The Juniper perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

An XCCDF Rule

Description

<VulnDiscussion>Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks. To mitigate these vulnerabilities, links that have no hosts connected such as the interface connecting to external gateways must be configured to suppress router advertisements.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254073r844252_rule
Severity: Medium
References: CCI-000366
Updated: 9 months ago

Configure the router to suppress Router Advertisements on all external IPv6-enabled interfaces.
If IPv6 router advertisements are not used, even for internal interfaces, delete or deactivate the [edit protocols router-advertisement] stanza.

[delete|deactivate] protocols router-advertisement

Delete or deactivate router advertisements on external interfaces.
[delete|deactivate] protocols router-advertisement interface <external interface>

The Juniper perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

Description

Remediation - Manual Procedure