Is NAT can provide some kind of protection?

Lamar Owen lowen at
Thu Jan 13 13:44:57 CST 2011

On Wednesday, January 12, 2011 12:16:27 pm Valdis.Kletnieks at wrote:
> 140 million compromised PC's, most of them behind a NAT, can't be wrong. :)

How many more would there be if most PC's were not behind NAT or stateful firewalling?  

Or, to turn it on its ear,  "Windows is the best OS; 250 million Windows PC's can't be wrong."  Uh, yes they can.

The various implementations of NAT, the various implementations of stateless and stateful firewalling, and any other ingress protections only cover a few attack vectors; surf-by client-driven web bugs aren't in that set of vectors.

However, mechanisms like PVLANs and internal firewalling can help mitigate those, as can host-based protections.

More information about the NANOG mailing list