STIGQter STIGQter: STIG Summary: Infrastructure Router Security Technical Implementation Guide Juniper Version: 8 Release: 29 Benchmark Date: 25 Jan 2019: The administrator must ensure the 6-to-4 router is configured to drop any outbound IPv6 packets from the internal network with a source address that is not within the 6to4 prefix 2002:V4ADDR::/48 where V4ADDR is the designated IPv4 6to4 address for the enclave.

DISA Rule

SV-40541r1_rule

Vulnerability Number

V-30736

Group Title

6-to-4 router not filtering invalid source address

Rule Version

NET-IPV6-066

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

If the router is functioning as a 6to4 router, configure an egress filter (inbound on the internal-facing interface) to drop any outbound IPv6 packets from the internal network with a source address that is not within the 6to4 prefix 2002:V4ADDR::/48 where V4ADDR is the designated IPv4 6to4 address for the enclave.

Check Contents

Currently JUNOS does not support 6to4 automatic tunneling so this vulnerability is not applicable

Vulnerability Number

V-30736

Documentable

False

Rule Version

NET-IPV6-066

Severity Override Guidance

Currently JUNOS does not support 6to4 automatic tunneling so this vulnerability is not applicable

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

510

Comments