>Yes, in a very superficial sense, you can't literally route a packet over the i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gldrk 46 days ago \| parent \| context \| favorite \| on: Self-hosting a NAT Gateway >Yes, in a very superficial sense, you can't literally route a packet over the internet backwards to a host behind NAT without matching a state entry or explicit port forwarding. Don’t forget source routing. That said, depending on your threat model, it’s not entirely unreasonable to just rely on your ISP’s configuration to protect you from stuff like this, specifically behind an IANA private range.

sedawkgrep 46 days ago [–]

I don't think source routing is a thing anymore. At least if you're talking about the ability of a source to specify a path to its destination.

The last time I heard about source routing actually being a useful feature or a vulnerability used by hackers was the 1990's.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact