[97053] in North American Network Operators' Group
Re: Microsoft and Teredo
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Thu May 31 10:45:32 2007
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "Adrian Chadd" <adrian@creative.net.au>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Thu, 31 May 2007 08:58:25 -0500
Errors-To: owner-nanog@merit.edu
Thus spake "Adrian Chadd" <adrian@creative.net.au>
> On Thu, May 31, 2007, JORDI PALET MARTINEZ wrote:
>> In windows, you have IPv6 firewall, so even if Teredo traverses
>> the "IPv4 security", there is still something there.
>>
>> A good description of all this is available at:
>> http://www.microsoft.com/technet/network/ipv6/teredo.mspx
>
> I've read that; but again enterprise and ISPs may impose restrictions
> on the types of traffic to/from end users, and this circumvents that.
> Host-based firewalls are not the be all or end all of network security.
The simplistic answer is that a site with IPv4-only security devices has to
choose whether they're going to allow or block all Teredo/6to4 traffic. If
they want finer control, they need to upgrade to a native v6 network and
native v6 security devices.
S
Stephen Sprunk "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov
