Irregular Expressions

Jan 30 2011   10:56PM GMT

Teredo tunnels

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you have run a snort style sensor you may have seen a snort alert referring to a “teredo tunnel” being detected.

So what is a “teredo tunnel” ?

It is a method to connect IPv6 enabled devices over IPv4 networks, this can even cross multiple NAT points.

This is done by putting the IPv6 packets in IPv4 UDP.

I am not a fan of this, while it does have a purpose it also increases the attack surface of the network.  Also if your IPS is not able to understand what is going on, it could be used to bypass policy and subvert your controls.

Wikipedia as always has a good write up.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: