[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Edits to Teredo Security concerns



> > I think perhaps I should say what the goal is with inspection:  to be
> > able to apply the same content inspection as is done for native IPv4
> > or IPv6 to Teredo.  This content inspection could be done in a
> > firewall, IDS, router, etc.  Content in this case meaning the layer
> > 3+ part of the communication (as opposed to tunnel overhead).
> >
> > This inspection requires the ability to find the content.  That is
> > straightforward for native IPv4 or IPv6, but is expensive to do for
> > Teredo tunneled content.
> 
> Thanks for the clarification. I think my confusion is a testimony to
> the need to clarify the document anyway.

If an organization wants to provide IPv6 connectivity while monitoring the IPv6 traffic, then Teredo is definitely not the right tool. As you note, the best way to achieve that is to provide native IPv6 connectivity. If the organization's internal network cannot be upgraded to support native IPv6, then it should consider other transition technologies like ISATAP, rather than Teredo. 

-- Christian Huitema