isc.sans.org: Analyzing Teredo with tshark and Wireshark

Johannes Ullrich wrote up a nice article on Teredo, the IPv6 tunneling protocol built in to all modern versions of Windows. If you’re not sure what terado is,

The protocol tunnels IPv6 traffic from hosts behind NAT gateways via UDP packets, exposing them via IPv6 and possibly evading commonly used controls like Intrusion Detection Systems (IDS), Proxies or other network defenses.

This is an excellent read for how to detect and analyze the traffic.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)