Check: GEN007780
Solaris 9 X86 STIG:
GEN007780
(in version v1 r9)
Title
The system must not have 6to4 enabled. (Cat II impact)
Discussion
6to4 is an IPv6 transition mechanism that involves tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system.
Check Content
# ifconfig -a If a tunnel interface is displayed with an IPv4 tunnel source address, an IPv6 interface address, and no tunnel destination address, this is a finding.
Fix Text
Disable the active 6to4 tunnel. # ifconfig <tunnel> down Check the /etc/hostname* files for startup configuration for the tunnel, and edit or delete as appropriate to prevent the tunnel creation on startup.
Additional Identifiers
Rule ID: SV-26921r1_rule
Vulnerability ID: V-22545
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001551 |
The organization defines approved authorizations for controlling the flow of information between interconnected systems. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |