[PCI DSS 3.0] 1.3.8 Do not disclose private IP addresses and routing information to unauthorized parties.

1.3.8 Do not disclose private IP
addresses and routing information to
unauthorized parties.

Note: Methods to obscure IP addressing
may include, but are not limited to:

 Network Address Translation (NAT)
 Placing servers containing
cardholder data behind proxy
servers/firewalls,
 Removal or filtering of route
advertisements for private networks
that employ registered addressing,
 Internal use of RFC1918 address
space instead of registered
addresses.

1.3.8.a Examine firewall and router configurations to verify that
methods are in place to prevent the disclosure of private IP
addresses and routing information from internal networks to
the Internet.

1.3.8.b Interview personnel and examine documentation to
verify that any disclosure of private IP addresses and routing
information to external entities is authorized.

Restricting the disclosure of internal or private IP
addresses is essential to prevent a hacker
“learning” the IP addresses of the internal
network, and using that information to access the
network.
Methods used to meet the intent of this
requirement may vary depending on the specific
networking technology being used. For example,
the controls used to meet this requirement may be
different for IPv4 networks than for IPv6 networks.