STIGQter STIGQter: STIG Summary: Infrastructure Router Security Technical Implementation Guide Version: 8 Release: 29 Benchmark Date: 25 Jan 2019: The administrator must ensure the 6-to-4 router is configured to drop any IPv4 packets with protocol 41 received from the internal network.

DISA Rule

SV-40452r1_rule

Vulnerability Number

V-30660

Group Title

The 6-to-4 router is not filtering protocol 41

Rule Version

NET-IPV6-065

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If the router is functioning as a 6to4 router, configure an egress filter (inbound on the internal-facing interface) to drop any outbound IPv4 packets that are tunneling IPv6 packets.

Check Contents

If the router is functioning as a 6to4 router, verify that there is an egress filter (inbound on the internal-facing interface) to drop any outbound IPv4 packets that are tunneling IPv6 packets.

Vulnerability Number

V-30660

Documentable

False

Rule Version

NET-IPV6-065

Severity Override Guidance

If the router is functioning as a 6to4 router, verify that there is an egress filter (inbound on the internal-facing interface) to drop any outbound IPv4 packets that are tunneling IPv6 packets.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

510

Comments