v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

John Osmon josmon at rigozsaurus.com
Tue Feb 10 05:54:21 UTC 2009


On Tue, Feb 10, 2009 at 02:16:10PM +1100, Mark Andrews wrote:
> 
> In message <00df01c98b27$3181b7e0$948527a0$@com>, "TJ" writes:
[...SOX auditor stuff...]
> > When the compliance explicitly requires something they are required to check
> > for it, they don't have the option of ignoring or waving requirements ...
> > and off the top of my head I don't recall if it is SOX that calls for
> > RFC1918 explicitly but I know there are some that do.
> 
> 	Please cite references.
> 
> 	I can find plenty of firewall required references but I'm
> 	yet to find a NAT and/or RFC 1918 required.

It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says:
   Implement IP address masquerading to prevent internal addresses from
   being translated and revealed on the Internet. Use technologies that
   implement RFC 1918 address space, such as port address translation (PAT)
   or network address translation (NAT)

I know that some auditors want to hold people to that standard.

I stopped working with the credit card people at that point...






More information about the NANOG mailing list