Microsoft and Teredo

michael.dillon at michael.dillon at
Thu May 31 14:24:15 UTC 2007

> In perfect time, this was published yesterday, to answer that very
> question:
> teredosecconcerns-00.txt

Unfortunately, he doesn't say much in the way of solutions. For
instance, if a company has internal IPv6 connectivity to their ISP, then
presumably, Teredo is not needed. The problem then becomes one of
firewall vendors supporting IPv6. He positions it as a problem that
needs awkward workarounds such as blocking Teredo or patching Windows.
He gives up on firewall vendors and only looks at their ability to do
deep packet inspection by unencapsulating tunneled traffic. But plain
ordinary IPv6 support from firewall vendors is not mentioned.

In any case, this draft is directed at the enterprise which rigorously
firewalls all ingress/egress traffic at the edge. 

--Michael Dillon

More information about the NANOG mailing list