outbound_6in4tunnel
Explanation
The Outbound 6in4 Tunnel Detection NDM is designed to detect when IPv6 traffic is encapsulated within IPv4 packets that are leaving the customer network to external destinations. This technique, known as 6in4 tunneling, can be used for legitimate communication between IPv6-enabled networks or devices over an IPv4 infrastructure. However, it can also be exploited by attackers to bypass security measures.
What to Look For
If 6in4 Tunneling is not expected or authorized in the environment, investigate the sources and destinations of the traffic to determine if there are any signs of malicious activity.
Related MITRE ATT&CK Categories
Updated about 1 month ago