How NSA access was built into Windows

[JonnyLH]

Oh my gosh, you're so paranoid. How's the tin foil flack jacket? (That game can be played both ways. Don't dismiss what I said as if I'm paranoid. I was just stating what is possible, as you just did).

 

 

You don't know what you're talking about, by the way.

Really, my job positions tell me other wise. Ran a hosting company when I was 14 and worked at 3 of the top ISP's in the UK and I'm only 21. I even help the GCHQ set up their scheme for an ISP I worked at, at the time. So please give me points against my argument to make me think otherwise.

 

I'm paranoid? You do realise that the possible threat was confirmed by the GCHQ when the project got announced right? So when you try and discuss a topic, understand it before you make remarks.

Accusations of me being "up-tight" do not help your argument.

Remarks against the nature of which I'm trying to discuss my points doesn't give any more base to your argument. Mine still stands. It was far-right statement, but its relevant.

[thomastmc]

Really, my job positions tell me other wise. Ran a hosting company when I was 14 and worked at 3 of the top ISP's in the UK and I'm only 21. I even help the GCHQ set up their scheme for an ISP I worked at, at the time. So please give me points against my argument to make me think otherwise.

 

I'm paranoid? You do realise that the possible threat was confirmed by the GCHQ when the project got announced right? So when you try and discuss a topic, understand it before you make remarks.

 

So you've done all of that and you think a simple NAT is going to protect you from the NSA? Especially if they were able to get access to and manipulate proprietary source code at the manufacturer level? Why don't we just secure everything behind a NAT and thwart all of the hackers in the entire world then? No need to keep all of those sensitive networks off the public net anymore, you've figured it out :)

 

Did you read in the parentheses? I was making point there that you missed entirely.

[Dick Montage]

Remarks against the nature of which I'm trying to discuss my points doesn't give any more base to your argument. Mine still stands. It was far-right statement, but its relevant.

My argument?  My argument is that by asking that inane question you have undermined any rationality that you have.  Your arguments before then were fairly sound (I may not agree, but the way you argued was sound).  But that stupid question wholly undermined that.

[JonnyLH]

So you've done all of that and you think a simple NAT is going to protect you from the NSA? Especially if they were able to get access to and manipulate proprietary source code at the manufacturer level? Why don't we just secure everything behind a NAT and thwart all of the hackers in the entire world then? No need to keep all of those sensitive networks off the public net anymore, you've figured it out :)

 

Did you read in the parentheses? I was making point there that you missed entirely.

Are you kidding me? NAT doesn't block incoming by choice, its just technically how it works. I could lecture you for a day about NAT translation tables if you want and all the different types of NAT. The fact of the matter is, NAT only allows incoming connections if they're initialised by the client on the end. There is P2P protocols etc, but then again, initialised by the client.

 

It wouldn't happen, and if it did, it'd get spotted very quickly.

My argument?  My argument is that by asking that inane question you have undermined any rationality that you have.  Your arguments before then were fairly sound (I may not agree, but the way you argued was sound).  But that stupid question wholly undermined that.

Emotion doesn't portray well through text, and its a subject matter I feel very strongly about currently. Its my area of work, and like stated before, I even racked the equipment to do this for the GCHQ. It was a very unrational and far-right statement. The disagreement with a snooping platform like this isn't directly related to the opinion of extremism I know. I just struggle to see how people can condone this when its for the greater good. I honestly pass the motion that a terrorist attack would of happened if it weren't for these platforms.

[Dick Montage]

I just struggle to see how people can condone this when its for the greater good.

 

I'm sorry, but do you know what condone means?  It means to give approval to.  You don't see how someone can give approval to something that's for the greater good?  Have you got your argument confused somewhere?

[thomastmc]

Are you kidding me? NAT doesn't block incoming by choice, its just technically how it works. I could lecture you for a day about NAT translation tables if you want and all the different types of NAT. The fact of the matter is, NAT only allows incoming connections if they're initialised by the client on the end. There is P2P protocols etc, but then again, initialised by the client.

 

It wouldn't happen, and if it did, it'd get spotted very quickly.

 

So, what you're saying is... If a network is behind a NAT it's completely safe, and you're some sort of networking wiz kid :) Hardly the case...

