On 2014-04-17 02:26, Linda Walsh wrote:
Carlos E. R. wrote: ---- One of the first things I disabled, as I noted it went right through my FW stuff to MS. I knew I didn't know enough about ipv6 to come up with a reasonable security policy, and it was too much work for any benefit, so it's been disabled since.
Due to that tech, many computers have been using IPV6, but at the expense of routing it through IPV4 -- creating overhead, slowdowns and latency.
That was one of the reasons its been recommended to try IPV4 before IPV6 connectivity, as most people's IPV6 was a 'sham', created by tunnels and was really just adding overhead.
UPNP works w/o ipv6... at least on my home net.. haven't found any real use for it yet, but it seems to be there.
It really does not matter if it uses IPv6 or 4. This Teredo thing is in fact used, apparently, by some M$ programs to call phone out of the control of firewalls and filters, without anybody seeing it. Something about "microsoft user experience or happiness" ... I forget the exact wording. It is a tunnel, that pipes IPv6 inside, through NAT. As any such thing it needs collaboration from a known server on the outside to set it up, and this one belongs to Microsoft. Of course, any other program might set up any other type of tunnel without asking or control. It could be used by malware. Apparently, it does not affect anything else in the network. I did not find, yet, anything in Linux related to "teredo". I think that a Linux based firewall will not even be aware of it. I noticed because there was a section on the UPnP on my firewall, that directly and permanently connected anything incoming on a certain outside port to an specific machine inside. Two machines, actually, and one had been powered down for days - but the tunnel in the router-firewall was still active. Maybe a bug in the router firmware, or the timeout was defined so long. No way to know. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)