Detections
Analytics
GEN007780 - The system must not have 6to4 enabled.
Information
6to4 is an IPv6 transition mechanism involving tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system.Solution
Remove the configuration for any 6to4 tunnels on the system.#ifconfig sit0 detach
#rmdev -dl sit0
#ifconfig cit0 detach
#rmdev -dl cit0
Set the startup script /etc/rc.net to call autoconf6 with the -6 argument to prevent setting up 6 to 4 tunnels.
See Also
https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip
Item Details
Audit Name: DISA STIG AIX 6.1 v1r14
Category: ACCESS CONTROL
References: 800-53|AC-4, CAT|II, CCI|CCI-001551, Group-ID|V-22545, Rule-ID|SV-38926r1_rule, STIG-ID|GEN007780, Vuln-ID|V-22545
Plugin: Unix
Control ID: dd1ffcce3c0137d7623d2337da00514bd2dc217bb367d96b340211ad58157d0b