On Fri, May 2, 2014 11:57 am, Fred Baker (fred) wrote: > > On May 1, 2014, at 4:10 PM, Jean-Francois Mezei > <jfmezei_na...@vaxination.ca> wrote: > >> Pardon my ignorance here. But in a carrier-grade NAT implementation that >> serves say 5000 users, when happens when someone from the outside tries >> to connect to port 80 of the shared routable IP ? > > More to the point, your trust boundary includes 5000 people. Do you know > them all? Who maintains their systems and software? Do you trust them? > > What happens if they approach you from behind the NAT? >
Strikes me as a red herring; CGNat is not shifting your security boundary, wheras the typical NAT device used on a shared IPv4 connection usually does.