Jakob What annoys me more if the fact that AVM (and they are not the only one -- see Technicolor & others) naively believes that NAT44 offered some security by preventing inbound connections... This means that there is NO open connectivity between two X/Box behind a closed AVM CPE... Hence X/Box has no choice and is smart enough to fall back in the legacy NAT44 mode with a TURN (or in this case Teredo) to bypass NAT. A very nice opportunity to run man-in-the-middle attack on a foreign ground.
I still wonder why people REALLY believe in the security of NAT (in the sense of blocking inbound connections) in 2014 while most of the botnet members are behind a NAT... Christopher and others => you are RIGHT! Do not change your mind -éric (see also http://tools.ietf.org/html/draft-ietf-v6ops-balanced-ipv6-security-01 for my point of view :-)) On 13/03/14 18:43, "Jakob Hirsch" <j...@plonk.de> wrote: >Hi! > >Christopher Palmer, 2013-10-10 03:22: >> >>http://download.microsoft.com/download/A/C/4/AC4484B8-AA16-446F-86F8-BDFC >>498F8732/Xbox%20One%20Technical%20Details.docx > >Nice, but why do you absolutely require Teredo even for boxes with >native IPv6? Of course there's the advantage of direct client2client >communication (less latency for clients and less traffic on Teredo >relays), but the box should at least fall back to native IPv6 if Teredo >is not available (quite odd to talk about native IPv6 being a fallback >to Teredo, but anyway). > >There's at least one CPE manufacturer (quite prevalent in Europe or at >least in Germany) that filters out Teredo if native IPv6 is available by >default. They added an option to disable this filter, but that's not a >good thing. See >http://service.avm.de/support/en/skb/FRITZ-Box-7390-int/1439:Cannot-play-o >nline-games-with-Xbox-One > >In the current state, the XBox One is doing more harm to IPv6 than good. >People encounter problems after having IPv6 activated (there are forum >posts which told people to disable IPv6 to fix this issue) and Network >operators will see less increase in IPv6 traffic (which lowers the >incentive to improve IPv6 support). > > >Regards >Jakob >