(no title)
egberts1 | 1 month ago
- share a precious IP address at the NAT gateway border
- hide your internal LAN from external network mapper
Last point becomes moot when internal mapping software kicks in, legitimately or not, JavaScript or disingenuous application/daemon/app.
Welcome to Cybersecurity SecOP.
Now this is where Carrier-Grade NAT really shines: added functionality of handling mobile devices' changing IP addresses as it hops from one subnet to another (switching between G5/CSM/WiFi/personal-hotspot)
mrsssnake|1 month ago
We could create TCP/UDP alternative that would handle mobile IP addresses or even make traffic take multiple of those paths at once (look up MPTCP). But we cannot apply it in real scenarios mostly because of middleboxes (like CGNAT) messing up and limiting the messages that should be taken care of on the endpoint.
egberts1|1 month ago
Web browser visiting Yahoo Mail is poorly comparing your external IPv6 with your home's IPv4 and rejecting your login.
This problem gets worse for Linux users as more and more websites (DirecTV) start to use the NEWEST Yahoo login authentication until AT&T somehow starts disbursing IPv6 inside your LAN, ... or something.
So "NAT" security is technically being compromised by Yahoo's JavaScript.