Register

Forgot Password

Site FAQ

Home > IT Blogs > Irregular Expressions > Teredo tunnels

>>VIEW ALL POSTS

Irregular Expressions

Jan 30 2011 10:56PM GMT

Teredo tunnels

Posted by: Dan O'Connor

ipv6

If you have run a snort style sensor you may have seen a snort alert referring to a “teredo tunnel” being detected.

So what is a “teredo tunnel” ?

It is a method to connect IPv6 enabled devices over IPv4 networks, this can even cross multiple NAT points.

This is done by putting the IPv6 packets in IPv4 UDP.

I am not a fan of this, while it does have a purpose it also increases the attack surface of the network. Also if your IPS is not able to understand what is going on, it could be used to bypass policy and subvert your controls.

Wikipedia as always has a good write up.

http://en.wikipedia.org/wiki/Teredo_tunneling

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Irregular Expressions

Teredo tunnels

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts