Comment by paulddraper

6 days ago

The RFC for NAT was extremely specific: this was only about creating more addresses, NOT security.

Because your devices are routable. You can’t be on the Internet without an IP. They just have some ephemeral addresses. But randomizing port numbers (that is NAT) is not a good security mechanism.

1 comment

paulddraper

throw0101a 5 days ago

> The RFC for NAT was extremely specific: this was only about creating more addresses, NOT security.

It should also be noted that "NAT" is not some monolithic thing either, there are three 'major' varieties:

* https://blog.ipspace.net/2011/12/is-nat-security-feature/