 

Just some common vulnerabilities that are well known: http://security.stackexchange.com/questions/11840/how-can-someone-hack-my-pc-if-i-am-connecting-to-the-internet-through-nat

 

Maybe the security portions of your education were written in parentheses, and you just happened to completely miss them, like my point above that you failed to acknowledge.

[JonnyLH]

So, what you're saying is... If a network is behind a NAT it's completely safe, and you're some sort of networking wiz kid :) Hardly the case...

 

Just some common vulnerabilities that are well known: http://security.stackexchange.com/questions/11840/how-can-someone-hack-my-pc-if-i-am-connecting-to-the-internet-through-nat

 

Maybe the security portions of your education were written in parentheses, and you just happened to completely miss them, like my point above that you failed to acknowledge.

If you studied those attacks, then you'd realise they're all done by making your PC creating a connection out, leaving a port open for incoming traffic through the NAT. All attacks through NAT are done by sending a packet outbound first. I've also worked on the design and installation of CG-NAT for two different ISPs.

 

I've learnt most of my knowledge on the job rather at University. I don't want to sound arrogant but the levels of the curriculum on the course I'm on was far lower than what I already knew since I was already experienced in the work. I only kept studying due to the links with companies the University has. Hence why I have had the jobs I've had. Funnily enough though, our security lecturer was very experienced and was excellent at what he did. He was actually tasked in helping the Government with the hacking groups. Me and him often went through a lot of the topologies ISP's had and discussed security around them, that was fascinating. 

[nullie]

knowing the NSA this is exactly what it's used for; they have full ability to decrypt, and fake encryption as whom ever they want. this means any type of encryption, or password protection in Windows is futile. their master key gives them access to everything. passwords and encryption will not stop them from reading your encrypted or password protected data; furthermore, they can easily control your own keys, and probably more easily reverse engineer keys to allow them to pretend they're you, ie use the master NSA key to generate or gain access to your master certificates. that secure communication or signed data can now be signed by the NSA with your name, allowing them to pretend to someone else that they're you.

 

also, this might mean they could break into Windows both locally and remotely more easier. I am without a doubt, knowing how nefarious the NSA is, that this is going on. they probably run tricks on people, and the scope is quite large.

 

I am always saying. The NSA and US government only makes you think that you're in control or have any privacy at any given time. It's all fake and engineered. They always have full control over everything; they are warrantlessly monitoring and into everything. They do pretend to follow the laws on occasion, but not most of the time. They also have the Electronic Brain Link and Remote Neural Monitoring stuff. Full internet, telephone, and electronic communication, wired and wireless signals, bank, and other systems monitoring capability. It's just like the movies, they monitor everything. and it's not Sci-Fi. AI monitors everything for them, and they have control when they want it.

 

nsa.pdf @ http://www.oregonstatehospital.net/

[thomastmc]

If you studied those attacks, then you'd realise they're all done by making your PC creating a connection out, leaving a port open for incoming traffic through the NAT. All attacks through NAT are done by sending a packet outbound first.

 

So you've used NAT to give all of these machines internet access, but they can't send any packets without exposing vulnerabilities. Brilliant. As I said, you really just don't know what you're talking about... I guess next you'll proclaim that firewalls can't be hacked.

 

While NAT does have a useful purpose, it is too often incorrectly regarded as a security feature. ITSS and ITCom do not recommend using NAT as a network protection mechanism.

 

Contrary to popular belief, NAT does not necessarily hide the identity of hosts behind it. Using passive analysis of TCP/IP and application-layer protocols, it's possible to gain very detailed information about the internal network. Subtleties in the TCP/IP stack allow anyone who can see external traffic to fingerprint the operating systems of internal hosts. Differences in initial TCP sequence numbers, IP options, and IP IDs are more than enough information to enumerate hosts on the internal network. NAT only superficially hides internal hosts.

 

Beyond gaining information about the operating systems in use behind the NAT device, a savvy attacker can also deduce the internal network architecture. Since NAT only operates at the IP level, an attacker could use low IP time-to-live values to solicit ICMP TTL Exceeded messages and gain detailed information about the internal routing infrastructure. Using these techniques, an attacker can gain almost as much information as if there was no NAT device.

 

The well-known security adage "security through obscurity is no security at all" is certainly applicable to NAT. IPv6, whose biggest initial win is a significant increase of address space, has no concept of NAT since no additional security is gained. In a significantly large network environment, NAT creates more problems than it solves. NAT multiplies the level of complexity to any network. With only one real benefit, it's difficult to justify the return on investment of deploying NAT. Consider the ramifications to the current and potential network architecture when evaluating NAT. 

 

http://safecomputing.umich.edu/tools/download/nat_security.pdf

[Praetor]

Don't forget process monitor and network firewalls, And what about all those people on slow wan links wouldn't they notice it ?

 why do you think the Internet is slow? It's The Man ® accessing your computer! you know, for the lulz...

[JonnyLH]

So you've used NAT to give all of these machines internet access, but they can't send any packets without exposing vulnerabilities. Brilliant. As I said, you really just don't know what you're talking about... I guess next you'll proclaim that firewalls can't be hacked.

Of course you can find out information about the internal network. When a packet is sent through NAT, there's still a lot of information left in there. Doesn't mean you can talk to them.

 

That quote of over explained NAT troubleshooting just says that you can logically map the internal network of NAT. NAT was never designed to be a security feature, sorely just a mechanism to save public IP address space. Although with how it works, it provides some basic firewall functionality.

 

In that article does it not once explain how you can communicate with internal clients without an outbound connection first. I don't know what I'm talking about? It's my job, the one I'm currently sat at my desk for now. Also, the fact that I've rolled CG-NAT out nationally for two different ISPs. Ever looked into CG-NAT? On a national infrastructure scale, its a bit more complicated than your home gateways NAT.

 

I love the quote in bold at the end, regarding that it creates more problems than it solves. A large NAT implementation can be very efficient when done well, without it a large network wouldn't be able to access the internet.

 

To go back on topic, there would be no way for the NSA to access your computer without your machine sending an outbound packet first which is very unfeasible as a back-door mechanism. So like said, all this is conspiracy faf.

[thomastmc]

Of course you can find out information about the internal network. When a packet is sent through NAT, there's still a lot of information left in there. Doesn't mean you can talk to them.

 

That quote of over explained NAT troubleshooting just says that you can logically map the internal network of NAT. NAT was never designed to be a security feature, sorely just a mechanism to save public IP address space. Although with how it works, it provides some basic firewall functionality.

 

In that article does it not once explain how you can communicate with internal clients without an outbound connection first. I don't know what I'm talking about? It's my job, the one I'm currently sat at my desk for now. Also, the fact that I've rolled CG-NAT out nationally for two different ISPs. Ever looked into CG-NAT? On a national infrastructure scale, its a bit more complicated than your home gateways NAT.

 

I love the quote in bold at the end, regarding that it creates more problems than it solves. A large NAT implementation can be very efficient when done well, without it a large network wouldn't be able to access the internet.

 

To go back on topic, there would be no way for the NSA to access your computer without your machine sending an outbound packet first which is very unfeasible as a back-door mechanism. So like said, all this is conspiracy faf.

 

The quote is over explained, and then isn't explanatory enough. Right...

 

So wrong yet so sure :) After this conversation I wouldn't let you setup my media player, let alone a simple home router.

[JonnyLH]

The quote is over explained, and then isn't explanatory enough. Right...

 

So wrong yet so sure :) After this conversation I wouldn't let you setup my media player, let alone a simple home router.

Rather than coming back with something educated, you try and belittle. Shows alot. I'm not even going to raise to your sentence at the end, its just childish.

 

There's just too many factors which make this conspiracy unrealistic and technically not possible.

[thomastmc]

Rather than coming back with something educated, you try and belittle. Shows alot. I'm not even going to raise to your sentence at the end, its just childish.

 

You began with a childish and belittling comment. I figured it was fair game. At least I did provide facts backing up what I said. The same can't be said of you, and that indeed shows a lot.

 

To constantly be told you're wrong, have facts posted showing that you're wrong, yet still never have been able to counter with a fact of your own to back up your position, is truly uneducated and childish. You can say that you work where ever you want, and that you know whatever you want. The level of understanding you display in your assertions tells the truth of the story though.

 

I never said that this conspiracy was realistic, yet another of your many misunderstandings... Did you ever go back and read between the parentheses, or are you just too childish to admit when you're wrong?

[JonnyLH]

You began with a childish and belittling comment. I figured it was fair game. At least I did provide facts backing up what I said. The same can't be said of you.

 

To constantly be told you're wrong, have facts posted showing that you're wrong, yet still never have been able to counter with a fact of your own to back up your position, is truly uneducated and childish. You can say that you work where ever you want, and that you know whatever you want. The level of understanding you display in your assertions tells the truth of the story though.

 

I never said that this conspiracy was realistic, yet another of your many misunderstandings... Did you ever go back and read between the parentheses, or are you just too childish to admit when you're wrong?

What? You pulled down one quote which was totally not even on topic to the discussion we was having on NAT.

 

Hang on, correcting you is childish? I have CCNA, CCNP, JCNA accreditations, its my profession, how can I make that anymore clear? Just to brag, I actually got high enough marks in those to become a lecturer/teacher of the accreditation. Do you ask University lecturers to always back their quotes up? I have a technical understanding on this subject. The quote you posted was wrote by a person, so why does that one person automatically gain your trust? Just because its on a website? 

 

Cause I read the parentheses, or I would of never quoted you in the first place. 

 

What am I wrong in exactly? List it very clear, because I honestly don't see it.

[thomastmc]

What? You pulled down one quote which was totally not even on topic to the discussion we was having on NAT.

 

Hang on, correcting you is childish? I have CCNA, CCNP, JCNA accreditations, its my profession, how can I make that anymore clear? Just to brag, I actually got high enough marks in those to become a lecturer/teacher of the accreditation. Do you ask University lecturers to always back their quotes up? I have a technical understanding on this subject. The quote you posted was wrote by a person, so why does that one person automatically gain your trust? Just because its on a website? 

 

Cause I read the parentheses, or I would of never quoted you in the first place. 

 

What am I wrong in exactly? List it very clear, because I honestly don't see it.

 

So... still no facts. You do have the grammar of a University Lecturer :)

 

 

Hows the tin foil hat?

 

Nice correction... Very mature and educated. You interjected a wise thought there, just like I'd expect from a University Lecturer with such high accolades and accomplishments :)

 

 

Oh my gosh, you're so paranoid. How's the tin foil flack jacket? (That game can be played both ways. Don't dismiss what I said as if I'm paranoid. I was just stating what is possible, as you just did).

 

 

I'm paranoid? You do realise that the possible threat was confirmed by the GCHQ when the project got announced right? So when you try and discuss a topic, understand it before you make remarks.

 

My point here, which I called attention to in multiple subsequent posts, and which I stated unambiguously, was not that I seriously thought you were paranoid, or that a threat to the Olympics was unfounded. I was pointing out through irony and sarcasm, and through a literal explanation (in parentheses), that you had completely misunderstood my post and deemed me a tin foil hat wearing paranoid conspiracy theorist with no basis. Instead of understanding before you made remarks however, you tried to discuss a topic. Twice. You should take your own advice.

 

1 quote, by 1 person, from just a website. Wrong, again. I posted a quote and a link, and not from obscure or questionable sources.

 

The topic was the viability of NAT as used for network security, and each was specifically and only about NAT security, wrong again.

 

The first was from stackexchange, which is very reputable, plus gave links to other information sources from more people on the page, as well as was reviewed, questioned, and explained more thoroughly by many contributors, who voted correct answers up. It's not a person, it's a community of knowledgeable participants.

 

The second was from the security department at the University of Michigan. It was a detailed security summary of NAT by the department.

 

Yes, I trust the community of stackexchange and the IT security department of the University of Michigan. Especially over some guy in a forum with a guitar for his picture instead of his real face.

 

I don't want to sound arrogant

 

I don't think you can help it... As I said, you can say you work anywhere you want, and that you've got whatever accolades you wish.

 

I worked as a butler for Queen Elizabeth, and ran the NSA and GCHQ, and taught IT security as a professor at MIT all at the same time when I was 13. A firewall is absolute security that can't be hacked by anyone. What, you say I'm wrong, but just believe me because I told you that I know what I'm talking about. (That's sarcasm by the way, it seems that you need that explained. Probably won't do any good though).

