Educause Security Discussion mailing list archives

Re: outrageous DNS queries of isatap.mshome. from Residential Network.

From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Wed, 4 Mar 2009 11:38:42 -0800

On 03/04/09 10:51, Ken Connelly wrote:

Michael Sinatra wrote:

On 03/04/09 08:10, John Ladwig wrote:

A quick Google exercise suggests "Microsoft Teredo Tunneling
Pseudo-Interface "

For those not aware of Teredo (nee Shipworm - funny, renaming didn't
actually change the meaning), it's Microsoft's IPv6-in-IPv4 tunneling
protocol, enabled (by default?) in Vista.  MS has stood up relay
servers as part of their path to IPv6, and Vista machines can use
them to conect to v6-only Internet resources.  Of which there are
few, but more and more.

You *are* watching your local wires for IPv6 exploits, aren't you?

Look up Teredo; it definitely has potential for local impacts.  That
said, the v6 operational threat situation doesn't seem extreme.  Yet.


The hope is that the v6 operational threat will become as extreme as
is the case with IPv4. :-)

It's not Teredo per se.  (And BTW, ISATAP is a completely different
transition mechanism from Teredo.)

It's actually a serious bug in Windows Vista and it's fixed in SP1.
The solution is to run SP1 on your Vista machines.  The URL that Ken
posted in his message points that out.  (I am still not sure why he
interpreted that message from Doug Pearson as "turn off IPv6"--that's
not what the message says.)

Doug's fourth bullet point after the lead paragraph...

And disabling IPv6 might not be the ultimate solution, but it can and
will happen *WAY* faster than getting a student to upgrade their
personal machine to SP1.

I stand by my recommendations.


Well, I'll stand by my friendly disagreement then.  The bug is a serious
one, and I'd be much more concerned about not getting people to upgrade
to the latest service pack.  I am also, of course, very concerned about
IPv4 run-out (as are the organizations that give us--and have the
ability to take away--our IPv4 addresses).  In *some* organizations,
turning off IPv6 may be a reasonable short term solution, but it's
really sweeping a couple of problems under the rug.

We have generally had good luck in getting folks participating in these
events to upgrade to SP1.

michael

Current thread:

Re: outrageous DNS queries of isatap.mshome. from Residential Network. Ken Connelly (Mar 04)
- <Possible follow-ups>
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. John Ladwig (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Joe St Sauver (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Michael Sinatra (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Michael Sinatra (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Ken Connelly (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Michael Sinatra (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Gary Flynn (Mar 04)
- Re: outrageous DNS queries of isatap.mshome. from Residential Network. Michael Sinatra (Mar 04)