I can't emphasize enough how much of a retcon it is to say "it's not technically a lie" that NAT is a security feature. It was deployed in hundreds of networks specifically as a security feature, and it is part of the security posture of hundreds of thousands of home networks today. People who say "NAT isn't a security feature" are simply wrong.

There are lots of security features I personally don't like either. I don't claim they're not security features; I say they're bad security features.

▲

Dylan16807 an hour ago | parent [-]

The PIX evidence above doesn't make it look like a retcon. Do you have something better to show about those hundreds of networks?

	▲	kortilla 3 minutes ago \| parent [-]
		> Since there's no way for anyone on the Internet to know which machine on the corporate network is using a Class C address at any given time, it's impossible to establish a telnet or FTP session with any particular device. This is a security feature ad, nothing else. And it’s 100% because of NAT, not anything else in the PIX feature set.