Jeroen Massar wrote:
If you have one person setting up ICS on their machine and they have enabled IPv6 voila the whole network gets IPv6, that thus does not solve your problem either. Or are you monitoring IPv6 RAs etc?
Setting up ICS with IPv6 is user knowledge in my opinion. In addition, the ICS will handle the firewall rules unless the user chooses to turn it off.
I think you have to move to better analyzing & monitoring your network and more control over the hosts which participate in that network.
My concern is as an ISP that has customers who are unaware that their little routers aren't filtering all of their packets. There are a million ways they might get infected or have security problems. However, teredo is obviously a circumvention of protection they *think* they have. Corporate networks can secure their own networks (or not, but they are held to a higher standard than average home user and failure to protect is their own fault). Jack