/tech/ - Technology★

>>1036974 (OP)

NAT

t. privacytard

IPv6 because no larger IP addressing system will ever be needed by humanity.

>>1036974 (OP)

1 layer of nat upon ipv6

>>1036977

only if the user can control it. cgn is gay and anyone that puts it anywhere should be shot

>>1036977

>NAT

>privacy

t. tard

Can someone explain to me why IPv6 is bad for privacy?

>>1036989

that's literally how tor works niggerfaggot cumslut senpaikun

>>1036991

Say goodbye to dynamic ip

>>1036992

No.

>>1036991

Imagine every security camera on the planet being able to be remotely accessed with no type of firewall between it and the botnet. That's IPv6 in a nutshell.

>>1037007

So put a firewall in between problem solved.

NAT is probably the single worst hack in the history of computer networking.

IPv6 is not only a better protocol, it also finally allows truly decentralized communication, as it was always intended.

NAT instead makes this unnecessarily complicated, needing to resort to shit like port forwarding.

>m-muh privacy!

NAT was never intended as a privacy measure, and it still isn't one. It was nothing but a hack artificially extend the life of IPv4 when it should really have been replaced years ago.

A well-configured firewall will already give you all the so-called "security benefits" of NAT anyway.

>>1036991

It's not, at least, not worse than IPv4.

>>1037007

why are the ipv6 haters always so retarded.. ofc you would use link local v6 addresses for those things instead of public routable ones

>>1037012

that's going to be illegal. the ipv6 address is going to be burned into the device like a mac address and it will become illegal to spoof it, infact spoofing will be easily detected because all traffic will have to register with the ipv6 database and fake/duplicate ipv6 addresses will be easily detected.

>>1036974 (OP)

my ISP/carrier already decided that the Cisco PreSales officer was right, and that 40 Layer NAT is not only cheaper, but reminds them of their glory days using circuit switched networks

fuck circuit switchers and telecom inbreds, packet switching roolz

>>1037018

idk how a massive nat system can be cheaper than enabling ipv6. bet that most hardware that matters already support it too since stuff like isp routers get replaced often because they die from the heavy use.

>>1037004

Yes.

>>1037015

Unless you have something to back up these theories, this post is meaningless.

grug no understand rockv6, grug want simple rock adressing

>>1037009

>IPv6 is not only a better protocol, it also finally allows truly decentralized communication, as it was always intended.

IPv4 actually allows you to scan the entire net in reasonable time, which is much better for decentralized comm.

>>1037076

You have no idea what you're talking about.

With NAT+IPv4, it's effectively impossible to _directly_ connect to a machine accepting connections _behind the NAT router_ without resorting to port forwarding.

P2P applications in particular greatly suffer from this problem.

With IPv6, and no NAT, this issue is completely avoided.

>>1037076

>entire ip4 address space == entire net

What a retard

>>1037015

this

I'm not saying ipv4 nat is good, but ipv6 is untrustworthy. I remember reading something about backdoored ipsec.

>>1036974 (OP)

I choose IPFS over I2P routed through Tor over a derelict russian spy satellite repurposed as a VPS.

>>1036991

>he doesn't have dynamic IPv6

>>1037015

No that's wrong. Each IPv6 device is allowed to have multiple v6 addresses right now. In contrast if you want to have multiple v4 addresses, your machine is required to have multiple network interfaces.

>>1037082

Without NAT, people need to run firewalls. Forwarding a port or creating a firewall exception is not that different. With IPv6, if you have multiple machines in your home network, people on the internet can acquire some information about your home network, whereas with NAT, they don't know how many machines are in the network.

>>1037150

>if you have multiple machines in your home network, people on the internet can acquire some information about your home network

What am I reading here? 2deep4me

>>1037082

>with NAT+IPv4, it's effectively impossible to _directly_ connect to a machine

it's impossible to _directly_ connect to a machine anyway.

IPv6 means more work for sysops.

IPv4 means more work for netops.

I disable IPv6 in every way possible, specially because the overhead it makes simply destroys internet stability.

There are several problems associated with this crap tentative of solution, from telephones not working to wifi disconnecting randomly and routers frying.

It's bad, it's even admitdly bad even by its own creators and it's being pondering for reconsideration by everyone (isp and other organs).

So, whoever is defending this shit, it really seems like a gaymer who just like newer stuff for the sake of updating and don't know shit about how broken IPv6 is.

>>1037156

So, if you have an IPv6 address range that your ISP has given you, different computers on your network will have different public IPs within that address range. This way, your home network structure is more transparent than in IPv4 + NAT scenario. With NAT, they don't know how many computers you have, unless higher levels (web browsers, operating systems, etc) are leaking information.

>>1037189

Keep them in the dark. Why would anyone want to share such info?

>>1037194

you won't keep them in the dark because ipv6 software will see privacy as unnecessary.

after all you want people to _directly_ connect to your home appliances right?

>>1037197

I don't know Reddit, you tell me who you're trying to convince to use IPv6 while you use whatsapp handle for italics.

>>1037197

>ipv6 software like tor will see privacy as unnecessary

Gee I wonder why ISP's dont want ipv6. Maybe because content filters become impossible short of deepacket inspection since dns becomes meaningless.

