Comment by Dagger2

10 hours ago

You should read my other comments on this post. I've attempted, multiple times (but apparently without much success) to make the point that NAT is not a security feature because it does not, without a firewall, protect against an attacker.

You don't need a qualifier like "on the WAN subnet". It just doesn't do anything to protect you from inbound connections at all.

2 comments

Dagger2

ahefner 8 hours ago

I think you're not technically wrong, but you're defining NAT differently than the majority of people you're arguing with (those who assume NAT also implies a firewall blocking inbound connections), and the remaining minority (the "on the WAN subnet" crowd) are dismissing outright the idea as a reasonable attack vector that an attacker close enough to be able to send packets destined for non-internet routable addresses to your router.

Is the latter something that was/is actively exploited?

bandrami 3 hours ago

There's an implicit trust of ISPs in the comments that I find concerning