Re: outrageous DNS queries of isatap.mshome. from Residential Network.

[Michael Sinatra <michael () RANCID BERKELEY EDU>]

On 03/04/09 08:10, John Ladwig wrote:
> A quick Google exercise suggests "Microsoft Teredo Tunneling Pseudo-Interface "
>
> For those not aware of Teredo (nee Shipworm - funny, renaming didn't actually change the meaning), it's Microsoft's 
> IPv6-in-IPv4 tunneling protocol, enabled (by default?) in Vista.  MS has stood up relay servers as part of their path to IPv6, and 
> Vista machines can use them to conect to v6-only Internet resources.  Of which there are few, but more and more.
>
> You *are* watching your local wires for IPv6 exploits, aren't you?
>
> Look up Teredo; it definitely has potential for local impacts.  That said, the v6 operational threat situation doesn't 
> seem extreme.  Yet.

The hope is that the v6 operational threat will become as extreme as is
the case with IPv4. :-)

It's not Teredo per se.  (And BTW, ISATAP is a completely different
transition mechanism from Teredo.)

It's actually a serious bug in Windows Vista and it's fixed in SP1.  The
solution is to run SP1 on your Vista machines.  The URL that Ken posted
in his message points that out.  (I am still not sure why he interpreted
that message from Doug Pearson as "turn off IPv6"--that's not what the
message says.)

We have not seen a Windows Vista SP1 host exhibit this problem.

michael