v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

Nuno Vieira - nfsi telecom nuno.vieira at nfsi.pt
Tue Feb 10 00:11:55 CST 2009


security by obscurity is not the way, everyone knows it.

those guys will figure it out sooner or later (where later, might take ages).

in the meanwhile, a lot have pseudo-secured networks thru triple-nat, quadruple-nat, multiple ipsec'd layered and so, and others live with the hammer in their suitcase for fixing things around when the clue is gone.

often they forgot the neat webserver box that run's some strange software, which no one updates, and... in the end is the cheese hole around their network...

but, in the other end, money talks, and bulls**t walks, so, we might be all wrong, and they might be right, who knows ?

who cares anyway ? :-)
--nvieira


----- "John Osmon" <josmon at rigozsaurus.com> wrote:
> 
> It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says:
>    Implement IP address masquerading to prevent internal addresses
> from
>    being translated and revealed on the Internet. Use technologies
> that
>    implement RFC 1918 address space, such as port address translation
> (PAT)
>    or network address translation (NAT)
> 
> I know that some auditors want to hold people to that standard.
> 
> I stopped working with the credit card people at that point...




More information about the NANOG mailing list