The system must not have 6to4 enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22545 | GEN007780 | SV-26921r1_rule | ECSC-1 | Medium |
| Description |
|---|
| 6to4 is an IPv6 transition mechanism that involves tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
| STIG | Date |
|---|---|
| SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Details
| Check Text ( C-27873r1_chk ) |
|---|
| # ifconfig -a If a tunnel interface is displayed with an IPv4 tunnel source address, an IPv6 interface address, and no tunnel destination address, this is a finding. |
| Fix Text (F-24164r1_fix) |
|---|
| Disable the active 6to4 tunnel. # ifconfig Check the /etc/hostname* files for startup configuration for the tunnel, and edit or delete as appropriate to prevent the tunnel creation on startup. |