6in4tunnel

Suggest Edits

Explanation

The 6in4 Tunnel Detection NDM is designed to detect when IPv6 traffic is encapsulated within IPv4 packets on the network. This technique, known as 6in4 tunneling, can be used for legitimate communication between IPv6-enabled networks or devices over an IPv4 infrastructure. However, it can also be exploited by attackers to bypass security measures.

What to Look For

To remediate the issue, examine network traffic to determine if any IPv6 traffic is being encapsulated within IPv4 packets. Look for any signs of malicious activity in the network traffic, such as unauthorized or suspicious traffic originating from unknown sources.

Related MITRE ATT&CK Categories

Protocol Tunneling, Technique T1572 - Enterprise

Updated 13 days ago