Hacker News new | past | comments | ask | show | jobs | submit login

Did you miss "because it's on an un-routable address" part? If there's no route to your machine from an attacker, they can't attack you.



The discussion was about the behavior of PAT, and PAT has no influence on whether or not an attacker has a route to you.


The discussion is about NAT and PAT in general. 99% of the time it is used with unrouteable private addresses. This means even in the absence of a firewall there is still some level of security. End of story.


It's common to use it with RFC1918 addresses, but that still doesn't change the behavior of PAT. PAT will not drop connections, and thus won't provide you with security.


Security is not black or white, it is shades of gray. We'll just have to disagree.


The behavior of PAT is, though. You can sniff packets and confirm that it behaves the way I'm describing.


I already know this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: