Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] New report on Teredo security

from [Jim Hoagland] Network Security [Permanent Link]
Subject: [Full-disclosure] New report on Teredo security
Date: Tue, 28 Nov 2006 18:16:51 -0800 
Hello all,

For anyone that is interested, there is a new report available about Teredo
security:
  http://www.symantec.com/avcenter/reference/Teredo_Security.pdf


From the abstract:

Teredo is a platform-independent protocol developed by Microsoft, which is
enabled by default in Windows Vista.  Teredo provides a way for nodes
located behind an IPv4 NAT to connect to IPv6 nodes on the Internet.
However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and
directly to the end node, Teredo raises some security concerns.  Primary
concerns include bypassing security controls, reducing defense in depth, and
allowing unsolicited traffic.  Additional security concerns associated with
the use of Teredo include the capability of remote nodes to open the NAT for
themselves, benefits to worms, ways to deny Teredo service, and the
difficulty in finding all Teredo traffic to inspect.

You can also read the blog announcing the report:
  http://tinyurl.com/ulk9o

I hope you find this interesting or useful.  I spent a couple months of
research exploring the topic.

Best,
  
  Jim

-- 
Jim Hoagland, Ph.D., CISSP
Principal Security Researcher
Advanced Threats Research
Symantec Security Response
www.symantec.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, yalnifj
Next by Date:  Re: [Full-disclosure] New report on Teredo security, Jeroen Massar
Previous by Thread:  b2evolution XSS Vulnerabilities, tarkus
Next by Thread:  Re: [Full-disclosure] New report on Teredo security, Jeroen Massar
Indexes:  [Date] [Thread] [Top] [All Lists]