Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: outrageous DNS queries of isatap.mshome. from Residential Network.

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 4 Mar 2009 10:10:18 -0600
A quick Google exercise suggests "Microsoft Teredo Tunneling Pseudo-Interface "

For those not aware of Teredo (nee Shipworm - funny, renaming didn't actually change the meaning), it's Microsoft's 
IPv6-in-IPv4 tunneling protocol, enabled (by default?) in Vista.  MS has stood up relay servers as part of their path 
to IPv6, and Vista machines can use them to conect to v6-only Internet resources.  Of which there are few, but more and 
more.

You *are* watching your local wires for IPv6 exploits, aren't you?

Look up Teredo; it definitely has potential for local impacts.  That said, the v6 operational threat situation doesn't 
seem extreme.  Yet.

   -jml


schilling <schilling2006 () GMAIL COM> 2009-03-04 09:58 >>>

Hi All,

In recent days, we have been seeing thousands of DNS queries of
isatap.mshome. from certain hosts in our Residential Network. They will just
keep asking the same questions over and over again, even non-domain is
returned.

Could somebody offer some clue on this?

Thanks.

Schilling
Previous By Date Next
Previous By Thread Next

Current thread: