On Thu, 17 Jan 2013 18:21:28 -0500, William Herrin said:
Then it's a firewall that mildly enhances protection by obstructing 90% of the port scanning attacks which happen against your computer. It's a free country so you're welcome to believe that the presence or absence of NAT has no impact on the probability of a given machine being compromised. Of course, you're also welcome to join the flat earth society. As for me, the causative relationship between the rise of the "DSL router" implementing negligible security except NAT and the fall of port scanning as a credible attack vector seems blatant enough.
Oddly enough, the drop in portscanning attacks maps even more closely to the shipping of XP SP2, which turned on the onboard firewall by default. Remember that some of the really big worm hits were when they managed to get loose inside corporate networks behind the NAT... Also, a NAT doesn't stop a Java or Adobe exploit in the least, as anybody with security clue will tell you....