Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Studying CGNAT workarounds on Skinny VDSL
CGNAT

58 posts

Master Geek
+1 received by user: 3


#229196 12-Feb-2018 12:53
Send private message

Hi, I'm starting this thread to learn and possibly help others find usable workarounds for CGNAT. Two days ago I hadn't heard of CGNAT but the problem became apparent when I went to set up remote viewing for my CCTV DVR security cameras on recently joined Skinny Unlimited VDSL. I'd been using port forwarding and DDNS to facilitate camera surveillance for many years with previous ISP.

 

Skinny confirmed today their service does not handle port forwarding. It looks like CGNAT will become more prevalent in the near future. Apart from Skinny, Bigpipe and Flip currently use CGNAT. 

 

 

 

Possible workarounds:

 

 

 

Set up a VPS ...apparently an account can be from US $10/yr (Thanks to poster hio77)

 

remot3.it ....looks really interesting and there's a free account for non commercial (which I am).

 

portmap.io ....Uses vpn tunnel. Russian based. Free basic account. Wouldn't be my 1st choice.

 

 

 

That's what I've got so far. Any thoughts and comments would be great.

View this topic in a long page with up to 500 replies per page Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1955781 12-Feb-2018 14:58
Send private message

CGNAT:

 

I never had problem with hackers/security but there's always a first time.

 

 

In all seriousness unless you're logging all traffic connecting to your device and reviewing this you wouldn't have a clue in the world if you had ever been hacked. There should never be a first time, because you should be taking steps to ensure it doesn't happen.

 

The fact this is an older device raises even more alarm bells, the reality is it probably is insecure. People don't care less about your cameras, they merely want access to your hardware for DDoS or Crypto mining.

 

I wrote this a while ago in response to people who can't understand the issues https://www.geekzone.co.nz/sbiddle/8941 - and the reality is what I wrote then is actually far more important now. If you port forward and expose your devices you're not only compromising your own security, you're potentially compromising the Internet as a whole if your devices are used for malicious attacks.

 

I'm sorry if this sounds harsh - but dealing with the consequences of people who do things like ends up often being my job, and in so many cases it's people saying "nobody told me I shouldn't do this" which is why I ensure people who do have insecure setups fully understands the risks of what they're doing. 

 

Configuring a port forward to any device is like leaving your house door wide open. It doesn't mean somebody will walk in and steal your stuff, but you've made it very easy for them to do it.

 

 

View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright