The Hoagland/Krishnan document was discussed at a meeting of the IETF’s IPv6 Operations Working Group held here this week. The easiest mechanism for this would be to filter out incoming traffic with Source Port 3544 and outgoing traffic with Destination Port 3544." "Administrators of such networks may wish to filter all Teredo traffic at the boundaries of their networks. "Teredo is not recommended as a solution for managed networks," the document states. The document is the result of an independent analysis of Teredo’s security implications that was conducted by Symantec. In a 20-page document titled "Teredo Security Concerns," James Hoagland of Symantec and Suresh Krishnan of Ericsson, outline several new security concerns about running Teredo in managed, corporate network environments. Teredo is enabled by default in Windows Vista, but it won’t be enabled by default in Windows Server Code Name 2008, according to Microsoft. A network using Teredo requires Teredo clients, Teredo host-specific relays, Teredo servers and Teredo relays. Teredo provides IPv6 traffic with address assignment and host-to-host automatic tunneling. With Teredo, IPv6 packets are sent as IPv4-based User Datagram Protocol messages to go through IPv4 NATs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |