Curious situation - not urgent, but I'd like to know more

Tore Anderson tore at fud.no
Sat Mar 5 08:01:57 CET 2016 

Hi Kurt,

First of all, +1 to Brian's suggestion to disable 6to4. I'd also disable
Teredo.

> On my test machine (Also Win8.1), sitting outside of my corporate
> firewall on a public IP address, I see the following:
> 
> Tunnel adapter 6TO4 Adapter:
> 
>    Connection-specific DNS Suffix  . :
>    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
>    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>    DHCP Enabled. . . . . . . . . . . : No
>    Autoconfiguration Enabled . . . . : Yes
>    IPv6 Address. . . . . . . . . . . : 2002:4332:7632::4332:7632(Preferred)

Ok, so this tells us that this machine has the public IPv4 address
67.50.118.50 (0x43.0x32.0x76.0x32). 6ot4 requires public IPv4 addresses
to work, so on this machine it has at least a *chance* of working.

Note that Windows won't activate 6to4 if the local address is a
special-use one, such as RFC1918 ones typically seen behind NAT.

> On her machine, which is on a wireless connection at her home on ATT,
> I see this:
> 
> Tunnel adapter 6TO4 Adapter:
> 
>    Connection-specific DNS Suffix  . : attlocal.net
>    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
>    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
>    DHCP Enabled. . . . . . . . . . . : No
>    Autoconfiguration Enabled . . . . : Yes
>    IPv6 Address. . . . . . . . . . . : 2002:100:69::100:69(Preferred)

This tells us that her IPv4 address is 1.0.0.105. That's a completely
normal and public IPv4 address, so Windows proceeds to activate 6to4.
But I am going to assume that your user does not live in an APNIC lab,
which is where this prefix is currently being used...

If ATT will allow her 6to4 packets through to the Internet in the first
place (they shouldn't), any server replies will not come back to her
but instead head straight to Geoff or George's tcpdump session. (With
some luck they'll be the topic of an amusing blog post.)

The exact same breakage is bound to happen with CGN deployments using
100.64.0.0/10, by the way.

Tore

More information about the ipv6-ops mailing list