Teredo

from Wikipedia, the free encyclopedia
IPv6 transition mechanisms
4in6 Tunneling from IPv4 to IPv6
6in4 Tunneling from IPv6 to IPv4
6over4 Transport of IPv6 data packets between dual-stack nodes over an IPv4 network
6to4 Transport of IPv6 data packets over an IPv4 network (obsolete)
AYIYA Anything In Anything
Dual stack Network nodes with IPv4 and IPv6 in parallel operation
Dual-Stack Lite (DS-Lite) Like dual stack, but with global IPv6 and carrier NAT IPv4
6rd IPv6 rapid deployment
ISATAP Intra-Site Automatic Tunnel Addressing Protocol (deprecated)
Teredo Encapsulation of IPv6 packets in IPv4 UDP -Datenpaketen
NAT64 Translation of IPv4 addresses into IPv6 addresses
464XLAT Translation from IPv4 to IPv6 to IPv4 addresses
SIIT Stateless IP / ICMP translation

Teredo is an IPv6 transition mechanism. This communication protocol for data traffic with the Internet is specified in accordance with RFC 4380 Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs) . Implementations exist in particular as part of Microsoft Windows (Teredo) and for Unix systems (Miredo).

The protocol defines a method for accessing the IPv6 - network behind a NAT device. IPv6 packets are encapsulated with UDP over IPv4 . This is done using Teredo servers .

purpose

The scarcity of IPv4 addresses has resulted in many companies and private users using NAT to access the Internet with several end devices using only one public IP address . The most widely used protocol to tunnel IPv6 directly over IPv4 (protocol 41; see also tunnel broker ) requires that the client has a public IP address (which is not absolutely necessary; good routers can also handle protocol 41). Teredo makes it possible for IPv4 computers that cannot use 6to4 to use IPv6 via tunnels.

hazards

By tunneling the IPv6, there is a risk that the security functions of NAT-based IPv4 routers in particular can be completely undermined. The IPv4 UDP packets generated by Teredo are packets for which the packet filters available in this scenario have no effect. An analysis by Symantec has been available since 2007 which confirms this fact. The security-oriented administrator is therefore recommended to completely block the UDP port 3544 used by Teredo until the appropriate firewalls are available .

specification

Teredo is specified in RFC 4380 (Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)). It's mainly the work of Christian Huitema , a Microsoft employee working on IPv6. In September 2010 the update RFC 5991 (Teredo Security Updates) and in January 2011 RFC 6081 (Teredo Extensions) appeared.

Implementations

Microsoft Windows

  • a Teredo client is included with Microsoft Windows XP and newer (first appeared in the Advanced Networking Pack in Service Pack 1) and enabled by default.
    A shutdown is possible with the command: netsh interface ipv6 set teredo disable. The reactivation takes place by:netsh interface ipv6 set teredo default
  • Microsoft offers a Teredo server and relay in beta for Microsoft Windows Server 2003 .

Linux

Alternatives

Other mechanisms that can be used to tunnel IPv6 packets into IPv4 include

A comparison of the tunnel mechanisms can be found under IPv6 # tunnel mechanisms .

literature

  • Teredo , chapter in Understanding IPv6 (pp. 317–354) by Joseph Davies. Microsoft Press, 2nd edition, Redmond 2008. (English)

Individual evidence

  1. Dr. James Hoagland, Matt Conover, Tim Newsham, Ollie Whitehouse: Windows Vista Network Attack Surface Analysis. (PDF) March 20, 2007, p. 116 , accessed on November 9, 2010 (English, size: 2.3 MB).
  2. Daniel Bachfeld: Vista's network functions examined carefully. In: heise online . March 14, 2007, accessed November 9, 2010 .
  3. RFC 4380
  4. http://www.remlab.net/miredo/
  5. http://sourceforge.net/projects/nici-teredo/

Web links