Administration
Support
Security
Installation
Information
About us
Contact
Services
Partners
agent°ex
Attingo Datenrettung
Crowes Agency OG
FOO
nets.at
- RSS English -
- RSS Deutsch -

Teredo may render your firewall useless

You most certainly know IPV4. You may have heard about IPV6. Do you know what Teredo is? No? That's bad provided you run a firewall to seperate the Internet from your local network. Teredo is a mechanism that allows encapsulation of IPV6 packets into IPV4 UDP and uses relay servers to let IPV6 clients communicate by using relay servers. Symantec has a very thorough analysis of Teredo:

Currently hardly any firewalls or intrusion detection systems are able to recognise Teredo packets and they are therefore unable to filter IPv6 traffic. Rather they see UDP traffic via any ports. Teredo could become a problem, in particular because it circumvents the supposed protection offered by NAT. While, to date, private IPv4 addresses have not been routed via the internet, with IPv6 every computer is automatically assigned a unique IPv6 address, into which goes, for example, the MAC address of the network card and which is in principle accessible from the internet.