On Mon, 10 Jan 2011 19:22:46 EST, Jeff Kell said: > It is a decreasing risk, given the typical user initiated compromise of > today (click here to infect your computer), but a non-zero one. > > The whole IPv6 / no-NAT philosophy of "always connected and always > directly addressable" eliminates this layer.
I'd say on the whole, it's a net gain - the added ease of tracking down the click-here-to-infect machines that are no longer behind a NAT outweighs the little added security the NAT adds (above and beyond the statefulness that both NAT and a good firewall both add).
pgpUpgQnVqrxu.pgp
Description: PGP signature
