-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Investigating my router, I suddenly noticed something weird: Under the "forwarding" section, "UPnP", there are two local IPs which are using something named "Teredo". Both machines have been running Windows 7 for at least some hours. The wikipedia says: http://en.wikipedia.org/wiki/Teredo_tunneling +++································ In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network. Compared to other similar protocols its distinguishing feature is that it is able to perform its function even from behind network address translation (NAT) devices such as home routers. Teredo operates using a platform independent tunneling protocol designed to provide IPv6 (Internet Protocol version 6) connectivity by encapsulating IPv6 datagram packets within IPv4 User Datagram Protocol (UDP) packets. These datagrams can be routed on the IPv4 Internet and through NAT devices. Other Teredo nodes elsewhere called Teredo relays that have access to the IPv6 network then receive the packets, unencapsulate them, and route them on. Teredo is designed as a last resort transition technology and is intended to be a temporary measure: in the long term, all IPv6 hosts should use native IPv6 connectivity. Teredo should therefore be disabled when native IPv6 connectivity becomes available. Teredo was developed by Christian Huitema at Microsoft, and was standardized in the IETF as RFC 4380. The Teredo server listens on UDP port 3544. ································++- So, is something in those Windows machines using IPv6 via an automatic tunnel? Apparently, yes. http://security.stackexchange.com/questions/10090/is-teredo-in-my-router-a-b... In W7, disable from command prompt as admin with: netsh interface teredo set state disable enable netsh interface teredo set state enable If something you want fails, re-enable. http://www.sixscape.com/joomla/sixscape/index.php/ipv6-training-certificatio... Teredo - a Little Worm That Bores Holes in your Firewall +++································ Teredo is an automated tunneling mechanism based on 6in4 for obtaining access to the IPv6 Internet from a single node in an IPv4-only network. It includes NAT Traversal, so that it can work even behind a NAT44 gateway. It is specified in RFC 4380, "Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)", February 2006. Teredo is a variant of 6to4 tunneling. It still uses Protocol 41 6in4 tunneling way down under. It adds encapsulation over UDP datagrams and a simplified version of STUN NAT Traversal, which allows the Teredo client to work behind an RFC 1918 private address (no public address is required, as is the case with 6in4 and 6to4 tunneling). Teredo servers listen on port udp/3544, and use addresses in 2001::/32 (these facts are useful if you want to block internal nodes from using Teredo - some firewalls allow you to block all protocol 41 traffic from internal nodes). Teredo is installed in all copies of Windows Vista and later. It is possible to disable it, but this is not a simple GUI configuration option in off-the-shelf Windows. If your Windows node is a member of a Microsoft network domain (not a workgroup), then Teredo is disabled. If your node is not a member of a Microsoft domain (even if it is a member of a Microsoft network workgroup), then Teredo is enabled. ································++- https://www.symantec.com/avcenter/reference/Teredo_Security.pdf by J Hoagland - Related articles The Teredo Protocol: Tunneling Past Network Security and Other Security Implications. Dr. James Hoagland. Principal Security Researcher. Symantec ... https://www.google.es/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&sqi=2&ved=0CE4QFjAF&url=https%3A%2F%2Fwww.symantec.com%2Favcenter%2Freference%2FTeredo_Security.pdf&ei=YGZNU4eJJ_PA7AbbuoDwBA&usg=AFQjCNHqcoti3xbZM1sP_Zws55ldsZL9qQ&bvm=bv.64764171,d.bGQ&cad=rja +++································ Teredo creates an open-ended tunnel through the NAT to the client. Teredo is designed as an IPv6 tunneling mechanism for end nodes behind a NAT. It works without the cooperation of any non-Teredo components. Additionally, since it is a new mechanism, pre-existing network-based security controls (for example, firewalls and IPSs) on the client’s network do not see through the tunnel to apply the controls to the traffic being tunneled. One could therefore say that Teredo is evading those controls, which has to be a concern for those who set them up, since those controls are supposed to adequately regulate all traffic. In addition, it might be difficult to monitor or block Teredo traffic, as discussed in “Teredo mitigation” section. If network controls are bypassed due to the use of IPv6 via Teredo, the burden of controls shifts to the Teredo client host. Since the host may not have full control over all the nodes on the network, security administrators sometimes prefer to implement security controls on the network. In addition, having both network controls and host controls provides defense in depth, a basic security principle. ································++- http://technet.microsoft.com/en-us/library/bb457011.aspx +++································ Teredo Overview Published: January 01, 2003 | Updated: January 15, 2007 Abstract Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages. This article provides an overview of Teredo—including Teredo addresses and packet structures—and detailed explanations of how communication is initiated between Teredo clients, Teredo host-specific relays, and IPv6-only hosts using the IPv4 Internet, the IPv6 Internet, Teredo servers, and Teredo relays. ································++- I'm unsure what are the implications for the rest of my local network, using Linux. For the moment, I have disabled UPnP in the router, and will disable Teredo in Windows inmediately. Then I have to find out if I can disable Teredo in my router without clossing out UPnP completely - which I don't remember why I enabled. Something required it, I think, or was simply easier (perhaps the mule). - -- Cheers Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlNNdM4ACgkQtTMYHG2NR9VwXQCfQF4n6BF7XvjkupCizN2Jp/6g MGIAnRxP5LbF9cl9aA22IROS9B+G/0Wl =CJ7K -----END PGP SIGNATURE-----