 

That you can't be bothered to back up your own nonsense with facts is because you are arrogant, and none exist to back you up. A NAT can be hacked, and is not the end all be all of network security.

 

You know, what really makes me question your validity is that you can't even have a simple conversation without so many errors, misunderstandings, and wild assertions. This conversation is in writing too. That should make it easier. I can't imagine what it would've been like verbally.

 

It's funny you mock the idea of taking some person's word on some website and trusting it, yet that's exactly what you're asking to be done for you with all of your "bragging" as you put it.

[JonnyLH]

So... still no facts. You do have the grammar of a University Lecturer :)

 

 

 

Nice correction... Very mature and educated. You interjected a wise thought there, just like I'd expect from a University Lecturer with such high accolades and accomplishments :)

 

 

 

 

 

My point here, which I called attention to in multiple subsequent posts, and which I stated unambiguously, was not that I seriously thought you were paranoid, or that a threat to the Olympics was unfounded. I was pointing out through irony and sarcasm, and through a literal explanation (in parentheses), that you had completely misunderstood my post and deemed me a tin foil hat wearing paranoid conspiracy theorist with no basis. Instead of understanding before you made remarks however, you tried to discuss a topic. Twice. You should take your own advice.

 

1 quote, by 1 person, from just a website. Wrong, again. I posted a quote and a link, and not from obscure or questionable sources.

 

The topic was the viability of NAT as used for network security, and each was specifically and only about NAT security, wrong again.

 

The first was from stackexchange, which is very reputable, plus gave links to other information sources from more people on the page, as well as was reviewed, questioned, and explained more thoroughly by many contributors, who voted correct answers up. It's not a person, it's a community of knowledgeable participants.

 

The second was from the security department at the University of Michigan. It was detailed security summary of NAT by the department.

 

Yes, I trust the community of stackexchange and the IT security department of the University of Michigan. Especially over some guy in a forum with a guitar for his picture instead of his real face.

 

 

I don't think you can help it... As I said, you can say you work anywhere you want, and that you've got whatever accolades you wish.

 

I worked as a butler for Queen Elizabeth, and ran the NSA and GCHQ, and taught IT security as a professor at MIT all at the same time when I was 13. A firewall is absolute security that can't be hacked by anyone. What, you say I'm wrong, but just believe me because I told you that I know what I'm talking about. (That's sarcasm by the way, it seems that you need that explained. Probably won't do any good though).

 

That you can't be bothered to back up your own nonsense with facts is because you are arrogant, and none exist to back you up. A NAT can be hacked, and is not the end all be all of network security.

 

You know, what really makes me question your validity is that you can't even have a simple conversation without so many errors, misunderstandings, and wild assertions. This conversation is in writing too. That should make it easier. I can't imagine what it would've been like verbally.

 

It's funny you mock the idea of taking some person's word on some website and trusting it, yet that's exactly what you're asking to be done for you with all of your "bragging" as you put it.

You still haven't mentioned technically how I'm wrong. I don't give a toss about the structure of the argument. 

 

The matter of the fact is, you still haven't laid down the evidence disproving what I've said. I'm not on about NAT as a security mechanism, I'm on about how it disproves the conspiracy in the OP. Your evidence proves my point not yours. All the evidence and hacking techniques to poke someone through a NAT works on creating an outbound connection first, there's no doubt about that. YOUR sources back me up.

 

I've played guitar throughout my life and that's a picture of my guitar, problem? Tell that to the majority of members on here.

 

Also, if you're referring to my grammar being awful, I know. Literature has never been my strong point. In addition, I'm from Yorkshire in the UK, so you'll probably detest the way I would put the point across.

[n_K]

I love this, so the NSA came up with all these security problems yet one guy in the UK managed to get into all the NASA computers? XD!
OK so the NSA and NASA aren't linked but you'd think they'd have some security in place to stop years of R&D and billions of $ getting nicked.

[Growled Member]

 

It's pretty obvious that Windows has had a back door for use by government organisations, i wouldn't be surprised if MacOSX had it too. Oh course they are not going to be using it all the time, however i can imagine some kind of remote execution ability. Linux and Open source in general i would be more surprised about as it would be a lot easier to discover this through open source.

 

No wonder they hate open source so much. :D

[thomastmc]

You still haven't mentioned technically how I'm wrong. I don't give a toss about the structure of the argument. 

 

The matter of the fact is, you still haven't laid down the evidence disproving what I've said. I'm not on about NAT as a security mechanism, I'm on about how it disproves the conspiracy in the OP.

 

So you're not on about NAT as a security mechanism... That's so disingenuous. Especially since you're now claiming that it's in relation to a cryptographic backdoor as described in OP. Laughable.

 

To protect National Security? Do you condone events like Boston or a possible terrorist threat on the Olympics? 

 

The people which create these programs are normal people, they're doing it to protect national security not to see what porn people are watching. If there was a backdoor to any software system, it would of been found by now. You'd be able to spot it a mile off. Another point is, who's computer here actually has a public IP address? If not, you're sitting behind a NAT which will not let any un-prompted connections incoming unless the client initialized it. So a backdoor wouldn't even work in todays Internet.

 

So once again, hows the tinfoil hat?

 

 

Are you kidding me? NAT doesn't block incoming by choice, its just technically how it works. I could lecture you for a day about NAT translation tables if you want and all the different types of NAT. The fact of the matter is, NAT only allows incoming connections if they're initialised by the client on the end. There is P2P protocols etc, but then again, initialised by the client.

 

It wouldn't happen, and if it did, it'd get spotted very quickly.

 

 

If you studied those attacks, then you'd realise they're all done by making your PC creating a connection out, leaving a port open for incoming traffic through the NAT. All attacks through NAT are done by sending a packet outbound first. I've also worked on the design and installation of CG-NAT for two different ISPs.

 

I've learnt most of my knowledge on the job rather at University. I don't want to sound arrogant but the levels of the curriculum on the course I'm on was far lower than what I already knew since I was already experienced in the work. I only kept studying due to the links with companies the University has. Hence why I have had the jobs I've had. Funnily enough though, our security lecturer was very experienced and was excellent at what he did. He was actually tasked in helping the Government with the hacking groups. Me and him often went through a lot of the topologies ISP's had and discussed security around them, that was fascinating. 

 

You have not laid down any technical evidence of why you're correct, or evidence that calls that quote or link into question. All you've done is brag and say trust me.

[JonnyLH]

So you're not on about NAT as a security mechanism... That's so disingenuous. Especially since you're now claiming that it's in relation to a cryptographic backdoor as described in OP. Laughable.

 

 

 

 

 

 

You have not laid down any technical explanation of why you're correct, or evidence that calls that quote or link into question. All you've done is brag and say trust me.

Dude, your sources back me up. NAT Pinning, an attack I looked into while designed CG-NAT is prompted by calling a service on a port which then is open to communicate with that client. That's what your sources say, so why should I find more sources when you don't understand yours to begin with.

 

It doesn't need much explaining. Even if there was a "backdoor" in Windows, they wouldn't be able to remotely call most computers around the world because they sit behind a NAT. Simple.

[thomastmc]

Dude, your sources back me up. NAT Pinning, an attack I looked into while designed CG-NAT is prompted by calling a service on a port which then is open to communicate with that client. That's what your sources say, so why should I find more sources when you don't understand yours to begin with.

 

It doesn't need much explaining. Even if there was a "backdoor" in Windows, they wouldn't be able to remotely call most computers around the world because they sit behind a NAT. Simple.

 

You can't even remember what you said on page 2 by the time you got to page 3, and it's in writing for you.Then you claimed you just didn't give a toss what the content of your posts were, (as you explain how intelligent and educated you are). Then you claim that this convo isn't about NAT security, but rather about NAT security, relating to cryptographic backdoors. My sources were all bunk, but now they back you up.

NATs can't be hacked from the outside... Sure, sure. Whatever you say Jonny :) I won't hold you back from your very important job anymore.

[Innuendo]

Really, my job positions tell me other wise. Ran a hosting company when I was 14 and worked at 3 of the top ISP's in the UK and I'm only 21.

 

Dude, I know you think this statement is making you look knowledgeable, but all I see is you've had 4 jobs in 7 years.

 

Without any background as to why you quit running your hosting company or why you worked at 3 different ISPs, all this tells us is you have trouble holding a job.

 

If you behave at work like you have in this thread then I can see why you've changed jobs so much.

[HawkMan]

Well from my experience, running a hosting company was something anyone could do a few years ago. leaving him with 3 real jobs probably in a lot less than 7 years, and those jobs could be anything, based on age and experience probably support...

 

On that note, everyone in this thread is wrong and correct though...but everyone is to stubborn to change ;)

[JonnyLH]

You can't even remember what you said on page 2 by the time you got to page 3, and it's in writing for you.Then you claimed you just didn't give a toss what the content of your posts were, (as you explain how intelligent and educated you are). Then you claim that this convo isn't about NAT security, but rather about NAT security, relating to cryptographic backdoors. My sources were all bunk, but now they back you up.

NATs can't be hacked from the outside... Sure, sure. Whatever you say Jonny :) I won't hold you back from your very important job anymore.

Still haven't gave any evidence to prove me wrong. I never said your sources were wrong, just over explaining a simple fact.

 

Dude, I know you think this statement is making you look knowledgeable, but all I see is you've had 4 jobs in 7 years.

 

Without any background as to why you quit running your hosting company or why you worked at 3 different ISPs, all this tells us is you have trouble holding a job.

 

If you behave at work like you have in this thread then I can see why you've changed jobs so much.

It gives my statements more weight because its knowledge I use on a daily basis in my profession. The first two jobs were temporary contracts on which I moved away from my place of study during summer. Those places of work were interested in keeping me on after my place of study, which is something I have to think about. The position I'm currently at now is my year placement in which I was offered a permanent place in my position with a pay rise. I'll be returning back to study but working part-time at my current position, which is a first for the company. I've also received 2 pay rises and 2 substantial bonuses in 6 months for the money I've saved them.

 

If you've worked in IT and engineering places, you'd realise there's plenty of temporary contract positions and contractors. Here we see a mostly new engineering department every 6 months. 

 

Well from my experience, running a hosting company was something anyone could do a few years ago. leaving him with 3 real jobs probably in a lot less than 7 years, and those jobs could be anything, based on age and experience probably support...

 

On that note, everyone in this thread is wrong and correct though...but everyone is to stubborn to change ;)

When I did hosting, it was a free hosting service. The hosting company was something very small to begin with but it gained a lot of credit and I ended up selling it on for quite a nice fee when I couldn't give enough time to pursue it. When I finished with it, it was spread across 3 dedicated servers in which I owned at 16. This experience gave me a lot to talk about during interviews and a lot to go with. 

 

I even created my own client management system dedicated for free-hosting which is still used widely to this day across the free hosting market. 

http://thehostingtool.com. I launched that website in 2008 when I was 16. 

 

Sorry for being a professional giving my own experience to add to a discussion regarding something quite sensitive. I love how I have to defend myself on some information regarding NAT which is quite frankly, simple knowledge. The integrity of my whole past comes into question by some bafoon who knows how to put "NAT Attacks" in google to get his source. Yes, its the first result on the page. Yet someone who has rolled out two CG-NAT implementations nationally in the UK for ISP's, implemented a new traffic management system and looked at IPv6 deployment for all customers doesn't know what they're talking about.

 

I'm going to put it in the easiest simplest statement possible.

 

When your home gateway receives a packet which hasn't had an outbound packet from your LAN, it drops it. This is due to the fact that when your client sends a packet, your router stores the information of who and what type of information it sent. When it receives a reply back, your router knows which computer to send the packet to because its remembered the information from when your machine sent it out. Without that information, it hasn't got a clue where to send it, so it drops it. The only technical way for your router to get round that is by broadcasting the reply it receives to the whole LAN. This is a huge security risk and a traffic hogger, hence why its not done and its not specified in the RFC.

 

If you ran a minecraft server and you wanted people to connect to it and your behind a NAT, you have to port forward. This means when your gateway ever receives minecraft traffic, it always sends it to that machine you specified in the port-forward. Its the EXACT same principle. 

 

Source: http://tools.ietf.org/html/rfc4787

 

That is basic NAT knowledge, its very simple CCNA NAT information.