On 3/13/14, 15:46 , Gert Doering wrote:
Hi
On Thu, Mar 13, 2014 at 07:12:54PM +0000, Eric Vyncke (evyncke) wrote:
What annoys me more if the fact that AVM (and they are not the only one --
see Technicolor & others) naively believes that NAT44 offered some
security by preventing inbound connections... This means that there is NO
open connectivity between two X/Box behind a closed AVM CPE... Hence X/Box
has no choice and is smart enough to fall back in the legacy NAT44 mode
with a TURN (or in this case Teredo) to bypass NAT. A very nice
opportunity to run man-in-the-middle attack on a foreign ground.
I'm not sure what NAT44 has to do with it.
The point is that there is *native* IPv6 and the XBox insists on preferring
Teredo - and the AVM box blocks Teredo if it has native IPv6, because there
is no real use in permitting an "tunnel IPv6 around the IPv4-only router!"
protocol when there *is* a perfectly good IPv6-capable router around...
They prefer native IPv6, but only if all the peer-to-peer participants
also have native IPv6. So, if all your gamer buddies have native IPv6,
then native IPv6 is preferred. They do not want to use Teredo Gateways.
So, they do not allow Native IPv6 to Teredo communications, and prefer
Teredo if any of the participants needs Teredo to do IPv6. Then they
fall back to IPv4 after Teredo, again all participants doing IPv4.
If I remember correctly what was said at NANOG last fall.
--
================================================
David Farmer Email: [email protected]
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 1-612-626-0815
Minneapolis, MN 55414-3029 Cell: 1-612-812-9952
================================================
