[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New I-D: Teredo Security Concerns Beyond What Is In RFC 4380



On 6/4/07 12:43 PM, "Rémi Denis-Courmont" <rdenis@simphalempin.com> wrote:

> Inspection would only make sense if you wanted to partially allow IPv6
> traffic through Teredo, but I think we have consensus that Teredo must
> not be used in managed networks instead of native IPv6 (or ISATAP by
> default), so deep inspection is indeed really useless here, and there
> is no need to upgrade the firewalling software either.

If there is consensus that Teredo should not be used in managed networks
then IMHO that should be stated publicly, since people may not realize the
security implications.  The reasonable use cases for Teredo aren't mentioned
in the RFC at all.

Do people have any comments on other parts of the I-D?

Incidentally, I am going to be talking about Vista networking and Teredo at
the Black Hat security conference on Aug 2.  I'd welcome your thoughts as to
what you think the take-away message should be regarding Teredo security
implications.

-- Jim