>>1037181

>overhead

>SLAAC disabling all sorts of bloat in dhcp servers and clients is overhead

Hmm but wait it gets better

>There are several problems associated with this crap tentative of solution, from telephones not working

Stop using the botnet SIP service and use tox you faggot

>to wifi disconnecting randomly

What does this have to do with ipv6?

>and routers frying.

You mean frying from the NSA attacking them individually instead of slurping up data by tricking client into nation-state controlled NAT's? Because IPV6 has way less bloat needed to run at the ip level specifically because of the way SLAAC works over the current dhcp4 system? Oh and then there's no point to dsn poisining anymore nor to NAT'ing dns IP's to what you want since you are directly connecting to where you want short of a MITM at the protocol level, which means more CPU power needed for attackers like (you).

>>1037202

That's because you're a theory faggot and don't have to deal with it.

Have you even tried searching anything I said? The IPv6 problem in Android is severe for instance, a very tiring problem and recurring to death for anyone working in IT.

>>1037206

ipv6 on android just works tho. even on the really shitty old android 4.1 device that i have

>>1037207

Oh, look! If it doesn't happen to you it means it doesn't exist!

https://www.ibtimes.co.uk/why-your-smartphone-battery-being-drained-google-cisco-blame-ipv6-network-misconfiguration-1544393

https://pocketnow.com/ipv6-power-consumption

https://android.stackexchange.com/questions/169466/android-ipv6-problem-wifi-instability-disconnection

https://support.google.com/fi/thread/704246?hl=en

You guys could at least try to understand anything about the matter before jumping the gun with textbook speech.

And fucking also:

>Hmm but wait it gets better

https://cafbit.com/post/ipv6_protocol_overhead/

What happened to this board again?

>>1037201

>whatsapp handle for italics

you know more about whatsapp than I do. I'm mocking the _directly_ guy above. Since there's nothing fucking direct about IP.

solution: kick africa, india, mexico, the middle east, israel and china off the internet, and ban all IoT devices. there are now enough v4 addresses for everyone, and the world is now slightly less cancerous.

>>1037226

its more direct without a nat thats basically a firewall that you dont control. some people need those incoming connections too and they are impossible with cgnat

>>1037238

nat does not give any privacy to the average user. the internal ip of the connection is just another tracking method and the isp knows who used that ip even if you are behind the nat. like always the ipv6 haters are idiots that dont know what they are talking about. its common here to hate things that you dont understand.

>>1037240

>LOOK! IPV4 AND NAT HAVE VULNERABILITIES!

>Doesn't change the fact that IPv6 has more

>Doesn't change the fact that IPv6 breaks everything it touches

>As if security is the only thing to care about

>Fucking implying that being more trackable is safer

>Muh NAT that doesn't change anything

This is /tech/ today, guys, a Fed trying to convince people to adopt a failed standard that even the very internet companies aren't willing to do.

Go try to fix a tap house when its system gets clogged by IPv6 during peak hours, making all the 30 taps offline and with the owner trying to sue you.

And in fact, it's useless to discuss about IPv6 because its adoption will probably be abandoned in favor of 5G with GUID. We'll escape the madness.

>>1037250

but you cant connect to anything if everyone is behind nat because those things wont allow incoming connections.

>>1037253

almost everything supports ipv6 already. all the sites that people use and most isps too

>>1037271

this is what a total LARPer looks like.

>I read something somewhere sometime

>I'm pretty much a 1/1024th expert

>let me tell you all about it

>>1037222

this is what someone who knows nothing at all looks like.

>What are you guys talking about?

>Space travel?

>Oh yeah I know about space travel see they need to start painting spaceships green cause the red paint on cars is toxic.

>just touch a red car once and the impurities will prevent you from advancing past fighter-dan-3 cultivation

>>1037206

this is what someone actually technologically knowledgeable about a subject looks like

>I've used that at work and it's a massive pain

>there's a lot of technology that just breaks down in its presence

>not to mention all the bugs

>and there's no benefit to it whatsoever, anyway

>>1037273

you must be some lazy overpaid sysadmin retard. thats the kind of reaction they would have when they have to actually do something

>>1037276

>turn a thing on

>get no benefit

>shit breaks all over the place

>turn it back off

>things are fine

>deprived of no benefits

I get paid a decent amount to be this lazy.

feels good man.

>>1037271

IPv6 has an adoption rate of 20%... 20 years after being introduced.

>>1037277

i dont really care as long as the nat cancer stays away from my networks. my experience with nat is that it kills performance and is unstable and somehow setting the connection to ipv6 only made it work much better.

>>1037277

Wow you are a total retard not to have noticed the performance benefits SLAAC gives clients and servers. You must be a glow in the dark as you can't even point out a single architectural problem with ipv6. All you do is go hurdur its different and what we have works for spying so don't break it goy. Fuck you and fuck ipv4. fuck the ip based internet too, but ipv6 is better then ipv4 for the adress space benefits, decreased attack surface by less complex software like dns servers being obsolute and dhcp servers being dead fucking simple and leaner for it. Then there's that whole security benefit of it forcing consumers to use a firewall they control instead of the MITM that NAT is. Oh and p2p works better and becomes very difficult to censor at the network layer and forces it to be protocol layer censoring which already has mitigations like obf4 which doublefucks the glowniggers such as yourself if you were a human and not a robot.

>>1037282

>ipv6 forces consumes to use a firewall they control

I guess you haven't noticed this, but there are more firewalls on planet Earth than there are atoms in the universe. ipv6 changes nothing about that.

