Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Teredo Security Concerns InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Teredo Security Concerns

Published: 2007-12-11
Last Updated: 2007-12-11 21:11:01 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

In the past we've written about the risks involved in using Teredo (like e.g. Microsoft's Vista does). It effectively makes machines behind a NAT gateway addressable from the Internet. Proponents will say that Vista doesn't start it until needed, and that the IPv6 address space is too big to scan. Well, all it takes is a hit on a IPv6 web server to both start it and to know where the client is.

It seems this opinion is now propagated and elaborated in an internet draft over at the IETF:

http://www.ietf.org/internet-drafts/draft-ietf-v6ops-teredo-security-concerns-01.txt

Recommended reading material.

Just a reminder: block UDP port 3544 on your IPv4 perimeter to stop the tunnels from being created.

--
Swa Frantzen -- Gorilla Security

Keywords:
0 comment(s)
Diary Archives