Quote:
Originally Posted by foddy
Actually, what you said was:
My point was that NAT isn't designed for providing security. I gave an example of it being bypassed (teredo tunnelling) but there are others - for example, the user may also have their PC set as the DMZ host. Or there may be bugs in the superhub's NAT rules (I don't believe the firmware is quite perfect yet!)
I certainly wouldn't advise people that with their software firewall disabled, they were "perfectly safe".
|
for what its worth I have always kept the windows firewall enabled on its defaults (which has inbound protection) and have just recently enabled outbound as well. But to your point NAT will protect you from all the automated bots out there that scan for open ports and vulns etc. What you describing would maybe be done by a determined person manually. Obviously if someone has their pc on DMZ that would also bypass the SPI firewall as the router adds rules in the firewall to allow the traffic.