Details
‘6-to-4’ is a tunneling IPv6 transition mechanism [RFC 3056]. The guidance is the default case, which assumes that 6-to-4 is not being used as an IPv6 transition mechanism. If 6-to-4 is implemented, reference addition 6-to-4 guidance defined in the STIG.
Drop all inbound IPv6 packets containing a source address of type 2002::/16. This assumes the 6-to-4 transition mechanism is not being used.
Drop all inbound IPv6 packets containing a destination address of type 2002::/16. This assumes the 6-to-4 transition mechanism is not being used.
NOTE: Nessus did not detect IPv6 on the Outside interface so this check is not applicable.
Solution
Configure the device using filters to restrict IP addresses that contain any 6-to-4 addresses.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.
References
- 800-53|SC-7(5)
- CAT|II
- Rule-ID|SV-20160r2_rule
- STIG-ID|NET-IPV6-024
- Vuln-ID|V-18608