Re: Request comment: list of IPs to block outbound

[Stephen Satchell <list () satchell net>]

On 10/13/19 9:08 AM, Florian Brandstetter wrote:
> Hi,
>
> sorry - but why would you want to block Teredo?

I know nothing about Terendo tunneling.

> In computer networking, Teredo is a transition technology that gives
> full IPv6 connectivity for IPv6-capable hosts that are on the IPv4
> Internet but have no native connection to an IPv6 network. Unlike
> similar protocols such as 6to4, it can perform its function even from
> behind network address translation (NAT) devices such as home routers.
>
> Teredo operates using a platform independent tunneling protocol that provides IPv6 (Internet Protocol version 6) 
> connectivity by encapsulating IPv6 datagram packets within IPv4 User Datagram Protocol (UDP) packets. Teredo routes 
> these datagrams on the IPv4 Internet and through NAT devices. Teredo nodes elsewhere on the IPv6 network (called 
> Teredo relays) receive the packets, un-encapsulate them, and pass them on. 

Are you saying that Terendo should come off the list?  Is this useful
between an ISP and an edge firewall fronting an internal network?  Would
I see inbound packets with a source address in the 2001::/32 netblock?

> sorry - but why would you want to block 6to4?
In my research, this is marked as deprecated.  Would I see packets with
a source address in the 2002::/16 netblock?