Comment Re:Yeah right (Score 2) 326
Well partially, but I'd argue the addresses have a lot to do with it, too. My home subnet is 192.168.77.0/24. My firewall blocks anything coming from the outside world bound for 192.168.77.0/24. That's nice, but doesn't really ever do anything because damn near every router between me and a potential attacker drops packets that are to or from the reserved networks, because it has no idea where to send them. About the only way it would be a viable attack is from somebody who had control at my upstream ISP.
A non-NAT scheme depends - almost entirely - on my firewall not sucking. I try, but I have in the past screwed that up when changing rules and haven't realized it for days until something seems to be a bit wonky. My motto is if you can't get a packet to it, you can't attack it.