mixture

Let's start by addressing your statement that "nothing can get you when you're behind NAT".

Two irrefutable counter-arguments :

"Phone home" software that sends data/information about your computer/network to the outside world.

Software with mechanisms to bypass or work-around NAT (legitimate examples of this include Skype, GoToMyPC, Teamviewer etc.). Products such as Teamviewer provide you with full remote-control of your computer without any need to open any inbound ports on the firewall perimeter of your network.

It doesn't take much imagination to realise what can be done by people with malicious intent.

One source of further reading on this is the activities and presentations of the Jericho Forum.


I'll leave you with two facts :

(1) RFC1631 (aka NAT) was never designed as a security mechanism. It's role in life was always, and will always be to address the problem of address depletion and scaling in routing. That's it. The fact that your IP address gets masked in the process is a byproduct of the way the NAT mechanism was designed and consequently implemented.

(2) That today's internet is not a very pleasant place. There is an ever growing number of mechanisms at the disposal of the mischievous to bypass security, and the only way to address these effectively is to build a layered security model, not just relying on one piece of infrastructure to protect you.

You might be of the opinion that "oh, I'm just a boring home user, with no nuclear secrets on my ageing PC.... why should I bother". To that, I say remember zombie botnets and spam.... the miscreants want you to be a small piece in their large cog. It's your duty as an individual connected to the internet to do your small bit to help deflect the damage they cause. If you don't believe me on the damage front, I'll leave you with a little quote from a recent ticketing system notification message :