Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14697 | NET-IPV6-029 | SV-15407r3_rule | Medium |
Description |
---|
IPv6 multicast addresses should never be a source address. They should only be destination addresses. |
STIG | Date |
---|---|
Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2018-11-28 |
Check Text ( C-12874r2_chk ) |
---|
Review the perimeter router configuration to ensure filters are in place to restrict the IP addresses. Verify that ingress and egress ACLs for IPv6 have been defined to deny the multicast source addresses and log all violations. |
Fix Text (F-14162r2_fix) |
---|
Configure the perimeter router access control lists to deny any IPv6 multicast address used as a source address. |