outbound_6in4tunnel

Suggest Edits

Explanation

The Outbound 6in4 Tunnel Detection NDM is designed to detect when IPv6 traffic is encapsulated within IPv4 packets that are leaving the customer network to external destinations. This technique, known as 6in4 tunneling, can be used for legitimate communication between IPv6-enabled networks or devices over an IPv4 infrastructure. However, it can also be exploited by attackers to bypass security measures.

What to Look For

If 6in4 Tunneling is not expected or authorized in the environment, investigate the sources and destinations of the traffic to determine if there are any signs of malicious activity.

Related MITRE ATT&CK Categories

Protocol Tunneling, Techniques T1572

Updated 13 days ago