Detections
Analytics

DNS 'ISATAP' Lookup Detection

info Nessus Network Monitor Plugin ID 9271

Synopsis

This host is configured to automatically obtain IPv6 routing information via DNS.

Description

ISATAP, or 'Intra-Site Automatic Tunnel Addressing Protocol' is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. Traffic observed from this host indicates it has queried the network for an available ISATAP host to supply the PRL, or potential routers list.

Solution

Ensure that any '6in4' or ISATAP traffic cannot pass through the firewall to reach external resources.

See Also

https://technet.microsoft.com/library/security/ms10-029

https://support.microsoft.com/en-us/kb/978338

http://resources.infosecinstitute.com/security-vulnerabilities-ipv6-tunnels

Plugin Details

Severity: Info

ID: 9271

Family: Generic

Published: 5/26/2016

Updated: 11/23/2016