(no title)

> For some reason whenever somebody suggests that NAT might have security benefits, there is usually some hysterical screeching about how that isn't true.

It is not the address translation mechanism that does the protecting but rather the state tracking.

Until very recently I was with an ISP with IPv6, and things like my home printer had IPv6 addresses—but just because they were globally addressable did not mean that they were globally reachable.

because it's unnecessary to get the same benefit. Being behind a firewall would have the same effect (and any ipv6 deployment will have this), it's just that NAT requires this. It's like saying eating a spoonfull of cinnamon has health benefits because it hydrates you when you have to drink a glass of water afterwards: you could just drink the water.

I think the usual security objection is that if the NAT router receives a packet from the outside, with its destination set to a local address, the router will just let it through, in the absence of a firewall.

But as far as I can tell, that's only relevant for an attacker who can MITM the connection between the local router and the next ISP router, since clearly the ISP wouldn't know who to forward the local address to. I'd think it isn't within the threat model of the "typical internet user" who'd be running such a poorly-configured network.

Isn't NAT slipstreaming a "real" vector?

https://samy.pl/slipstream/

Because it's really important to know the difference between NAT and a firewall if you are into networks. And IPv6 discussions generally involve such people. In this case it's nothing to do with NAT and everything to do with being behind a firewall.

Yep. Before I knew what it was, I genuinely thought that an issue occurred when my connection established. That’s how fast it was, and it was consistently that fast.

More that NAT forces your network gear to filter inbound connections from the outside internet by default. This works with one device behind one router as a billion devices behind a billion routers.

I'm afraid this is factually wrong, my computer had a public IP until the early 2010s as around these days modems were just models and not routers too.

And with IPv6 all my devices could be publicly addressed but I've enabled a firewall to block incoming traffic at the router level.

Even discounting dial-up, this really depends on where you are in the world at the time. PPPoE and direct hookup (via the cable/ADSL modem) are still relatively common where I was at the time that Blaster was roaming around, while some countries have forced CGNAT even before CGNAT became a common word, usually for "protecting the children" like Cleanfeed (and even discounting that, event at the time you could still get IPv4 effortlessly there had been, and certainty there are still, crappy ISPs which don't really care about direct connections).

This is absolutely false. This only became common when wireless networking became ubiquitous, which wasn't until probably a decade later.