undefined | Better HN

0 pointsffsm81y ago0 comments

> Doesn't make sense. NAT hole punching requires you to execute on the target inside the NAT.

Why doesn't it make sense to you? From my perspective the idea was that the NAT protects your devices - and your device is now punching a hole into this protection, making it vulnerable to the world wide web

This circumventing doesn't have to be done by a malicious actor, it just comes at the added risk of becoming "targetable" from the Internet

0 comments

3 comments · 1 top-level

tjoff1y ago· 2 in thread

Because it is the same thing as opening an outgoing connection but with more steps. The only thing it allows is to connect to someone else that is also behind NAT.

It has no bearing on security.

ffsm8OP1y ago

By this logic, a firewall has no bearing on security either. It just drops packets / makes devices unadressable unless a route has been allowed/ a port has been opened

tjoff1y ago

What, no?

Please explain why the ability to establish an outgoing connection through NAT, when you already have a sidechannel, is a security issue?

1 more reply

j / k navigate · click thread line to collapse