Details
The IPv6 Jumbo Payload allows IP packets to be larger than 65,535 bytes. This feature is only useful on very specialized high performance systems (e.g. super computers). Common place link layer technologies do not support these payload sizes and special link layer designs would be necessary. This header should be dropped unless the system is specifically designed to use very large payloads, since it only serves as an opportunity to break implementations.
NOTE: This check requires a manual review. Determine if your device and software version support IPv6 ACL Extensions for Hop by Hop Filtering. You may use the Cisco Feature Navigator for assistance.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the firewall to drop all inbound and/or outbound IPv6 packets containing a hop-by-hop option of option type 0xC2.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Cisco.
References
- CAT|II
- Rule-ID|SV-20551r2_rule
- STIG-ID|NET-IPV6-035
- Vuln-ID|V-18815