North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Microsoft and Teredo

  • From: Stephen Sprunk
  • Date: Thu May 31 10:52:25 2007


Thus spake "Adrian Chadd" <[email protected]>
On Thu, May 31, 2007, JORDI PALET MARTINEZ wrote:
In windows, you have IPv6 firewall, so even if Teredo traverses
the "IPv4 security", there is still something there.

A good description of all this is available at:
http://www.microsoft.com/technet/network/ipv6/teredo.mspx

I've read that; but again enterprise and ISPs may impose restrictions on the types of traffic to/from end users, and this circumvents that. Host-based firewalls are not the be all or end all of network security.

The simplistic answer is that a site with IPv4-only security devices has to choose whether they're going to allow or block all Teredo/6to4 traffic. If they want finer control, they need to upgrade to a native v6 network and native v6 security devices.


S

Stephen Sprunk "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov