alt Hacker NewsGrandma’s ISP can send RFC 1918 traffic to her router and likely be able to directly connect to every internal host. You should have learned in your CCNA training that NAT makes it harder to send inbound traffic to a system, but doesn’t by itself provide the filtering that a firewall does.
Right, I get that. I can see the ISP angle. But my question was specifically for outside attacks. Tangible, real-world threats in existing ISPs, reachable from the outside.