Re: outrageous DNS queries of isatap.mshome. from Residential Network.

[Ken Connelly <Ken.Connelly () UNI EDU>]

Michael Sinatra wrote:
> On 03/04/09 08:10, John Ladwig wrote:
> > A quick Google exercise suggests "Microsoft Teredo Tunneling
> > Pseudo-Interface "
> >
> > For those not aware of Teredo (nee Shipworm - funny, renaming didn't
> > actually change the meaning), it's Microsoft's IPv6-in-IPv4 tunneling
> > protocol, enabled (by default?) in Vista.  MS has stood up relay
> > servers as part of their path to IPv6, and Vista machines can use
> > them to conect to v6-only Internet resources.  Of which there are
> > few, but more and more.
> >
> > You *are* watching your local wires for IPv6 exploits, aren't you?
> >
> > Look up Teredo; it definitely has potential for local impacts.  That
> > said, the v6 operational threat situation doesn't seem extreme.  Yet.
>
> The hope is that the v6 operational threat will become as extreme as
> is the case with IPv4. :-)
>
> It's not Teredo per se.  (And BTW, ISATAP is a completely different
> transition mechanism from Teredo.)
>
> It's actually a serious bug in Windows Vista and it's fixed in SP1.
> The solution is to run SP1 on your Vista machines.  The URL that Ken
> posted in his message points that out.  (I am still not sure why he
> interpreted that message from Doug Pearson as "turn off IPv6"--that's
> not what the message says.)
Doug's fourth bullet point after the lead paragraph...

And disabling IPv6 might not be the ultimate solution, but it can and
will happen *WAY* faster than getting a student to upgrade their
personal machine to SP1.

I stand by my recommendations.

- ken
> We have not seen a Windows Vista SP1 host exhibit this problem.
>
> michael

--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373