Mixture,

No doubt you are right, but bear in mind that the lowliest soho router offers NAT plus SPI* plus port filtering, and often some degree of IP address filtering as well.

I'm not saying that a typical soho router is unbreakable, just that it is much stronger than NAT-only.

SD

* Stateful Packet Inspection, which addresses the TCP flag issue mentioned (for the less technically minded).