Unusual Teredo Tunnel IPv6 Preferred Address

[AtlBo]

On two W7 PCs noticed the preferred IPv6 address for the tunnel adapter (Teredo tunnel) is this:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

Performed a lookup here:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

And it shows up Hurricane Electric with WhoIs. Gathering information about the network here like MAC addresses and local IPs so I can keep them in a list. First noticed this in the Comodo log (something connecting in) and thought it looked strange so checked it out on Neustar IPv6 lookup. Then I happened to notice it on another machine in the ipconfig /all information from command prompt.

I know very little about Teredo, although I think it's supposed to have to do with converting IPv6 traffic for use on IPv4 networks or something.

Wondered if anyone else gets this or something else unusual in your ipconfig /all information for the Teredo Tunnel...

 

[frogboy]

I disabled IPv6 a long time age, never seemed to need it.

 

[darko999]

Same here I only run IPV4 can't tell you =/ never had any issues with it disabled.

 

[AtlBo]

I disabled IPv6 a long time age, never seemed to need it.

I was thinking about that frogboy. Everything I read said "don't" because Windows wasn't tested with it not functioning and you could lose some functions of Windows without knowing. Guess I should look into it again see if I can find more who have disabled it.

I noticed even on W7 (one PC has only a couple of updates so far), IPv6 is used for local traffic between PCs...default Windows traffic.

 

[AtlBo]

Same here I only run IPV4 can't tell you =/ never had any issues with it disabled.

Must be nice only having to manage IPv4 addresses. It's practically impossible to manage with both happening. Looks like even standard callouts to the router are on IPv6 when it's activated.

 

[Arequire]

On two W7 PCs noticed the preferred IPv6 address for the tunnel adapter (Teredo tunnel) is this:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

Performed a lookup here:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

And it shows up Hurricane Electric with WhoIs. Gathering information about the network here like MAC addresses and local IPs so I can keep them in a list. First noticed this in the Comodo log (something connecting in) and thought it looked strange so checked it out on Neustar IPv6 lookup. Then I happened to notice it on another machine in the ipconfig /all information from command prompt.

I know very little about Teredo, although I think it's supposed to have to do with converting IPv6 traffic for use on IPv4 networks or something.

Wondered if anyone else gets this or something else unusual in your ipconfig /all information for the Teredo Tunnel...

Hurricane Electric runs the biggest IPv6 network on the planet so it's not much of a surprise they're used for the IPv6 address.
I can't say if disabling IPv6 will cause any loss of functionality unfortunately.

 

[AtlBo]

Hurricane Electric runs the biggest IPv6 network on the planet so it's not much of a surprise they're used for the IPv6 address.
I can't say if disabling IPv6 will cause any loss of functionality unfortunately.

Seems like a security hole to have to have basically a 2nd DNS server just so IPv6 can function across the internet. Thing is for this one, I don't think I have any options (or anyone else apparently). Maybe I misunderstand this, but it does seem like a security consideration to me. Hopefully, I can come up with a solid security angle around the internet someplace on IPv6 and how it's being handled now.

Anyone with IPv6 enabled taken a look at your ipconfig /all output info?

 

[AtlBo]

Lots of good information here on IPv6 here:

Newsletter #105:Understanding (and Maybe Killing) the ISATAP, Teredo, and 6to4 "Imaginary" NICs

Haven't read it all yet. Plan to try to soon, but searching for Microsoft and then Hurricane in the page helped a little bit. Personally, my initial impression has me thinking that maybe entirety of IPv6 traffic should be dedicated to business communications and just left there. You know, "Hey teacher, leave us kids alone" LOL for everyone else. Seems to me, it could much more easily be monitored in the single format. Should also free up a bunch of IPv4 IPs, since that seems to be a concern.

 

[DeepWeb]

Yeah, that's the data center that runs your tunnel. Personally I disabled all things IPv6 because even my ISP still uses IPv4.

 

[Winter Soldier]

Briefly, the IPv6 packets are encapsulated in IPv4 packets and in this way it is possible to interconnect the IPv6 networks with the IPv4 ones.
But IPv6 tunnel requires a IPv4 static public IP. Unfortunately, my contract provides for a dynamic IP (even if there is the possibility to modify this data when the IP will change).

 

[509322]

On two W7 PCs noticed the preferred IPv6 address for the tunnel adapter (Teredo tunnel) is this:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

Performed a lookup here:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

And it shows up Hurricane Electric with WhoIs. Gathering information about the network here like MAC addresses and local IPs so I can keep them in a list. First noticed this in the Comodo log (something connecting in) and thought it looked strange so checked it out on Neustar IPv6 lookup. Then I happened to notice it on another machine in the ipconfig /all information from command prompt.

I know very little about Teredo, although I think it's supposed to have to do with converting IPv6 traffic for use on IPv4 networks or something.

Wondered if anyone else gets this or something else unusual in your ipconfig /all information for the Teredo Tunnel...

IP address lookup is not 100 % reliable. The databases are not 100 % accurate. For example, with one specific VPN I have used, Lookup address of its servers. Client will show VPN connected to Switzerland server, but WhoIs or GPS lookup will show VPN server is located in Texas. Server is actually located in Switzerland, but IP address lookup database is incorrect. Many databases are using obsolete data.

