Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22545 | GEN007780 | SV-26921r1_rule | ECSC-1 | Medium |
Description |
---|
6to4 is an IPv6 transition mechanism that involves tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
STIG | Date |
---|---|
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Check Text ( C-27873r1_chk ) |
---|
# ifconfig -a If a tunnel interface is displayed with an IPv4 tunnel source address, an IPv6 interface address, and no tunnel destination address, this is a finding. |
Fix Text (F-24164r1_fix) |
---|
Disable the active 6to4 tunnel. # ifconfig Check the /etc/hostname* files for startup configuration for the tunnel, and edit or delete as appropriate to prevent the tunnel creation on startup. |