Researchers have raised new questions about the security of Vista’s IPv6 implementation. James Hoagland from Symantec and Suresh Krishnan from Ericsson wrote an Internet-Draft that calls attention to the Teredo protocol and the fact that many firewalls don’t understand this protocol, and therefore can’t inspect the packets embedded within it.
Teredo is Vista’s last resort to connect to the IPv6 Internet. First, Vista looks for an IPv6 router on the local LAN. If so, the router will provide the Vista machine with IPv6 addresses and “native” (not tunneled) connectivity. If there is no IPv6 router, but the Vista machine has a public IPv4 address (i.e., not one from the 10-net or any of the other private address ranges from RFC 1918), it uses the 6to4 tunneling mechanism that embeds IPv6 packets in IPv4 packets. However, 6to4 can’t create IPv6 addresses from a private IPv4 address. Teredo, the third mechanism, is able to do this, so if you’re behind a network address translator (NAT) then Vista uses Teredo.
[Via Arstechnica]
Go read the full article on this little development with the IPv6 and Vista Machines. I know it worries me!!
