====== Teredo ======

==== Miredo-Server Konfiguration unter Ubuntu ====
=== Zielkonfiguration ===
Miredo-Server lauscht auf\\ 
''Interface: eth0\\ 
IPv4-Adr: 192.64.0.100 und 192.64.0.101''
== Installation ==

Miredo-Server installieren:
<code bash>$ sudo apt-get install miredo-server</code>

== Konfiguration ==

Die 2. IPv4-Adr. an IF binden:
<code bash>$ sudo ip -4 addr add 192.64.0.101/24</code>
In der ''/etc/miredo-server.conf'': 
<code>ServerBindAddress 192.64.0.100</code>
"On the IPv6 side, no special setting should be needed. The server should
simply have a working IPv6 connectivity. It must be allowed to emit ICMPv6
packets with source in range 2001:0::/32 and destination within 2000::/3."(([[http://osdir.com/ml/network.ipv6.miredo.devel/2006-07/msg00003.html]] als PDF: {{:miredo_teredo.pdf|}}))

=== Miredo-Server Starten ===
<code bash>$ sudo /etc/init.d/miredo-server start</code>

==== Links ====


^ Link ^ Anmerkungen ^
| [[http://www.symantec.com/avcenter/reference/Teredo_Security.pdf|Symantec-Paper]] |  |
|[[http://www.heise.de/netze/artikel/Teredo-bohrt-IPv6-Tunnel-durch-Firewalls-221537.html|Heise Artikel]]| Überblick über Protokoll und Konfiguration |
|[[http://www.remlab.net/miredo/| Miredo]]| Teredo Implementierung für Linux|
|[[http://tools.ietf.org/html/rfc4380|RFC 4380 - Teredo]]| RFC-Standard|
|[[http://www.microsoft.com/germany/technet/datenbank/articles/600330.mspx| Teredo-Überblick (Microsoft)]]| |
|[[http://technet.microsoft.com/en-us/library/ee844188(WS.10).aspx |Teredo-Troubleshooting (Microsoft) ]]| |

[[http://www.hoggnet.com/Presentations/Microsoft%20IPv6-2007-09-17.pdf]]

[[http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/]]

[[http://msdn.microsoft.com/en-us/library/bb968771(VS.85).aspx]]

[[http://msdn.microsoft.com/en-us/library/bb190948(v=VS.85).aspx]]

[[http://www.brandontek.com/?p=100]] - Übersichtliche Darstellung des Adressaufbaus

==== Snort-Regeln zur Teredo-Erkennung: ====


Die ersten 2 Byte nach dem UDP-Header haben den Wert ''00'' ''01''
Nach weiteren 8 Byte 'Origin Indication Header' folgt das IPv6 Paket, erkennbar am Bitmuster des Type Feld (byte_test:1,&,96,0)

<code>
policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544 
(msg:"POLICY Outbound Teredo traffic detected"; flow:to_server; 
content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12065; rev:2;)

policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any 
(msg:"POLICY Inbound Teredo traffic detected"; flow:to_server; 
content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12066; rev:3;)
</code>



<code>
policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any 
(msg:"POLICY Inbound Teredo traffic detected"; flow:to_server; 
content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12068; rev:2;)

policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544 
(msg:"POLICY Outbound Teredo traffic detected"; flow:to_server; 
content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12067; rev:2;)

</code>