Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.
http://www.symantec.com/avcenter/reference/Teredo_Security.pdf
http://www.securityfocus.com/archive/1/452996/100/0/threaded
http://www.securityfocus.com/archive/1/452989/100/0/threaded