Risks of patched servers behind de-randomizing NAT

[David Carmean]

I seem to have lost a message where somebody from ISC (Paul?) was going to
release an updated/new advisory regarding the source-port de-randomizing
effects of many NAT implementations will have upon patched servers.  

Many of the folks I'm working with are unconcerned about this problem, 
because they cannot come up with an attack scenario against a recursive 
server behind a [NATting] firewall.  They are also apparently hearing 
claims from our firewall vendor (starts with a letter between I and K) that 
this is not a big deal for servers behind a [their?] firewall.  (Were they 
not invited to The Big Meeting?)

Can we get a reading from Those Who Know about how likely it is that 
BadGuys can trick a client inside such a firewall to facilitate an attack 
against an internal recursive server (said server can query through the firewall).

Thanks.