6in4tunnel
Explanation
The 6in4 Tunnel Detection NDM is designed to detect when IPv6 traffic is encapsulated within IPv4 packets on the network. This technique, known as 6in4 tunneling, can be used for legitimate communication between IPv6-enabled networks or devices over an IPv4 infrastructure. However, it can also be exploited by attackers to bypass security measures.
What to Look For
To remediate the issue, examine network traffic to determine if any IPv6 traffic is being encapsulated within IPv4 packets. Look for any signs of malicious activity in the network traffic, such as unauthorized or suspicious traffic originating from unknown sources.
Related MITRE ATT&CK Categories
Updated 2 months ago