New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
NAT-IPv4 security
german_psycho
Member
in Help
When I order a VPS with a NAT-IPv4, the unique IP will be shared between different VPS and my machine will get only tunneled ports. So, theoretically a VPS-Provider who gives me 20 Ports can have upto 65,535 ./. 20 = 3.276 VPS running per IP. Or did I get something wrong?
If some VPS owner with this shared IP misbehaves and gets banned on some servers, will this effect me? Will my machine also get banned?
Also, can I be sure that I won't get sued if someone does something illegal with this IP and I have the same shared IP?
Never had anything to do with shared NAT-IP, but the offers from NanoVZ sound interesting for the price. So I am a bit curious about this topic.
Comments
Sure, the IP may get blacklisted, but that's true even without shared IP -- if there's unsolicited bulk mail activity for example in an entire /24 IP range, then that range will likely get blacklisted by spam lists. Also, VPS stands for virtual private server; most people generally use them to run server software, not to connect to other servers, so being "banned on some servers" shouldn't be an issue at all.
As for a second question, do you think you would be liable if you live in the same apartment complex as someone who robbed the bank?
Moreover, if one of you downloads child porn via the VPS, you all go to jail, as there's no way to tell with the common providers' setups which one of you did it. Nobody collects netflow logs, let alone stores them for an extended period of time, as would've been required to have any accountability whatsoever with a shared IP VPS.
I thought you're a technical person who doesn't need to resort to silly and most importantly failed analogies to make his point -- perhaps I've been mistaken. If you love analogies so much, let me give you a better one, in the NAT VPS situation, if something bad happens, it's more of a case of the classic "murder in the dark room", where everyone who were in (on the same IP) are suspect.
Forget about NAT VPSes, if you want an ultra-cheap one, ask your provider to deliver an IPv6-only offer.
Sorry, its hardly that easy and not everybody will be "going" to "jail". Otherwise any shared network connection would be practically unusable (and this does not only include shared hosting, public Wifi, offices, etc.).
Yeah, that's what my main concern is. Not doing something bad is one thing, but other's doing something bad under your name (or here: IP) is something different. And I don't know how much I can trust these super low-cost providers if they are able to provide detailed logs when the feds come knockin on their door..
Even if you haven't done something wrong, I don't want my data in the hand of some law agencies. Too much hassle for saving a few bucks a year.
Maybe the feds just won't come a knockin'...
First of all. NAT ipv4 plans are suitable for lots of things, and infact i can log what container is accessing what, i'm also using nodewatch which suspends mass mailers and high pps vps servers
So i have things a bit sorted.
Not to mention actively administering the nodes usage every day to make sure no funny business is going on.
With the amount of containers on a node. Lets put it this way, maximum per node is a lot less then the average GVH node. i have limits of ~180 containers per node. So with the general usage for these types of servers has no reletive adverse affects on the node.
Anyway, its 5am here i need to get some sleep, if you have any questions etc dont hesitate to sent through a ticket.
Regards,
Ryan
I don't know about your country, but in U.S. there is no law requiring ISPs to collect such content information of their customers. There has been no cases of, for example, a group of VPN users being held liable for the activities of one user with the same exit IP address. While everyone in the dark room may be suspect, unless they all had coordinated intention to kill the victim, the ones who didn't murder have not broken the law.
The question was regarding being sued, not being investigated. Law enforcement agencies know that they're not going to get a conviction without hard evidence, and while they certainly may investigate more broadly, they wouldn't open a lawsuit against everyone on the IP address.
I use an analogy earlier because of how ridiculous it sounds to me.
I find this thread a bit silly mostly for the fact that before VPS was popular the most popular technology in this sector was 'shell accounts' which were usually operated on sharing the same main ip for all shell users and in some cases a dedicated ip address would be assigned for use with outgoing connections on services like eggdrop, etc.
My point being, the idea of shared ip usage is not new to the NAT-ipv4 servers that are being offered now, if anything, its has existed long long before VPS was even a thought. So, as it was before, is as it is now. You can not be held liable for what other users do on a system. Now, is it easier to get a server confiscated by a government entity when sharing an ip like that with lots of people, sure. Will the actions of others leave you liable in a case where it is? Not at all, unless your account contains data that is illegal and they find it during their search of the confiscated machine, in which case you did something wrong to begin with and it wouldn't be the fault of the person who originally caused the server to be taken anyways.
What @perennate said is pretty much accurate.
Cheers!
Not even this. Even with physically separated servers, a police raid sometimes took down an entire DC and even more with a VPS where there is only one machine. It doesnt matter if the IP is shared or not, the machine that would be taken down is still the same.
Why is everyone always going on about police raids etc on here, do you all have some really illegal content on your servers?
I guess it is a legitimate concern when you dont know your neighbours.
I best go and buy sealand so peoples can host their illegals
But exaxtly that there is no real problems with NAT connectivity its just more of an unconventional way but it is a lot more economical to do so.
The price falls dramatically since ip costs are so high (well not SO high but you get the idea)
And realistically how many ports are you using on a conventional vps or dedi?
If you need more you just ask (im prepared for 99 for each container + their ssh port)
It may be a legitimate concern because you dont know your neighbours but with active monitoring of server resources can minimise abuse. And anything that seems fishy is delt with right away.
And so far it has been smooth sailing.
The one downfall is ddos attacks. Which knock out part of the server (as i have two ip addresses on each as a minimum for container usage) but as paying 3-10 euro a year for the specs (and still getting some support) is well worth it in my opinion.
After all, it comes with the territory really.
Anyway, nobody is going to jail right now. So everybody be happy