> NAT is not a firewall. It's not intended to protect, and usually it doesn't
It's funny that this still needs to be brought up, but I understand why some people think that NAT offers some real protection.
Basically NAT makes it difficult (without setting up forwarding, etc) for non-malicious-you to reach a device that's behind one, ergo non-malicious-you believes that NAT is providing protection.
"If it's impossible for me to access a port behind a NAT it must be hard for everyone".
Of course the whole point of a NAT gateway is to poke holes in itself (indiscriminately) so that devices behind it can talk to the world.
I wonder what will happen when the whole world is on IPv6 and we don't need NAT anymore - is a consumer wifi router with an actual firewall going to be common, or are we still going to use NAT to "isolate" devices on our local network.
Personally I'm a fan of IPv4 only because I can actually remember the addresses - every time I deal with a v6 address it's copy/paste or bust - forget being able to verbally share the address of a thing.
Mind you I no longer do network consulting, so the only IP address I remember these days is 8.8.8.8. I guess it won't affect my work ¯\_(ツ)_/¯.
I asked because I would guess that the vast majority of devices that are potentially affected are behind NAT, and they are likely to be safe from outside threats until one is introduced through users or some other hack.
Nowhere was it suggested that NAT was part of the security strategy... which you are right, is a very bad idea.
It's funny that this still needs to be brought up, but I understand why some people think that NAT offers some real protection.
Basically NAT makes it difficult (without setting up forwarding, etc) for non-malicious-you to reach a device that's behind one, ergo non-malicious-you believes that NAT is providing protection.
"If it's impossible for me to access a port behind a NAT it must be hard for everyone".
Of course the whole point of a NAT gateway is to poke holes in itself (indiscriminately) so that devices behind it can talk to the world.
I wonder what will happen when the whole world is on IPv6 and we don't need NAT anymore - is a consumer wifi router with an actual firewall going to be common, or are we still going to use NAT to "isolate" devices on our local network.
Personally I'm a fan of IPv4 only because I can actually remember the addresses - every time I deal with a v6 address it's copy/paste or bust - forget being able to verbally share the address of a thing.
Mind you I no longer do network consulting, so the only IP address I remember these days is 8.8.8.8. I guess it won't affect my work ¯\_(ツ)_/¯.