Novel attack against virtually all VPN apps neuters their entire purpose

jeffw@lemmy.world to Technology@lemmy.world – 494 points –
Novel attack against virtually all VPN apps neuters their entire purpose
arstechnica.com
137

You are viewing a single comment

Efforts have been put in for several decades now

I still remember all the hype around "IPv6" day about 12 years ago...

Any day now...

Honestly I'm on a IPv6 provider (with CGNAT for IPv4-only services) and everything works fine.

I think people are just lazy.

I don't think it's laziness, it's financial incentive—there's not much demand for something that might be quite a lot of work from a lot of companies' perspectives.

Hell, IIRC AWS only started supporting IPv6 completely on the cloud service that hosts a huge percentage of the internet's traffic about 3 years ago

I'm a little curious about your situation though—with regards to the CGNAT, does everyone on your ISP effectively share one (or a small pool of) IPv4 address(es)? Do you ever see issues with IP restrictions? (e.g. buying tickets for events, etc)

Luckily I haven't noticed any restrictions.

My provider uses the same IPv4 for four different customers, and it lets each one of them use a different range of 12000 ports each (of course, the random user on ports 1-12000 is the "luckiest" one because he could theoretically host a website on port 80 or 443).

But this means I can expose my Torrent client or Plex or any other services on a custom port, directly forwarded.

It works really well in my experience. The provider is Free (France).

CGNAT is certainly becoming a real issue. In the UK at least legacy providers have millions of IP addresses in the bank and new disruptive providers do not have access to these except at extremely inflated rates.

When I changed one of these new disruptive providers I was unaware that CGNat would be imposed and all of my security cameras were no longer accessible. Fortunately they did move me off CGNat when I asked but they said it may not be forever.

Like always I don't think this will be dealt with in any speedy capacity, unless we get lucky and some correctly positioned legislator can't do what they want to do with their internet connection. Then it might get expedited.

Let's hope that the EU steps in. It's the only institution in which I have some faith left in...