NET-IPV6-004 – Router advertisements must be suppressed on all external-facing IPv6-enabled interfaces.
Details Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks....
- Home
- Security Hardening
- DISA STIG Juniper Perimeter Router V8R32
DISA STIG Juniper Perimeter Router V8R32
NET-IPV6-006 – Ensure the undetermined transport packet is blocked at the perimeter in an IPv6 enclave by the router.
Details One of the fragmentation weaknesses known in IPv6 is the undetermined transport packet. This is a packet that contains...NET-IPV6-008 – The IAO/NSO will ensure IPv6 6bone address space is blocked on the ingress and egress filter, (3FFE::/16).
Details The decommissioned 6bone allocation (3FFE::/16), RFC 3701 must be blocked. It is no longer a trusted source. Solution The...NET-IPV6-010 – Permit inbound ICMPv6 messages Packet-too-big, Time Exceeded, Parameter Problem, Echo Reply, and Neighbor Discovery.
Details Scanning will usually be the major stage of an information gathering process a malicious computer attacker will launch against...NET-IPV6-011 – The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery – echo-request
Details Scanning will usually be the major stage of an information gathering process a malicious computer attacker will lunch against...NET-IPV6-011 – The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery – neighbor-adv
Details Scanning will usually be the major stage of an information gathering process a malicious computer attacker will lunch against...NET-IPV6-011 – The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery – neighbor-solicit
Details Scanning will usually be the major stage of an information gathering process a malicious computer attacker will lunch against...NET-IPV6-011 – The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery – packet-too-big
Details Scanning will usually be the major stage of an information gathering process a malicious computer attacker will lunch against...NET-IPV6-016 – The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing interfaces.
Details The Internet Control Message Protocol version 6 (ICMPv6) supports IPv6 traffic by relaying information about paths, routes, and network...NET-IPV6-017 – The network element must be configured to ensure the routing header extension type 0, 1, and 3-255 are rejected.
Details The Routing header is used by an IPv6 source to specify a list of intermediate nodes that a packet...