Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22545 | GEN007780 | SV-38926r1_rule | ECSC-1 | Medium |
Description |
---|
6to4 is an IPv6 transition mechanism involving tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2013-03-26 |
Check Text ( C-37911r1_chk ) |
---|
Determine if there are any 6to4 tunnels configured on the system. #ifconfig -a If there are any sit or cit adapters in the ifconfig listing, this is a finding. |
Fix Text (F-33169r1_fix) |
---|
Remove the configuration for any 6to4 tunnels on the system. #ifconfig sit0 detach #rmdev -dl sit0 #ifconfig cit0 detach #rmdev -dl cit0 Set the startup script /etc/rc.net to call autoconf6 with the -6 argument to prevent setting up 6 to 4 tunnels. |