[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Edits to Teredo Security concerns

To: Rémi Denis-Courmont <rdenis@simphalempin.com>
Subject: Re: Edits to Teredo Security concerns
From: Jim Hoagland <jim_hoagland@symantec.com>
Date: Fri, 06 Jul 2007 09:34:34 -0700
Cc: Suresh Krishnan <suresh.krishnan@ericsson.com>, "Templin, Fred L" <Fred.L.Templin@boeing.com>, James Woodyatt <jhw@apple.com>, Christian Huitema <huitema@windows.microsoft.com>, JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, v6 ops <v6ops@ops.ietf.org>
In-reply-to: <eedad08bb471d7923745ac0f7e6d7c22@chewa.net>
User-agent: Microsoft-Entourage/11.3.3.061214

On 7/6/07 12:13 AM, "Rémi Denis-Courmont" <rdenis@simphalempin.com> wrote:

> And if that is not satisfactory, then it's all about "You cannot rely on
> 
> stateful firewalling to block tunnels", and it's not a Teredo protocol
> 
> issue.

I think perhaps I should say what the goal is with inspection:  to be able
to apply the same content inspection as is done for native IPv4 or IPv6 to
Teredo.  This content inspection could be done in a firewall, IDS, router,
etc.  Content in this case meaning the layer 3+ part of the communication
(as opposed to tunnel overhead).

This inspection requires the ability to find the content.  That is
straightforward for native IPv4 or IPv6, but is expensive to do for Teredo
tunneled content.

-- Jim

Follow-Ups:
- Re: Edits to Teredo Security concerns
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>

References:
- Re: Edits to Teredo Security concerns
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>

Prev by Date: Re: Edits to Teredo Security concerns
Next by Date: Re: Edits to Teredo Security concerns
Previous by thread: Re: Edits to Teredo Security concerns
Next by thread: Re: Edits to Teredo Security concerns
Index(es):
- Date
- Thread