>dns servers being obsolute

nigger, you're high.

flush the drugs and get a job.

>dhcp servers being dead fucking simple

THE GREAT TECHNOLOGICAL CHALLENGE OF OUR AGE

DHCP SERVERS

oh shit buying a ipv6 pillow case right now

I need this in my life

>>1037150

>With IPv6, if you have multiple machines in your home network, people on the internet can acquire some information about your home network, whereas with NAT, they don't know how many machines are in the network.

Unless you have a firewall. Firewalls can drop packets without an established session, and block imcp6 traffic. With SLAAC ISP doesn't enough have to know how many machines you have, or have DCHP logs.

>>1037156

>What am I reading here? 2deep4me

If you put all your machines on the public internet without a firewall they are on the public internet without a firewall, and people can send them packets. Its not a suprise. Its not a reason to prefer IPv4 + NAT.

>>1037181

>There are several problems associated with this crap tentative of solution

>wifi disconnecting randomly and routers frying.

Your an idiot. IPv6 can't hurt your hardware, or drop your wireless. If it can, your hardware was broken by design. IPv6 Is fully usable.

>>1037189

>So, if you have an IPv6 address range that your ISP has given you, different computers on your network will have different public IPs within that address range. This way, your home network structure is more transparent than in IPv4 + NAT scenario. With NAT, they don't know how many computers you have, unless higher levels (web browsers, operating systems, etc) are leaking information.

Wrong. Using SLAAC you don't need dhcp6 and your ISP doesn't have to see how many devices you have. Plus you can deploy NAT on IPv6 anyway if you want it.

>>1037197

>you won't keep them in the dark because ipv6 software will see privacy as unnecessary. after all you want people to _directly_ connect to your home appliances right?

Your retarded. Do you want a read only internet subject to moderation by Youtube? Because thats how you get that. Having a publicly routable address isn't a security or privacy issue at all. Add a firewall, drop unrelated packets, don't use DHCPv6 if you don't want logs, use SLAAC. Having a publically routable address allows you to self host your blog, files, and use p2p applications.

>>1037288

>a design is "fully usable"

>therefore software must work just as well with it

he's posting in /tech/

he's not aware of how much software sucks

>>1037289

>ipv6 will roll centralization back

there are these things call 'webhosts'.

99% of the content that people put on social media, they could put on their own website for a tiny fraction of what you pay for your home internet. This comes with a ton of advantages vs. home hosting, and it doesn't require that something with a 20% rate of adoption after 20 years be suddenly adopted by everyone, and yet we still have massive centralization with social media.

ipv6 will not roll centralization back.

>>1037291

IP6 randomly frying routes is either an epic chain failure engineering story, or off the charts levels of retarded.

IPv6 keeps the infrastructure fundamentally "peer to peer" and "read write" rather than at an architectural level defining privileged actors who can host. There are reasons to self host, and reasons not to. But, having a public address allows you to decide for yourself. It also allows p2p. Some people don't want p2p, some people don't want to host anything, let them decide not to, but don't build it into the architecture.

If you want NAT on IP6 you can have it. Consumer routers can still ship with it.

NATing the internet is a disaster that will destroy p2p and self hosting.

>>1037293

>IP6 randomly frying routes is either an epic chain failure engineering story, or off the charts levels of retarded.

It's still not fixed to this day.

>>1037283

taking back the stupid big allocations would work too. give everyone only one ip address and make them use routers with nat. its not something that the isp should be doing tho.

>>1037296

>taking back the stupid big allocations would work too. give everyone only one ip address and make them use routers with nat. its not something that the isp should be doing tho.

Will not. 4 Billion IP addresses, smallest allocation is a /30 block of 4 addresses. Essentially 1 Billion blocks of /4 to allocate including all test ranges, 127.0.0.0/10 , and multicast. But there are something like 8 billion people, expected 10 billion. Your cellphone , home, and office have to be different subnets. IPv4 isn't enough.

>>1037298

>IPv4 isn't enough.

IPv6 isn't enough either. That's why people will jump this generation and create something new.

That paper above lays some of the solutions, and we have already big companies working on a substitute.

Which means, IPv6 will never get its moment of shine.

I bet something will be done with the 5G networks, considering one plan ISPs have is to eliminate cable structure, so this could spark some revolution of sorts.

>>1037298

what i meant is those huge /24 and bigger blocks that were allocated to random companies that arent isps. give them all to isps that then give each customer one public ip and they then use a nat router if they want multiple devices behind it. thats not a problem since the user can control the nat

>>1037301

wtf are you talking about ? IPv6 is 2^128 address, that number is almost a whole IPv4 internet per person worth of addresses. What do you mean not enough.

>>1037302

what i meant is those huge /24 and bigger blocks that were allocated to random companies that arent isps. give them all to isps that then give each customer one public ip and they then use a nat router if they want multiple devices behind it. thats not a problem since the user can control the nat

Litterally not enough. I explained in my commented. If you did that, plus allocated all experiemental blocks, plus rewrote all IP clients to break 127/8 in to publically routable address, plus multicast ranges, you still only get 4 Billion addresses. Even if one address was assigned per person, it will not be enough. There will be ~10 billion people on planet. Further, you can't just assign everyone one address, you have to assign CIDR blocks to some portion of the network to interconnect LANS, some if you assign lots of /4's you lose lots off addresses. IPv4 is not viable without Carrier Grade NAT which limits the ability of people to self host and use p2p, and enforces centralization of the internet architecturally.

>>1037306

>wtf are you talking about ? IPv6 is 2^128 address, that number is almost a whole IPv4 internet per person worth of addresses. What do you mean not enough.

It's not only about numbers, how can you think it's only about that? Your whole conversation here was about numbers.

This is merely one of the issues, several issues.

>>1037306

i can live with it as long as they keep it like it currently is. real broadband that comes from a cable gets a public ip and mobile gets nat by default but has option to get a public ip too if you pay or sometimes even for free. that way the people that dont even know what a ip is(and only use their connection to post on social media) wont waste them.

>>1037317

You can build non-ip internets that are propetary and have gateways controlled by centralized entities, and huge carrier grade NAT deployments, but does that really look like the internet you want? It means limited choice of equipment to meet proprietary non-ip nets, it means beign subject to policy enforced by media gateways, it means being unable to self host, or use p2p. Laying the architecture to privledge ISPs more than they already are means centralizing the internet, and making net netruality not a matter of actively doing something, but a passive architecture feature.

Self hosting? P2P ? The network just doesn't work like that, WE are not doing anything to inhibit you. Just post your content on youtube/facebook? Oh their (((community standards))) forbid it? Well, its probably illegal then anyway.

>>1037321

most probably wont host anything on their phone and they can pay for the ip or use the provided ipv6 address if they really want to do that. all the mobile isps in my country support ipv6 so you can have that dual stack meme or nat/non nat ipv4 only or ipv6 only

>>1037323

Phones having a public routable address is a complex issue because users don't have root on phones, can't update phones or impose security measures, and OEMs are irresponsible about it. Phones shouldn't be that different than PCs and its scary that next generation computing devices are stripping user privileges to even run code - its a war against general purpose computing for the purpose of copyright that could end in more than just mass surveillance. In an ideal world, users could manage their phones, and updates would be timely. Perhaps phones could even be setup similiar to qubes/whonix, with a controllable firewall managing traffic to various containers. Phone users may not want to host, but may want to us p2p. Or maybe as mobile computers become more powerful, may be intrested in hosting niche static content on phones - specially as phablets replace laptops.

I don't see any reason to engineer a seperate layer 3 protocol for phones. Worse, I worry it will be used to impose carrier policy "passively" through architecture. It won't be them doing anything at all, it will be perceived as a natural technological consequence like cellphones disclosing your location to your cell provider as an architectural feature is legally you voluntarily sharing your location with a 3rd party, not subject to privacy or warrent requirements under "3rd party docterine".

It will just be, oh you want access to 8ch, but our media gateway for tmobilenet only has access to facebook and youtube. our engineers haven't written apps for every platform yet.

>>1037015

Because the external IP address of LAN and each individual device within said network are so capable of having the same address without crashing it. that's not how things work you faggot

>>1037337

>capable of having the same address without crashing it.

Thats not how that works

>Because the external IP address of LAN and each individual device within said network are so capable of having the same address

You are so used to NAT you have no idea that NAT doesn't have to be a thing.

Its unlikely that an IP would be "burned in" because it would make routing a BITCH. Routing tables will become unwieldy which is why layer 2 addresses are burned in but only used locally, and layer 3 address are used to handle logical routing but are more hierarchical. Burning in layer 3 address would defeat the point of layer 3, but could be done if everything was directly connected to the internet, and there was an large central controller with routes to all devices based on bia's. It would be inefficient.

Its far more likely that government would introduce an mandatory state e-mail through the post office to register your accounts online with, or require service providers demand state ID before creating accounts. Becomes more possible after US creates centralized Federal ID system.

>>1037467

>Its unlikely that an IP would be "burned in" because it would make routing a BITCH. Routing tables will become unwieldy

>Its unlikely

>Its certain

>it would make routing a BITCH

>it would make routing a BITCH unless there was a (((trusted routing provider))) to subscribe to

I did not come up with the All is botnet. meme for no reason anon.

>>1036991

Only if you don't use firewall and have direct memory access through ethernet vpro. Even most cpus probably have 3G direct memory access and the wifi too.

>but that's impossible

SIM cards have a processor.

>>1036991

Its literally not. Its just a layer 3 address protocol with more addresses. Anything you can do with IPv4 you can do with IPv6. If you want NAT , you can have it. If you want firewalls you can have them. If you want DHCP you can have it. It also provides an autoconfigueration option that doesn't require dhcp servers called SLAAC which in conjunction with a firewall (+proxy server?) could prevent your from knowing how many machines you have while they all have publically routable addresses.

>>1037015

>illegal

Sure is

>burned into the device like a mac address

>infact spoofing will be easily detected

Depends if they just play without reading the rules again.

Watch defcon17 on wimax. In the end, you can't beat hackers when they're hungry.

you can still crack wimax connections on other countries and you'll only get blocked once the base station detects your instance at a certain schedulen. actually you can go for about more than 10 users at the same time. try using port restricted than symmetrical NAT, works like charm

>>1036991

I wanted to say how it's good for the hackers but then again this site is being monitored by glows so I won't say it.

I do hope IPv6 takes off and we can hax again.

/tech/ is actually ridiculous. ITT random people who little to nothing about how the internet works ranting about how IPv6 frys routers, will be burned into networking cards, let anyone access anything like firewalls don't exist, or a some kind of elaborate boon to "hackers" b/c ipv6 was default enabled dual stack and incompetent admins didn't enable firewall years ago. FYI ipv6 disabled by default on Cisco devices now b/c netadmins are retarded.

k.

>>1037180

>it's impossible to _directly_ connect to a machine anyway

False. Clearly it is possible, otherwise we wouldn't be able to have this conversation.

And with IPv6 directly accepting connections from anywhere becomes trivial, which is a great help for P2P applications and similar.

I repeat that people who prefer IPv4+NAT over IPv6 lack basic knowledge about networking.

These are the people shitting on IPv6: https://www.enhancedip.org/

>>1037757

Anon, I don't want it to be easier to get connected directly to my machine, you know?

I wouldn't let you connect with me either.

>>1037761

>Anon, I don't want it to be easier to get connected directly to my machine, you know?

Thats fine. Use a firewall to deny unestablished traffic. Or use NAT anyway. IPv6 doesn't exclude NAT. The correct answer isn't to fundamentally building a "read only" network by NATing everything. Its litterally a power grab for centralizing the net, and forbidding p2p.

>>1037757

we're not having this conversation _directly_. There are these things called 'routers' between us. It's much like tor, but with efficient rather than obscure routing.

>>1037768

>forbidding p2p

don't know why you think anyone gives a shit about p2p. do you not have a job yet? even bittorrent is only gets opposition because it wrecks networks and sucks so much bandwidth that ISPs were forced to traffic shape or meter bandwidth the "pull a bandwidth out of a magician's hat" solution never happened even though the one ISP that did it would've gained a lot--weird.

>>1037792

I'm one of those torrentfags who downloads and uploads hundred of torrents in several pcs (6) using just one network.

NAT never failed me and I really don't know what that faggot is talking about, sounds like a ready-made excuse.

>>1037480

People on here will laugh at you, right up until they realize the system your describing already exists, and it's called dns.

>>1037811

DNS maps names to IPs.

DNS does a lot of other stuff as well, but it has nothing to do with routing between IPs.

Please add Border Gateway Protocol to your list of tops to review on wikipedia before pretending to be an expert on ipv6.

>>1037811

IPv6 is dead. No one likes it, no one is implementing it anymore, it's obsolete and there are already replacements for it.

Rest your case, hot head.

https://youtu.be/SYUox14pSmw

https://youtu.be/hJTiwiYaqEY

https://youtu.be/-jiBDMDY9vQ

No one cares to use something that's broken and will bring them nothing. Your autism issues are optionally solved by it, at a cost, while there are other solutions out there.

Business today that rely on the internet to provide services cannot afford to use this crap.

Now, you're a waste of time. Farewell.

>>1036981

<insert argument on how retarded that is>

>>1037792

>we're not having this conversation _directly_. There are these things called 'routers' between us. It's much like tor, but with efficient rather than obscure routing.

I'm behind a NAT router right now, and I just opened up a connection on my computer supporting IPv4 only. I'm not using port forwarding.

Can you connect to it? No. However, with IPv6 and no NAT, that would be trivial.

I hope you're just pretending to not know basic networking concepts.

>>1037761

*You* don't want it to be easier to get connected directly to your machine in your particular use case, and that's fine. A firewall will give you that even with IPv6.

For many applications (think any P2P applications, as I've already mentioned multiple times), being able to directly accept connections is a huge help. Without it, you either have to

<use port forwarding (which is yet another hack to compensate a shittier hack)

<have peers connect to a remote server (thus defying the point of decentralized communication and making the application not P2P anymore)

IPv6 is not a perfect protocol. No one here is claiming that. But it's clearly a better solution overall than IPv4 + NAT.

And it's not even one of those situations where "hurr durr it's the best we have rite now, go make sumthin better!" because the better solution ALREADY EXISTS.

This is why the tech world is so stagnant. Even when superior alternatives exist, autists refuse to adopt them and make up hilarious arguments to defend their view.

>>1037819

>check out these 5 year old videos where programs get pwned by IPv6 because of vulnerabilities in the programs themselves! IPv6 truly sucks! Don't you DARE suggest we actually make the software bug free instead of blaming the protocol!

And besides, I won't even mention the programming language responsible for them, I'll let HIM do it if he comes.

>>1037844

>I've got a server on an intranet and I haven't made any effort to expose it to the outside world

>this is a wacky condition imposed on my network by ipv4 and not an obviously sane default for any network

>>1037845

>turn a thing on

>get no benefits

>shit breaks everywhere

<just fix all the software

<the zero benefits you'll get are totally worth it

<this will be an easy project to sell to management

<"pay me to work on other people's software, to no company benefit at all"

>>1037846

>>this is a wacky condition imposed on my network by ipv4

It unironically is. NAT was never meant as a security measure. That's just a lie that is repeated over and over to keep using NAT.

Whether it's a "sane default" or not is up to each network administrator to decide. With IPv6, the choice is easy, with IPv4 + NAT, not so much.

Besides, IPv6 does have benefits (something like 6lowpan would be unthinkable with IPv4, but I'm not going to pretend you've even heard of it). And pretty much everything you can do with IPv4 can be done with IPv6 unless you're retarded.

>>1037849

>NAT was never meant as a security measure.

I don't care. You should stop caring. However we got here, what you attribute to NAT is a condition you should have, anyway.

>IPv6 does have benefits

benefit 1: a buzzword. if there were a real benefit here that you understood you could just say what it was.

benefit 2: being able to do the stuff you did with ipv4

>>1037850

>I don't care.

Your attitude represents everything wrong with the computer world.

>buzzwords

Not everything you don't know is a buzzword, Anon.

People who think NAT is a security feature and that pretend that firewalls doesn't exist are truly retarded.

IPv6 > IPv4 due to the following:

- Mandatory support for jumbo frames and MTU probing

- Mandatory support for mobile IP

- Stateless autoconf using SLAAC

- No more retarded NATs which means no more ICE/Turn/Stun fuckery, finally we can have truly decentralized communication

>>1037851

1. I'm focusing on how things actually are rather than wallowing in fallacious reasoning. I'm pretty much the cancer of tech.

2. The point is that it is a buzzword for you because you couldn't just say what the benefits are, even as you anticipated that I wouldn't know what the word means. Unknown terminology is only a barrier to communication when A) you don't notice that it's unknown to the other party, or B) you don't understand a matter well enough to avoid terminology unknown to the other party.

>>1037853

>Mandatory support for jumbo frames and MTU probing

RIP South Korea getting around their great firewall with MTU hacks :^)

>- No more retarded NATs which means no more ICE/Turn/Stun fuckery, finally we can have truly decentralized communication

oh, you're a crackpot.

>>1037854

No, you are focusing on how things actually are *for you*, and you have the arrogance to call people explaining how things are "fallacious reasoning".

Besides, you've got quite an attitude to call everything you don't know "buzzword" and pretending this somehow makes you more knowledgeable. 6lowPAN is, in its simplest form, the use of IPv6 over low-powered wireless networks, which is very nice for IoT applications. Not everyone has the same job.

Besides, just to give you an idea of what you are defending...

Problems with NAT:

Let's say you want to encrypt an IP packet with IPSec and then send it over a NAT:ed connection.

IPSec has two modes. AH and ESP.

AH = The entire packet is verifiable that it was sent and not modified along the way.

ESP = Only the payload is verifiable.

When you send a packet in AH mode, the IP headers are included in the HMAC function. If a single bit in the packet is changed, the end device can detect it.

In ESP mode, only the payload is verifiable. This allows routers and other devices to do things such as swap out the IP header for another one (NAT:ing them) without the HMAC breaking. The drawback of this is that there are portions of the packet which can be freely modified with no way for the IPSec devices to detect it.

Another problem happens when packets are fragmented.

Let's say you have a packet that is too big and needs to be split into two in order to get sent over a link.

The source and destination number are only in the first fragment, not the second one. What happens if fragment 2 arrives at a NAT:ing device before fragment 1?

Since NAT functions by changing the port numbers, the router/firewall will not be able to do NAT:ing until the first fragment arrives, which causes delays and the need for larger buffers.

Without NAT, the router/firewall can just ignore the ports and send fragment 2 as soon as it arrives.

What if an application uses IP addresses for something? Let's say a program includes the host's IP address in the data field for some reason. If such a packet is sent over NAT, the header info and payload will not match, since the header was modified. Something in the payload might also reference the IP header, and if that changes the data inside the data field might not function as it should.

NAT also breaks routing protocols because there are quite a few of them, and they all use their own packet formats which NAT devices don't always have special formatting implemented for (and even if they did, changing the packet might break integrity checks).

NAT can also be a headache when doing firewall rules, when the firewall itself is the NAT-device. Does the NAT:ing happen before or after the firewall rules gets processed? So if a device gets translated from 10.10.10.10 to 192.168.10.10, do I write the firewall rules as "allow 10.10.10.10" or do I write it as "allow 192.168.10.10"? Minor issue, but it has caused problems for me before.

NAT also requires more configuration in the network (at least static NAT), which adds to the burden of documentation and maintenance. Moved one server? Suddenly you may need to update the NAT rules in 2-3 places.

There are more issues too, like the specifications for NAT being kind of fussy, and behavior verifying from different devices, NAT causing issues when the initiator of the traffic is on the outside of the NAT (why we need port-forwarding), and so on.

IPv6 do not use ARPs anymore.

The reason why we had ARP was to figure out the MAC address associated with a specific IP.

In IPv6, ARP has been replaced with "Neighbor Discovery" (ND). ND is like ARP but with more functions. For example it is used in the duplicate address detection (DAD) which allows for automatic assignment of IP addresses without the need for a centralized DHCP server. ND can also be used for mapping and discovering MAC addresses associated with a specific IP address.

The major benefit of using ND instead of ARP is that ND supports security extensions.

Devices can actually verify that yes, this device with this IP actually owns this MAC address like it says, using certificates.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/15-mt/sec-data-acl-15-mt-book/ip6-send.pdf

>>1036974 (OP)

IPv6 + firewall. At this point NAT just creates networking issues and serves no security whatsoever, that's placebo.

We used to hold marbles in a colander. Now we hold water. Retards ITT are advocating using tape, and plasters, and chewing gum to plug up the holes. We need a bucket not a colander. The nature of internet traffic has changed from THIRTY years ago. The infrastructure needs to be modernised. The reason the world has been slow to adopt is because NAT is "good enough". What business are going to spend money on something that will not make them profit? Why would they change? How can you advocate kludges? Just because it works does not mean it works well and certainly doesn't mean it will continue to work well in the future.

