Irregular Expressions

Jan 30 2011   10:56PM GMT

Teredo tunnels

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you have run a snort style sensor you may have seen a snort alert referring to a “teredo tunnel” being detected.

So what is a “teredo tunnel” ?

It is a method to connect IPv6 enabled devices over IPv4 networks, this can even cross multiple NAT points.

This is done by putting the IPv6 packets in IPv4 UDP.

I am not a fan of this, while it does have a purpose it also increases the attack surface of the network.  Also if your IPS is not able to understand what is going on, it could be used to bypass policy and subvert your controls.

Wikipedia as always has a good write up.

http://en.wikipedia.org/wiki/Teredo_tunneling

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: