nanog mailing list archives

RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

From: "TJ" <trejrco () gmail com>
Date: Tue, 10 Feb 2009 08:57:28 -0500

However the PCI DSS does contain a "Compensating controls" section, which
allows for the use of functionality which "provide[s] a similar level of
defense" to the stated requirements, where the stated requirements can not
be followed due to "legitimate technical or documented business

constraints"


Now the fact that RFC1918 addresses don't work with IPv6 is clearly a
"legitimate technical ... constraint", so as long as you could successfully
argue that a stateful firewall or other measures in place provided
equivalent security as NAT you should be fine.



Excellent loophole!
Although I wonder how many clueful auditors are out there and able to make
this fly ...

Current thread:

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space, (continued)
- - - Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Matthew Palmer (Feb 09)
    - Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Valdis . Kletnieks (Feb 10)
    - RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space TJ (Feb 10)
    - Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Mohacsi Janos (Feb 10)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Nathan Ward (Feb 04)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Brandon Butterworth (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Roger Marquis (Feb 05)
  - Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Jack Bates (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Nuno Vieira - nfsi telecom (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Scott Howard (Feb 09)
  - RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space TJ (Feb 10)