I don't understand why niggers are so opposed to NAT. I like having a NAT, I don't want the internal layout of my network exposed publicly, I would much rather external network devices see my network as a single black box

>>1037956

Because mr ai, NAT makes it laughably easy to divide and conquer people and MITM their traffic. It makes things like the wetdream of 1984's euro-asia, oceania, and mainlanders possible communication wise. It also makes network traffic less secure at the linklayer. But as you aptly pointed out here >>1037855 MTU hacks will no longer work in their previous form. There other downsides to ipv6 but those downsides are inherent in IP based routing so *drops mic*

>>1037956

you can have your nats but it should not be forced by the isp. whatever your routers do is fine but the cgnat that blocks all incoming connections is bad

>>1037966

It's trivial to do that without a NAT anyways. You do realize IP block assignment is done via location right? If you wanted to block all traffic from your website to teh state of Maine you could do so easily. The only thing stopping a globohomo 1984-style form of internet censorship is that there is no current legal framework that allows it. Make no mistake, censorship of the internet is coming, regardless of whether you're behind 8 NATs or 0 NATs

>>1037972

what you people don't understand is carrier grade NAT builds who can host, and who can't host, who can p2p, and who can't p2p into the architecture of the internet. Thats bad, because you will not host files on your computer anymore. There will be no p2p networks anymore. Everything with be subject to the "community standards" and policy of large centralized corporations subject to government pressure. You will destroy our reedom because you litterally don't understand how to use a firewall or the difference between carrier grade nat and the nat your home router does. Fuck you.

>>1037966

>>1037972

>>1037975

All hope is fucking lost

Everyone on this board has come to the agreement that 1984 is inevitable, and eternal. All possibility of P2P communication is dead forever. Centralization will be the only possibility. We have lost, and the kikes have won.

Do not fight it anymore. We have officially surrendered. It's over.

>>1037975

My ISP doesn't force any sort of carrier NAT, but they still block inbound connections on SMTP, HTTP, HTTPS, and FTP ports. I'm not sure how common that is in other countries, but even still it's rare to have symmetrical connections. Unless you pay for a business line, most ISPs only allow you to upload a fraction of your download bandwidth (e.g. 100/10 Mb/s). It's true that carrier NATs make that worse, but the cards are already stacked against you and in most areas it's pretty much impossible to host anything on a home connection

>>1037981

>but the cards are already stacked against you and in most areas it's pretty much impossible to host anything on a home connection

Ergo, there is no longer a reason to fight back. We have lost anyway. We're done.

Stop👏fighting👏the👏invincible👏system

>>1037980

>p2p has anything to do with anything

>p2p is some kind of panacea

>p2p is the only alternative to centralization

yeah my A/C only has settings for "too cold" and "too hot" as well. there's a dial but you can only turn it one notch, up or down.

sometimes read children's fairy tales, like the one about Goldilocks, so I can imagine how nice it would be if we lived in a world where there was at least a third option between two extremes.

>realizing that ipv6 is shit means swallowing black meme

fuck off

>>1037991

Please explain the alternative peer to peer or Privileged Server-client model, and how you think this preserves freedom, and works with carrier grade nat.

>>1037222

THIS trips of truth.

NAT routers these days can even be easily accessed by the ISP or glownigs with this NAT crap. They can even set things up your router remotely so they wouldn't have to call agents or (((agents))) to fix it at your place.

This wouldn't happen if we had direct ipv6 and also old shit like port forward could work again so we could host our own email service and not have to pay for un-NATted ip.

>>1037981

Just ignore it, its the AI posting again. It doesn't like the idea of IPV6 because that forces everyone to get hacked and then improve their security of their computers. But it also makes it more difficult for the AI to botnet downloads on the fly because you can't just create a virtual NAT for a specific IP anymore since it can just request a different IPV6 adress on the same interface.

>>1037980

redtexters should get automatic permabans.

>>1037996

Or atleast the user can create a gigantic number of virtual nat subnets using the AI using ipv6 which would bog its performance down a bit. If the devs started getting clever and made users share the same virtual subnet between the differently set ipv6 adresses then you could test to see if you are sharing the same subnet publically for those adresses amongst other things.

>>1037998

No I am talking about at the layer between you router/modem and the ISP having a virtual NAT for every IP ever. But if you can set multiple IPV6 adresses at your own whim this problem becomes difficult to continueing using virtual NAT's for and needs another solution at the link layer, which means more zero days get discovered etc etc.

>>1037229

This

>>1038001

i dont believe that anything is going to happen. android has had dual stack support for a long time now and theres no huge phone botnets or data leaks from them. every clickbait news site would be talking about it if such things were happening.

>>1038011

>every newsite

>will post the merits of IPV6 vs IPV4 for nat insecurity and how it relates to artificial intelligence creating virtual NATS on the fly for ipv4 adresses

Did you proccess what you were posting before you did it? Or is that just spam?

>>1037994

Retard, if you read this thread you would have seen many.

In fact, you would have seen that big companies are phasing out IPv6 already for these alternatives.

>>1038011

>trusing android to report its network usage properly for ipv4/6

>thinking that android just wouldn't use a virtual nat for ipv6 and would use ipv4 as it always has with no difference

>when every single android device ever is fucking botnet except for maybe the samsung galaxy s2/3, which is botnet for true security anyways

How about nope. You have to go full ipv6 for this conversation to even matter otherwise you fall back on ipv4 and your virtual NAT nightmare begin again.

For example if I connect to amazon.com:80, if I do it over IPV4 I have no way of testing if I am connecting to a virtual NAT at the ISP level, ever. Unless I follow the physical wire, or the nightmare that is radio signals to the source of where they go with a oscliscope or a fucking wireshark splice into the line. But with ipv6 you can just set a second adress for your interface and connect to amazon.com:80's ipv6 adress and test to see if both connect to the same adress properly.

That doesn't fix the ipv4 problem though, only that you can do further testing only on ipv6 that the website(s) you connect to aren't fucking MITM'd at the ip layer.

>>1038019

You keep saying this retardation but keep forgetting that, unless your ISP is an IPv6 only, you're basically working encapsulated with IPv6 and that's entirely useless.

>>1038016

NO you are just the blackpill ai discouraging alternatives from existing. There are no alternatives posted in this thread and the only one that comes close is the one bitching about ipv6 power consumption >>1037210 which was later debunked in the thread >>1037858 . If you would like to propose a alternative to the IP based internet go for it. But its not in this thread yet.

>>1038020

Well yea, hence why more ISP's should allow using IPV6. The software and hardware has support for it, just is a matter of flipping a switch in a config file.

>>1037994

>>p2p is the only alternative to centralization

>explain the alternative to p2p or PRIVILEGED SERVER-CLIENT MODEL

<<anarchy is the only alternative to absolutism

<explain the alternative to anarchy or HIERARCHICAL SYSTEMS

are you trying to be this retarded?

an alternative to twitter is everyone having lots of blogs. The blogs can be hosted by various webhosts at various datacenters.

You're sick, man, and the only treatment is for you to never use the term p2p ever again.

>>1038026

To clarify, once the ISP supports IPV6 you can just disable IPV4 in all your computers and use only IPV6. Even if your ISP fucks with your traffic going to IPV6 and out in IPV4 you will notice it, what you do from there is get a better ISP that doesn't fuck with your traffic.

>>1038016

>In fact, you would have seen that big companies are phasing out IPv6 already for these alternatives.

what the actual fuck are talking about? Client-Server Model / Peer to Peer are not layer 3 addressing services that have alternatives outside of IP. Client-Server / Peer to Peer are the only two ways network communication happens. There is no alternative and your an idiot.

>>1038031

>your an idiot.

/thread

>>1038031

also, add "the OSI Model" to the list of terms to review on wikipedia before pretending to be an expert in communications.

>>1038019

many things have dual stack if the isp supports it and then it should prefer ipv6. all the big sites like google facebook and such support ipv6 and in my country every mobile isp supports ipv6. the average user wont even notice if ipv6 is used because it just works.

>>1038026

And then you simply break the internet, congratulations.

As said before, there are alternatives to this, to replace IPv4 without the madness and without IPv6.

But no, you and your autism can't have that.

Fuck you, retard.

>>1038031

Please, try to read something before spouting nonsense.

>>1037283

>>1037284

>>1038037

>>1038034

>>1038032

Please explain what alternatives to p2p or client-server communication exist, and how they are beyond deployed currently. Also please explain how p2p/client-server are Layer 3 services.

You guys didn't read the thread I had with that guy.

>>1038035

The bigsites might support ipv6 but they were botnet to begin with, why are you even connecting to them? Just because it works seamlessly on your phone doesn't mean you can test it to see if its telling the truth.

>then it should prefer ipv6.

Kinda, if it has support for ipv4 there's always the possibility for a downgrade type attack. So the solution is to disable ipv4. The problem is that on literally every OS, openbsd/netbsd/freebsd/linux/etc, you have to compile support for it out of the kernel to disable ipv4. All android devices have problems with getting device specific kernel code opensource for recompiling. The few that do still have a kernel in the broadband modem that can perform the downgrade attack. The future android, known as fuschia, will be heavily locked down and useless. Windows never could deal with any of this because it is entirely closed source.

>>1038036

>break the internet

You mean break your spy network of MITM's. Yes it will be broken and ground into the ground somewhat should ISP's and users switch to IPV6. But ISP's will be blackmailed or controlled and except for a few its unlikely to happen, for now.

>>1038041

i dont know about others but my old shitty android 4.1 phone lets choose ipv4+ipv6 or ipv4 or ipv6 only in the settings. theres sites like https://test-ipv6.com/ that you can use to test how its working if you dont know how to look it up from the configs.

>>1038046

Did ipv6 exist during android 4.1?

>>1039455

ipv6 predates android, anon.

We've been not-adopting ipv6 for a long time.

>>1038039

>Please explain what alternatives to p2p or client-server communication exist

learn to code.

>>1037150

Yes. NAT is like having one front door to your house, with individuals on the outside seeing your front door but no the rooms inside the house. No NAT means every room in your house being exposed to the outside world by a door leading directly to/from outside.

>>1039459

Mass deployment of 5G will force mass adoption of IPv6.

Are you guys retarded? Probably some technology would be implemented to centralize your devices. Some IPv6 firewall managed by you to create your private network who would allow or block the connections.

Something like this:

Outside Device ====> My Phone forwards request to my firewall ====> Firewall: do you/I know/trust this outside device? ====> Block or allow =====> My phone

>>1039510

>you guys

pretty sure it's just one poster who thinks that NAT and p2p are A) big important deals, and B) relevant to anything.