||Packet Filtering: Service Providers and Network Operators should block tunneling protocols (for example, IP protocol 41 and UDP port 3544) at points where they should not be used. Tunnels can bypass firewall/perimeter security. Use static tunnels where the need for tunneling is known in advance.
||Cable; Internet/Data; Wireline
||Service Provider; Network Operator
||Cyber Security;Intrusion Detection;Network Design;Network Interoperability;Network Operations;
||NIST SP 800-119 (Draft) 2.4