Almrond

Yeah, I haven’t ever met a speedrunner that hadn’t played the game casually at least a few times. Just because its a running joke that speedrunners don’t care about the story because of the effort taken to skip it to save time doesn’t mean speedrunners literally don’t care about it. Kingdom Hearts speedrunners are the only ones I have met that can hash out the entirety of that convoluted mess.

You seriously underestimate the stupidity of 80% of windows users. They could put multiple warnings and people would still click past them without reading then bitch to their IT team when they break something.

I haven’t seen that feature yet, thanks for pointing it out :)

CGNAT uses RFC 6598 and a particular type of NAT, not all are created equal. Port forwarded public address space doesn’t mean you aren’t sharing the address, just that you can bind one of the ports in the space and expect that traffic to reach you. Thats what most ISPs do, if your server is being a router at home you are going through a minimum of a single NAT layer, usually 2. That’s literally what port forwarding is, forwarding traffic from one address and port to another on a different subnet (or a different machine on the same subnet. You see this often with separate DNS and DHCP servers in enterprise networks.) CGNAT specifically messes with port forwarding because it assigns traffic somewhat arbitrarily and the user has no control of the routing. That’s why you have to use reverse connections to get around them: you can establish an outgoing connection then use it to serve data, you just don’t have a public address that can be guaranteed to point to your machine.

Not all NAT is CGNAT, and not all NAT disallows incoming connections. I don’t understand how everyone thinks it’s reasonable to assume that A. your whole network has been compromised or B. that it would benefit the attacker in any way to use your connection to download movies. They use a crap modem, that’s why it crashes often, and using IKWYD without knowing how DHT and IPv4 addressing works is just causing paranoia through ignorance.

That goes for most of the TC videos, the subtitles easter eggs are great.

dutifully smooth jazz

Not necessarily the same thing, it could easily be a small leased block using NAT to offer service to more customers in that case. The reseller has a commercial account, yes, but that doesn’t mean you get exclusive access to an address in that block (very unlikely unless you are dropping big money.) Nothing you have said so far rules out being behind a NAT.

There isn’t really a good reason to not be doing that already just because of the intrusion detection systems Proxmox has to offer. Most of them would alert you immediately if you were compromised told it to look for DHT broadcasts going out of the network.

75.0.0.0/8 is the ARIN range for commercial businesses. Just because it’s outside of the 100.0.0.0/8 range doesn’t mean it isn’t an address held by a NAT. If I remember correctly it’s used by either Comcast or Charter, both of which will put you behind a NAT unless you are paying for a static IP on a business account (and you mentioned you aren’t)

That makes it incredibly likely you are behind a NAT that runs multiple people’s traffic through the same public IP. If your ISP supports IPv6 you can always check that address, that shouldn’t be shared.

Yeah, there are a few ways to check for sure. The most effective is to take a device with 2 Ethernet NICs, plug it in between your modem and router, bridge the interfaces, and sniff the bridge. You can also look into ARP poisoning yourself to check whether the modem is compromised, but the likelihood of that would be slim to none (your modem doesn’t have storage or enough compute to handle that kind of traffic redirection.) In all likelihood you are on an ISP that uses CGNAT that assigns a few peoples traffic to the same public facing IP address, in that case the traffic could easily be going to a neighbor that uses the same ISP.