Why Teredo blocking is importantAll Windows Vista machines come with a service known as "Teredo" enabled by default. This enables you to access the IPv6 internet using IPv4. It also means that any IPv4 user can masquerade as being on IPv6 in attempt to evade IP blockers and firewalls.
PeerGuardian fully detects these types of IPv6 users and will check them against the regular blocklist.
IPv6 protocol used by Vista6to4, the most common IPv6 over IPv4 tunneling protocol, requires the tunnel endpoint to have a public IPv4 address. However, many hosts are currently attached to the IPv4 Internet through one or several NAT devices, usually because of IPv4 address shortage. In such a situation, the only available public IPv4 address is assigned to the NAT device, and the 6to4 tunnel endpoint needs to be implemented on the NAT device itself. Many NAT devices currently deployed, however, cannot be upgraded to implement 6to4, for technical or economic reasons.
Teredo alleviates this problem by encapsulating IPv6 packets within UDP/IPv4 datagrams, which most NATs can forward properly. Thus, IPv6-aware hosts behind NATs can be used as Teredo tunnel endpoints even when they don't have a dedicated public IPv4 address. In effect, a host implementing Teredo can gain IPv6 connectivity with no cooperation from the local network environment.
Teredo is a temporary measure: in the long term, all IPv6 hosts should use native IPv6 connectivity. The Teredo protocol includes provisions for a sunset procedure: Teredo implementation should provide a way to stop using Teredo connectivity when IPv6 has matured and connectivity becomes available using a less brittle mechanism.
Source :
http://en.wikipedia.org/wiki/Teredo_tunneling(follow the link to read more)
Teredo may render your firewall uselessYou most certainly know IPV4. You may have heard about IPV6. Do you know what Teredo is? No? That's bad provided you run a firewall to seperate the Internet from your local network. Teredo is a mechanism that allows encapsulation of IPV6 packets into IPV4 UDP and uses relay servers to let IPV6 clients communicate by using relay servers. Symantec has a very thorough analysis of Teredo:
Currently hardly any firewalls or intrusion detection systems are able to recognise Teredo packets and they are therefore unable to filter IPv6 traffic. Rather they see UDP traffic via any ports. Teredo could become a problem, in particular because it circumvents the supposed protection offered by NAT. While, to date, private IPv4 addresses have not been routed via the internet, with IPv6 every computer is automatically assigned a unique IPv6 address, into which goes, for example, the MAC address of the network card and which is in principle accessible from the internet.
Source :
http://web.luchs.at/article.php?cat=2&aid=298
Author