What do you mean by 'external LAN interface'? His (and my) LAN is on a private IP range and is mostly wired and within the house. There is WiFi but I doubt if it reaches anyone else's house and you can't stop in the lane outside without causing an obstruction (and lots of dog barking).
Ah, you mean the outside facing *WAN* interface of the NAT router. Yes, there can be security holes put there by ISPs and such but since I (and probably The Natural Philosopher) use our own (not the ISP's) router that's unlikely.
I ran some tests of this sort on mine a while ago, seemed to confirm that it's fairly 'hard'.