Yet another problem is that network managers may not be aware that some of their hosts are using IPv6 through Vista and are now globally addressable. "Unlike what would be the case for native IPv6, some network administrators will not even be aware that their hosts are globally addressable," the authors say. They add that "it may not be efficient to find all Teredo traffic for network devices to examine."
The document lists the following additional security problems with Teredo and offers these recommendations:
- Teredo bypasses inbound-destination-address and outbound-source-address filtering unless "extraordinary" measures are taken. In this situation, either routers or clients need to be upgraded to handle this filtering for Teredo-tunneled IPv6 addresses.
- Teredo clients may forward IPv6 packets to another destination, thereby bypassing network-based source-routing controls. One solution is to have Teredo clients by default discard IPv6 packets that specify additional routing.
- No mechanism exists to filter all Teredo packets efficiently or immediately. One suggestion is for network administrators to block all Teredo use.
- There's no efficient mechanism for deep packet-inspection of Teredo traffic as there is for native IPv6 traffic. This is one reason the authors do not recommend Teredo as a transition mechanism for network administrators who want to monitor IPv6 traffic.
- The opening created in a NAT device by Teredo can be used by network attackers. The recommendation here is to minimize Teredo use.
- It may be easier for network attackers to guess Teredo addresses because these addresses reveal some information about the corresponding clients. The document suggests randomizing the server settings or Teredo client ports in use to alleviate this concern.
The Hoagland/Krishnan document does not address the use of Teredo in unmanaged networks.