Do you really NAT all those meters though? It seems much more likely to me that you only have one or two specialized ALG's running.
One to many NAT really makes an attackers life easier in a lot of ways - at least as far as computer networks that support active users. NAT makes it much easier to hide from flow analysis and IDS and the proliferation nat traversal and tunnels to escape NAT make it much harder to spot rogue traffic. Lets not forget the classes of attacks that private v4 space has eased like DNS rebinding and home router attacks.
It's interesting, the only network I knew of that was ip6, aggressively secured and that many nodes is DISA which definitely doesn't allow any public network traffic - and yet uses global address space.
One to many NAT really makes an attackers life easier in a lot of ways - at least as far as computer networks that support active users. NAT makes it much easier to hide from flow analysis and IDS and the proliferation nat traversal and tunnels to escape NAT make it much harder to spot rogue traffic. Lets not forget the classes of attacks that private v4 space has eased like DNS rebinding and home router attacks.
It's interesting, the only network I knew of that was ip6, aggressively secured and that many nodes is DISA which definitely doesn't allow any public network traffic - and yet uses global address space.