The Teredo protocol is a method for accessing an IPv6 network behind a NAT router which doesn't support IPv6. To do so Teredo, which is available in Windows XP, encapsulates IPv6 packets as UDP IPv4 packets. In Vista, Teredo is activated by default, which has led Symantec security specialist Jim Hoagland to give due consideration to the security implications.
Currently hardly any firewalls or intrusion detection systems are able to recognise Teredo packets and they are therefore unable to filter IPv6 traffic. Rather they see UDP traffic via any ports. Teredo could become a problem, in particular because it circumvents the supposed protection offered by NAT. While, to date, private IPv4 addresses have not been routed via the internet, with IPv6 every computer is automatically assigned a unique IPv6 address, into which goes, for example, the MAC address of the network card and which is in principle accessible from the internet.
- Jim Hoagland: The Teredo Protocol: Tunneling Past Network Security and Other Security Implications (PDF)