Tuesday, February 13, 2007

Blocking Teredo

Teredo is Microsoft's IPv6-over-IPv4 tunneling protocol. Rather than rehash the security implications of Teredo or tunneling protocols in general, I'll just point out that you can read about it here.

Teredo has been available for awhile on XP, but as Vista clients have started popping up, I am noticing that despite Microsoft's claims to the contrary, Teredo seems to be active by default, at least on the Vista machines we've loaded from the MSDN image.

It will show up in your firewall logs as traffic to udp/3544 with a destination IP that resolves to teredo.ipv6.microsoft.com. And, of course, it defeats all of your firewall's security goodness. This is why you should restrict outbound traffic to only that traffic that is necessary for business purposes. But that's hard to do. Seriously. It's even harder to move from a default allow to a default deny. More on that later.


1 comment:

Anonymous said...

It requires some time to adapt to new technologies...You can check this application which uses tereso to safely access a system over internet & disables it after usage...
http://www.lanoninternet.com