The router must block IPv6 6bone address space on the ingress and egress filters (3FEE::/16).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000202-RTR-000091 | SRG-NET-000202-RTR-000091 | SRG-NET-000202-RTR-000091_rule | Low |
| Description |
|---|
| The decommissioned 6bone allocation (3FFE::/16), RFC 3701 must be blocked. It is no longer a trusted source. |
| STIG | Date |
|---|---|
| Router Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000202-RTR-000091_chk ) |
|---|
| Review the perimeter router configuration to verify filters are in place to restrict the IP addresses explicitly, or inexplicitly. Verify that ingress and egress filters for IPv6 have been defined to deny the 6bone address space and log all violations. If the ingress and egress filters do not deny the 6bone address space and log all violations, this is a finding. |
| Fix Text (F-SRG-NET-000202-RTR-000091_fix) |
|---|
| Configure ingress and egress filters to deny the 6bone address space and log all violations. |