Quote:
Originally posted by oberon
You don't need to get a shell to bypass a firewall. Assuming there are no bugs in their network stack, and no forwarded ports, though, it'll be very difficult to break through. It's a bad assumption to make that no non-routable packets will hit the external interface of a NAT router, by the way.
|
Fair enough. It's true, I wouldn't put Fort Knox behind a Linksys broadband router. But it's plenty good enough for my house, IMO.
Quote:
For this reason and others, NAT has nothing to do with security. A firewall, on the other hand, does.
It just so happens that every consumer "router" device has firewall functionality. 
|
You got me there. And you're exactly right--it's not a function of NAT that there's no upstream route, it's a function of the relatively simple firewall built into the router.
Quote:
|
I know most of you are probably going to dismiss my points, but I thought it deserved mentioning anyway.
|
Now why would you say that? I was guilty of a bit of oversimplification in my post, but I'm never above being corrected.