Check: GEN005610
VMware ESX 3 Server:
GEN005610
(in version v1 r2)
Title
The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. (Cat II impact)
Discussion
If the system is configured for IP forwarding and is not a designated router, it could be used to bypass network security by providing a path for communication not filtered by network devices.
Check Content
If the system is a router, this is not applicable. Determine if the system has IPv6 forwarding enabled. If so, this is a finding.
Fix Text
Disable IPv6 forwarding on the system.
Additional Identifiers
Rule ID: SV-26166r1_rule
Vulnerability ID: V-22491
Group Title: GEN005610
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |