Jeroen Massar wrote:
just remember that a lot of people have VPN software, connect from home to that VPN and do other weird setups (Skype for instance, BitTorrent) where there are possibilities to bypass your "firewall".
I agree. My concern here is that we are dealing with improper firewalls. We are dealing with ignorance, and we have M$ enabling teredo by default (though not active until they install the appropriate app). Creating what is essentially a public vpn through a firewall without the user being aware of it is insecure. For all the wonderful popups that vista+ gives, it amazes me that teredo isn't one of them. 6to4 doesn't suffer the same issues. Primarily because RFC1918 addressing can't be used in 6to4. This means that at a minimum, the router has to participate or the host behind it must be manually configured with a 6to4 address (for the proto 41 pass through to work). Neither is an automatic traversal of the router's policies without user knowledge. Jack