Teredo IPv6 Client Detection

info Nessus Network Monitor Plugin ID 3875

Synopsis

The remote host is running software that should be authorized with respect to corporate policy.

Description

The remote client is a Teredo client. Teredo allows clients to tunnel IPv6 traffic over IPv4. The protocol operates over UDP port 3544 and the RFC draft is sponsored by Microsoft. Teredo client puts the IPv6 data inside of an IPv4 packet and sends it to a gateway machine. The gateway machine then strips away the IPv4 header and delivers the IPv6 packet. Given this, Teredo can be used to circumvent firewall rules.

Solution

Ensure that this sort of functionality is authorized with respect to existing policies and guidelines.

Plugin Details

Severity: Info

ID: 3875

Family: Generic

Published: 1/3/2007

Updated: 1/15/2016