>In addition, some of the DDoS attacks we've seen recently would be a lot easier to prevent if NAT wasn't a thing
I know that NAT is not a security feature but, pragmatically, one could argue the opposite: lots of vulnerable devices today aren't part of a botnet just because they haven't been discovered being hidden behind NAT.
That's the reason why IP webcams are so popular in recent botnets: usually they need to be remotely accessible so they are outside NAT (or, seldom, they get port forwarding or in some sort of DMZ).
>I know that NAT is not a security feature but, pragmatically, one could argue the opposite: lots of vulnerable devices today aren't part of a botnet just because they haven't been discovered being hidden behind NAT.
But in the same way, I feel like NAT has allowed a false sense of security. Maybe if NAT wasn't there to hide everyone's PC, more machines would be broken into, and device security would be a lot better today.
I know that NAT is not a security feature but, pragmatically, one could argue the opposite: lots of vulnerable devices today aren't part of a botnet just because they haven't been discovered being hidden behind NAT.
That's the reason why IP webcams are so popular in recent botnets: usually they need to be remotely accessible so they are outside NAT (or, seldom, they get port forwarding or in some sort of DMZ).