UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IPv6 protocol handler must not be bound to the network stack unless needed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22541 GEN007700 SV-38918r1_rule ECSC-1 Medium
Description
IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37907r1_chk )
AIX comes with IPv6 protocol handler installed and active. The only configured IPv6 address is the loopback localhost adapter.

Check if any other interfaces have IPv6 addresses active.

# ifconfig -a

If any IPv6 addresses are configured on any network interfaces other than loopback and IPv6 is not needed, this is a finding.
Fix Text (F-33165r1_fix)
Unbind the IPv6 protocol handler from the network stack.

Edit /etc/rc.tcpip and comment out autoconf6 to prevent IPv6 from auto starting.

Unconfigure IPv6 addresses from interfaces not used with smit.

#smit chinet6