An IP address is an IP address. So its not like IPv6 and Teredo are sending your system into orbit and you should be perplexed. The confusion, most of the time, is that the IP address lookup databases are incorrect.

You can request confirmation from whichever IP address lookup service that you used, but do not expect anything very enlightening.

 

[BugCode]

Yep, better just "homie" user if possible disable IPv6 system wide.
And about those test sites/lookup... maybe it's not the test site what shows wrong info it's your VPN what is not trustworthy and leaks... so often it's like that too I'm not going to wrote more about VPN's "soul life".. nor about those lookup-sites.

 

[TairikuOkami]

I was thinking about that frogboy. Everything I read said "don't" because Windows wasn't tested with it not functioning and you could lose some functions of Windows without knowing.

If you loose something, you do not know, is it really a problem? As far as I know, IPv6 is still fairly new, hardly anyone really uses it and disabling it solves many problems, especially on WiFi. Not to mention, that using IP6, everyone knows exactly, who you are. It is a privacy nightmare.

You can disable it, and test yourself, it is not like you can not enable it back, simply unchecking IPv6 will do or you can just disable teredo.

To disable it completely, you need to apply this:

netsh int ipv6 isatap set state disabled
netsh int teredo set state disabled
netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
reg add "HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters" /v "DisabledComponents" /t REG_DWORD /d "255" /f

 

[AtlBo]

You can disable it, and test yourself, it is not like you can not enable it back, simply unchecking IPv6 will do or you can just disable teredo.

Yes, I don't think the ISP here is even configured for it in a stated way. Maybe there is some general support but I don't know. Apparently, the Teredo Tunnel worked for HURRICANE Electric.

If I needed to reenable, just add "enable" into each command line entry in place of disable? Could I just go with reg del... for the last command?

Thanks for all the inputs. Think I'm just going to do it on PCs here and see how it goes.

Didn't realize how many users have turned it off. It does make working with logs kind of difficult...

I'm not going to wrote more about VPN's "soul life".. nor about those lookup-sites.

BTW, looks to me like VPNs being blocked in China (recent article) has been in effect for some amount of time. I was hooked via Windscribe a few days ago and tried to check on the changelog for Qihoo 360 on the 360 site. The site was not loading for me. When I shut off the VPN to see it loaded fine. Makes me curious if 360 was even updating. Also wonder how willing a partner Qihoo is in shutting down VPN traffic considering they have a VPN service available via 360.

 

[TairikuOkami]

If I needed to reenable, just add "enable" into each command line entry in place of disable? Could I just go with reg del... for the last command?

You should check settings beforehand, they can vary depending on your configuration (default/enabled/etc).
Check reg key in regedit or even better export it, so can import it back, when needed.

netsh interface ipv6 isatap show state
netsh interface teredo show state
netsh interface ipv6 6to4 show state

Didn't realize how many users have turned it off.

It is considered basics, since IPv6 causes various problems and disabling it can improve network speed and reliability, even on 10, it is far from being perfect.

 

[AtlBo]

One consideration. I have VirtualBox. Not using it now, but I plan to gradually work my way toward malware testing. I need a copy of Windows 7 and a copy of Windows 10 first. Oh wait IPv4 isn't a problem for VB-> XP uses only IPv4. I do know net works fine with XP in VB. Otherwise, I just have the VPN. Don't think IPv6 would affect that, considering I am issued a standard IPv4 address.

I'll look around and make sure I have everything covered. Thanks again for the information. I think IPv6 is a very pertinent topic for now. Whoever configures the net for IPv6 should really think things through first and be in agreement across international borders. Seems like it could turn into a huge mess if implemented in an unpopular way.

 

[AtlBo]

Any reason with the below settings to change anything before running the commands?

netsh interface ipv6 isatap show state:
ISATAP State->Default
netsh interface teredo show state:

netsh interface ipv6 6to4 show state:
6/4->Default
Undo on Service Stop->Default

 

[ForgottenSeer 58943]

On two W7 PCs noticed the preferred IPv6 address for the tunnel adapter (Teredo tunnel) is this:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

Performed a lookup here:

2001:0:9d38:6ab8:80:3b8b:bd27:3293

And it shows up Hurricane Electric with WhoIs. Gathering information about the network here like MAC addresses and local IPs so I can keep them in a list. First noticed this in the Comodo log (something connecting in) and thought it looked strange so checked it out on Neustar IPv6 lookup. Then I happened to notice it on another machine in the ipconfig /all information from command prompt.

I know very little about Teredo, although I think it's supposed to have to do with converting IPv6 traffic for use on IPv4 networks or something.

Wondered if anyone else gets this or something else unusual in your ipconfig /all information for the Teredo Tunnel...

Here's what you need.. Disable this rubbish.

netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh interface teredo set state disabled

I see others already posted this. I've disabled this for years, on every machine. I don't want to go into why, that data is already out there. I also block IPv6 on my Fortinet.

 

[AtlBo]

Done. Unchecked it in Local Area Connection settings to avoid confusion. Qihoo didn't like the key being created. EMET gave out one last gasp of connectivity to the local net using IPv6. Guess time will tell if anything will break. If it works here, I'll disable the other computers here.

Appreciate the help. Still surprised how many have disable it, considering all the info on the net seems to recommend against doing so. You guys have guts...