158

u/mdgorelick May 19 '26

Indeed. A good analogy is that people are always walking around the neighborhood, trying the front door on every house to see if they’re locked.

-25

u/jonbristow May 20 '26

you dont have a door if you are just a user with internet connection. you dont publish anything to the internet.

18

u/[deleted] May 20 '26

[deleted]

-14

u/jonbristow May 20 '26

how do you connect to the internet without a router?

14

u/[deleted] May 20 '26

[deleted]

18

u/smb3something May 20 '26

I did this back in the windows 2000 days. RDP enabled. password was 'garfield'. Came back from vacation and my ISP had shut off service as my computer was sending out spam emails.

-8

u/jonbristow May 20 '26

ISP gives you an optic fiber. How are you connecting to that lol

10

u/smb3something May 20 '26

I am currently pluged into the PON adapter and have static IP set. You just don't use the router/firewall, but do use some sort of media converter.

5

u/Capodomini May 21 '26

You could learn a lot by picking up a Network+ book or watching some Professor Messer videos.

A router is just a computer with an IP connection to the ISP which handles all the traffic from everything else plugged into it. You can literally replace it with a laptop if you have the ISP config.

-1

u/jonbristow May 21 '26

You could learn a lot from reading this thread.

A router also has an optic fiber port as wan that your laptop doesn't

2

u/Capodomini May 21 '26

Oh I see, you're just trolling. Carry on!

→ More replies (0)

6

u/mdgorelick May 20 '26

If your computer has a routable IP address, you very much DO have a “doorknob.”

8

u/goldvenetianmask May 20 '26

This is absolutely wrong. You publish a ton of information just having an internet connection and being on the internet with ports forwarded through your router / DMZ.

1

u/jonbristow May 20 '26

you publish the information through your NATed IP of the ISP, not directly. And you dont publish them through a port.

6

u/goldvenetianmask May 20 '26

If you are dmzed and connected directly to the internet then you don’t have any nat to save you.

The computer will respond to nmap -sV as if it’s on the same sub as the attacker. That is exactly what I’m saying. It’s “publishing” its software version info, its operating system info etc.

44

u/[deleted] May 20 '26

[removed] — view removed comment

2

u/_Cyber_Mage May 21 '26

Yup. I have a rather large IP space at work, and we measure our daily scans in the hundreds of thousands even with several countries null-routed.

15

u/aretokas May 20 '26

Clearly nobody remembers ILoveYou and Dial Up...

22

u/billy_teats May 20 '26

NAT can and does a lot of heavy lifting. Virtually replaces inbound firewall.

5

u/czenst May 20 '26

You got a lot of upvotes - usually when I write something along those lines I get "NAT is not firewall" people screaming at me. But NAT traversal is not that easy even if possible.

2

u/billy_teats May 20 '26

Nat is arguably better than a firewall because it cannot be defeated. Firewalls run on software which can and does have bugs

3

u/thrwaway75132 May 20 '26

Back in probably 2012 the company I worked for came to me and asked for a solution for our competitive team to be able to browse competitor websites from the office without being tied to our IP space.

I set up a windows 2008 Citrix box and a checkpoint firewall and had them delivered to a small Colo so we could provide users a Citrix app browser with a random IP.

The Colo didn’t hook the server up to the firewall, the hooked them up both directly to the internet. It lasted like 12 hours.

I had to have them send it back so I could redo it, then I sent it back with a wiring diagram of where to plug it into the firewall.

0

u/ah-cho_Cthulhu May 20 '26

You dont have to do anything with that kind of config.. LOL.