On Mon, 24 Nov 2003, Gerardo Gregory wrote:
# Machine behind NAT while it is being updated
NAT is not a security feature, neither does it provide any real security, just one to one translations. PAT fall into the same category. Just cause your broadband router (ahem, switch) vendor states that NAT (in reality PAT) as one of their security 'knobs' does not make it in any way a security feature when implemented. Only thing that might benefit is IPv4 address space.
Make a NAT Translation to a workstation (nothing else) and see if you can still carryout some of the exploits making the rounds.
Nor does it stop the user inviting an exploit to run on their PC, eg web download, email attachment.. based on seeing plenty of virused/exploited machines at companies I've worked at which all had AV, FW, NAT etc they still had the human factor who would override a warning because they got sent what looks like a joke email with an attached .scr that later turns out to be a new virus/worm.. Steve