* Home Help Search Login Register  

Welcome, Guest. Please login or register.
December 24, 2009, 05:37:55 PM

Login with username, password and session length

345004 Posts
38085 Topics
86492 Members
Latest Member: youngt

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Internet Security - CIS
| | |-+  Leak Testing/Attacks/Vulnerability Research
| | | |-+  Teredo IPv6 traffic / vulnerability to IPv6 masking?		 « previous next »
Pages: 1 [2] Go Down Print
Author Topic: Teredo IPv6 traffic / vulnerability to IPv6 masking?  (Read 7444 times)
Endymion
Comodo's Hero
*****
Offline Offline

Posts: 962


Reality is subordinate to perception


WWW
« Reply #15 on: June 11, 2009, 04:45:16 AM »
Quote from: freshhh on June 11, 2009, 03:57:51 AM
of course but i don't think disabling teredo protocol is enough to be safe from ipv6 masking attack if the firewall is not able to manage it...

How to Disable TCP/IPv6 Teredo Tunneling in Vista
http://www.mydigitallife.info/2007/09/09/how-to-disable-tcpipv6-teredo-tunneling-in-vista/


I've been blocking teredo for ages using CIS/CFP until I got tired and disabled/removed IPv6.

Internet works fine without IP6 and as such teredo service only offer unneeded attack exposure.

IMHO there is no point to leave it enabled only to have to block it using whatsoever firewall.

Those willing to test how teredo could be blocked they could add those servers to My blocked Networks Zones


teredo.remlab.net (France)
teredo.autotrans.consulintel.com (Spain)
teredo.ipv6.microsoft.com (USA, Redmon)
203.233.154.10 (NCA, Korea)
debian-miredo.progsoc.org (Australia)

And additionally Edit Global Firewall rules and add a as first rule on top:

Block & LOG  UDP OUT  Source IP ANY Source Port Any Desination IP ANY Destination Port  3544
« Last Edit: June 11, 2009, 04:51:12 AM by Endymion » Logged
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)
Pfipps
Comodo Family Member
***
Offline Offline

Posts: 90
« Reply #16 on: October 13, 2009, 05:02:13 PM »
I am not sure what value to put in "DisabledComponents" to completely disable IPv6. The microsoft help article says to use "ffffffff" while some other places simply say to use "ff" for the hexadecimal entry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

edit: read message below - the above is unnecessary.
« Last Edit: October 26, 2009, 07:47:40 AM by Pfipps » Logged
Pfipps
Comodo Family Member
***
Offline Offline

Posts: 90
« Reply #17 on: October 26, 2009, 07:45:24 AM »
This thread I think is becoming a little ambiguous. I think there moderators should sticky this.

From what I have found out, even if you have IPV6 enabled, you need to be on an ISP or network that supports it. So the risk is simply not there, as far as I know. Disabling Teredo tunneling or doing registry edits is simply unnecessary because the Comodo firewall is already aware of protocol 41 packets (Teredo Tunneling) on a per application basis (like Avira uses).

So if you want to dial your ipv6 risk to zero, simply uncheck IPV6 support in your network card settings, and do nothing else because the firewall is aware of Teredo tunneling.
Logged
Tags: Teredo  IPv6 vulnerabilities attacks protocols  masking vulnerability features Look 'n' Stop Hacking 
Pages: 1 [2] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.063 seconds with 17 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com