are so rare as to generate no commercial demand for a solution.