Hello all,
After setting up a teredo relay, I've noticed some weird packets going
by, which may or may not be an indication of buggy client
implementation.
Observation 1:
15:16:23.784565 IP6 (hlim 21, next-header: unknown (59), length: 0)
2001:0:4136:e38c:0:d134:ac48:xxxx > 2002:c950:bbbb::cccc:dddd: no next
header
All of these packets are "empty" (no next header), and all of them
have hop limit = 21. But nothing really wrong (protocol-wise) with
these, just a little bit oddness.
Observation 2:
Similar packet, but with hop-limit=255 and destined to a link-local
address. This seems to be an indication of brokenness, as I fail to
see how sending a link-local packet to a teredo relay could ever work.
It seems that Teredo clients try to do this repeatedly, always with
the same fe80::foo address. During a half-hour period, I saw the
following slightly obfuscated attempts (the first number is the number
of attempts)
15 2001:0:4136:e38e:47c:f227:7c94:xxxx > fe80::1c9e:9aad:zzzz:vvvv
12 2001:0:53aa:64c:0:f226:2bcd:xxxx > fe80::20eb:4661:zzzz:vvvv
11 2001:0:4136:e38c:2807:1ce1:b841:xxxx > fe80::e0e0:f185:zzzz:vvvv
10 2001:0:4136:e390:30b5:177a:bb89:xxxx > fe80::a413:8b01:zzzz:vvvv
10 2001:0:4136:e38a:14e2:f227:7c94:xxxx > fe80::fc31:b43b:zzzz:vvvv
9 2001:0:4136:e38e:18d7:1f64:352d:xxxx > fe80::44c4:29c7:zzzz:vvvv
9 2001:0:4136:e38c:1856:126f:ad51:xxxx > fe80::80c2:3487:zzzz:vvvv
9 2001:0:4136:e38a:455:3c63:b880:xxxx > fe80::847:b9a3:zzzz:vvvv
8 2001:0:4136:e38c:83b:aac:ae35:xxxx > fe80::400:ba47:zzzz:vvvv
8 2001:0:4136:e38c:1438:ea53:b351:xxxx > fe80::20bb:5f9d:zzzz:vvvv
8 2001:0:4136:e38a:3468:38b9:ba74:xxxx > fe80::ccb8:98e5:zzzz:vvvv
7 2001:0:4136:e390:cf1:1172:bd48:xxxx > fe80::c03e:cd52:zzzz:vvvv
7 2001:0:4136:e390:1077:1728:b39c:xxxx > fe80::e472:4cc0:zzzz:vvvv
7 2001:0:4136:e38e:1822:f227:7c94:xxxx > fe80::6839:32c6:zzzz:vvvv
7 2001:0:4136:e388:8b3:1a9a:a531:xxxx > fe80::c026:c2e9:zzzz:vvvv
7 2001:0:4136:e388:88a:fbfc:b73e:xxxx > fe80::8014:371:zzzz:vvvv
6 2001:0:4136:e390:36:e03:b8ac:xxxx > fe80::3057:c540:zzzz:vvvv
6 2001:0:4136:e390:28d7:290:b3e9:xxxx > fe80::542c:770b:zzzz:vvvv
6 2001:0:4136:e38e:1877:3b99:b487:xxxx > fe80::907c:b9e9:zzzz:vvvv
6 2001:0:4136:e38c:8000:d824:aaad:xxxx > fe80::4c11:52a7:zzzz:vvvv
6 2001:0:4136:e38c:1ce9:3cf6:e78c:xxxx > fe80::c06d:e576:zzzz:vvvv
6 2001:0:4136:e38c:1cb2:f227:7c94:xxxx > fe80::4cea:313d:zzzz:vvvv
6 2001:0:4136:e38a:6c:3892:b396:xxxx > fe80::f094:7d58:zzzz:vvvv
6 2001:0:4136:e38a:1ce0:169f:e732:xxxx > fe80::fc56:a649:zzzz:vvvv
6 2001:0:4136:e38a:14b5:2b0:ae3a:xxxx > fe80::3826:a264:zzzz:vvvv
6 2001:0:4136:e388:80b:3a70:3390:xxxx > fe80::5008:1656:zzzz:vvvv
6 2001:0:4136:e388:14c8:e67e:b39c:xxxx > fe80::cc8c:71d5:zzzz:vvvv
... and some number of fewer attempts..
What's going on? I'd say that Teredo client code should filter out
packets with a link-local address as destination at egress.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Users mailing list
Users@ipv6.org
https://lists.ipv6.org/mailman/listinfo/users
