The system must not have 6to4 enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-227052 | GEN007780 | SV-227052r603265_rule | Medium |
| Description |
|---|
| 6to4 is an IPv6 transition mechanism that involves tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
| STIG | Date |
|---|---|
| Solaris 10 SPARC Security Technical Implementation Guide | 2022-09-07 |
Details
| Check Text ( C-29214r485525_chk ) |
|---|
| # ifconfig -a If a tunnel interface is displayed with an IPv4 tunnel source address, an IPv6 interface address, and no tunnel destination address, this is a finding. |
| Fix Text (F-29202r485526_fix) |
|---|
| Disable the active 6to4 tunnel. # ifconfig Check the /etc/hostname* files for startup configuration for the tunnel, and edit or delete as appropriate to prevent the tunnel creation on startup. |