What's This Teredo Tunneling Doing?

**NoelC** · August 21, 2015

Who here knows more about the Teredo tunneling (IPv6 embedded within IPv4) that the svchost process Windows is doing with servers in Redmond and London (and possibly others)?

It's done via UDP, connecting to win8.ipv6.microsoft.com port 3544 (which can be several addresses, including 157.56.106.184, 157.56.144.215, 94.245.121.251, 94.245.121.253)

From what I read this effectively punches through whatever security you may THINK you have by using a router between your computer and the wild Internet.

Using more aggressive outgoing connection firewall settings is an eye-opening experience for sure.

FYI, with Teredo (UDP to remote port 3544) blocked Windows 8.1 still seems to work just fine. So what's leaking out through that tunnel on virtually every Windows 8 system?

-Noel

Edit 2015 08 21 13:15: Some pertinent links I've turned up:

https://lonesysadmin.net/2011/04/25/how-to-disable-teredo-ipv6-tunneling-in-microsoft-windows/

http://etherealmind.com/microsoft-teredo-ipv6-tunneling-no-go-crap/

Plus there is some indication that there are (at least?) two other means by which IPv6 is being encapsulated in IPv4, which leads to additional security worries. More research is needed...

Edited August 21, 2015 by NoelC

**GrofLuigi** · August 23, 2015

Reading... (also the previous parts)

Sign In

What's This Teredo Tunneling Doing?

Recommended Posts

NoelC

GrofLuigi

Please sign in to comment

Recently Browsing 0 members

Activity

Browse