• 0 Posts
  • 111 Comments
Joined 6 months ago
cake
Cake day: September 26th, 2024

help-circle






  • The Ghz shouldn’t make a difference, so long as it’s on the same network. The spectrum used is the physical medium, a device on the WiFi and wired networks of the same network can talk to each other. Different AP may (should) be on separate channels within the given spectrum to avoid signal overlap, but still work the same.

    Why would you have to specify what frequency it’s on? The only thing the phone would need to replicate to the device is the network ID and key.


  • I don’t have a solid answer to that, but the recent PhD a candidate that got swiped as I gather was in the middle of a crowded space. If a hand ful of people showed up, and other emboldened by those first few joined in, pretty soon those handful of thugs would be surrounded and you can bet that there wouldn’t be a missing person out there. They have guns and handcuffs, but the people number in the millions and can overwhelm by sheer force of numbers.

    I still recall the image of the police HQ in Minneapolis taken over during the Floyd protests. People went directly into the lion’s den and claimed their place. It can happen again, somewhere out there a spark is just waiting to be lit.





  • What you might call a stateful NAT is really a 1-1 NAT, anything going out picks up an IP and anything retuned to that IP is routed back to the single address behind the NAT. Most home users a many to one source nat so their internal devices pick up a routable IP and multiple connections to a given dest are tracked by a source port map to route return traffic to the appropriate internal host.

    Basically yes to what you said, but a port forward technically is a route map inbound to a mapped IP. You could have an ACL or firewall rule to control access to the NAT but in itself the forward isn’t a true firewall allow.

    Same basic result but if you trace a packet into a router without a port forward it’ll be dropped before egress rather than being truly blocked. I think where some of the contention lies is that routing between private nets you have something like:

    0.0.0.0/0 > 192.168.1.1 10.0.0.0/8 > 192.168.2.1

    The more specific route would send everything for 10.x to the .2 route and it would be relayed as the routing tables dictate from that device. So a NAT in that case isn’t a filter.

    From a routable address to non-route 1918 address as most would have from outside in though you can’t make that jump without a map (forward) into the local subnet.

    So maybe more appropriate to say a NAT ‘can’ act as a firewall, but only by virtue of losing the route rather than blocking it.




  • NAT in the sense used when people talk about at home is a source nat, or as we like to call it in the office space a hide address, everyone going to the adjacent net appears to be the same source IP and the system maintains a table of connections to correlate return traffic to.

    The other direction though, if you where on that upstream net and tried to target traffic towards the SNAT address above the router has no idea where to send it to unless there’s a map to designate where incoming connections need to be sent on the other side of the NAT so it ends up being dropped. I suppose in theory it could try and send it to everyone in the local side net, but if you get multiple responses everything is going to get hosed up.

    So from the perspective of session state initiation it can act as a firewall since without route maps it only will work from one side.