Thus spake "Adrian Chadd" <adrian@creative.net.au>
On Thu, May 31, 2007, JORDI PALET MARTINEZ wrote:
In windows, you have IPv6 firewall, so even if Teredo traverses the "IPv4 security", there is still something there.
A good description of all this is available at: http://www.microsoft.com/technet/network/ipv6/teredo.mspx
I've read that; but again enterprise and ISPs may impose restrictions on the types of traffic to/from end users, and this circumvents that. Host-based firewalls are not the be all or end all of network security.
The simplistic answer is that a site with IPv4-only security devices has to choose whether they're going to allow or block all Teredo/6to4 traffic. If they want finer control, they need to upgrade to a native v6 network and native v6 security devices. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov