True, the frame is addressed to the router's hw interface but I'm talking to people who think NAT drops traffic so I figured keep it simple
But, yes, the ISP (or whoever has compromised/suborned/social engineered the ISP) is absolutely the main worry here and I don't understand how people are dismissing that so easily
> I don't understand how people are dismissing that so easily
Because that’s not where 99.9999% of attacks come from
Fire up a web server on a public ipv4 address and you’ll get hundreds of requests per day from bots probing endpoints for vulnerabilities. Same thing goes for weak passwords on an SSH endpoint.
But, yes, the ISP (or whoever has compromised/suborned/social engineered the ISP) is absolutely the main worry here and I don't understand how people are dismissing that so easily