Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)
jbates at brightok.net
Tue Aug 31 12:32:46 CDT 2010
Jeroen Massar wrote:
> If you have one person setting up ICS on their machine and they have
> enabled IPv6 voila the whole network gets IPv6, that thus does not solve
> your problem either. Or are you monitoring IPv6 RAs etc?
Setting up ICS with IPv6 is user knowledge in my opinion. In addition,
the ICS will handle the firewall rules unless the user chooses to turn
> I think you have to move to better analyzing & monitoring your network
> and more control over the hosts which participate in that network.
My concern is as an ISP that has customers who are unaware that their
little routers aren't filtering all of their packets. There are a
million ways they might get infected or have security problems. However,
teredo is obviously a circumvention of protection they *think* they
have. Corporate networks can secure their own networks (or not, but they
are held to a higher standard than average home user and failure to
protect is their own fault).
More information about the NANOG