If NAT is security, double NAT must be double security!

jiub@not.an.evilcyberhacker.net

@catsalad@infosec.exchange that's why i have triple NAT

CG-NAT
NAT in the shitty ISP modem/router
NAT in my own router

no way to open up ports anyway on this ISP anyway so i'm not really losing anything

dazo@infosec.exchange

@jiub @catsalad That's what VPS+VPN is for ... To circumvent lousy ISP limitations.

me@aron.social

@catsalad If reverse proxy is security.... Actually maybe that would be double? Hmmmm

guillaumerossolini@infosec.exchange

@catsalad it isn’t exponential?

jiub@not.an.evilcyberhacker.net

@dazo@infosec.exchange @catsalad@infosec.exchange indeed, i forward my server's ssh port to a vps using autossh so i can easily log in remotely and access everything on the lan from there

i don't mind accessing things in an ad hoc manner so i haven't bothered with a full vpn yet

theorangetheme@en.osm.town

@catsalad More hairpins in my NAT than a drag queen's wig.

chronovore@infosec.exchange

@ij @catsalad actually... recent advances in processing has made double ROT13 trivially defeatable. NIST now recommends quadruple ROT13.

ij@nerdculture.de

@chronovore Wasn't that recommendation Double-ROT26 instead?

@catsalad

feld@friedcheese.us

@catsalad

toasterson@chaos.social

@catsalad From 2FAto 2FNAT? To 12 Factor NAT?

chronovore@infosec.exchange

@ij @catsalad Fair play. I've been beat at my own game. Your mastery of bad advice is commendable (dubious honor I know, but an honor nonetheless)

ij@nerdculture.de

@chronovore You know... the 13 in ROT13 stands for v1, 3rd grade encryption. So the improved version is v2, 6th grade encryption, hence: ROT26 of the Rorschach-Ohm-Tyson algorithm...

@catsalad