UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The router must block IPv6 6bone address space on the ingress and egress filters (3FEE::/16).


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000202-RTR-000091 SRG-NET-000202-RTR-000091 SRG-NET-000202-RTR-000091_rule Low
Description
The decommissioned 6bone allocation (3FFE::/16), RFC 3701 must be blocked. It is no longer a trusted source.
STIG Date
Router Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000202-RTR-000091_chk )
Review the perimeter router configuration to verify filters are in place to restrict the IP addresses explicitly, or inexplicitly. Verify that ingress and egress filters for IPv6 have been defined to deny the 6bone address space and log all violations. If the ingress and egress filters do not deny the 6bone address space and log all violations, this is a finding.
Fix Text (F-SRG-NET-000202-RTR-000091_fix)
Configure ingress and egress filters to deny the 6bone address space and log all violations.