Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Teredo Security Concerns SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Teredo Security Concerns

In the past we've written about the risks involved in using Teredo (like e.g. Microsoft's Vista does). It effectively makes machines behind a NAT gateway addressable from the Internet. Proponents will say that Vista doesn't start it until needed, and that the IPv6 address space is too big to scan. Well, all it takes is a hit on a IPv6 web server to both start it and to know where the client is.

It seems this opinion is now propagated and elaborated in an internet draft over at the IETF:

http://www.ietf.org/internet-drafts/draft-ietf-v6ops-teredo-security-concerns-01.txt

Recommended reading material.

Just a reminder: block UDP port 3544 on your IPv4 perimeter to stop the tunnels from being created.

--
Swa Frantzen -- Gorilla Security

Swa

760 Posts
Dec 11th 2007

Sign Up for Free or Log In to start participating in the conversation!