jeroen at unfix
May 4, 2012, 7:11 AM
Post #6 of 7
On 2012-05-04 15:19 , Mark Pace Balzan wrote:
> Marco- thanks, its possibly bit torrent, but as Jeroen points out
> both src and dst are 2001:0 (teredo)
> Jeroen - yes RPF is of course critical, but im also interested in why
> this is happening at all...
Obviously you are not applying proper RPF for your traffic otherwise...
>> But, as we do not know if he has a default route or anything else
>> on it it is hard to tell why his box is even forwarding these
> v6 default on the relay points out to the v6 internet and purpose in
> life of this box is just 6to4 :)
> Performing a packet trace on packets (v4 and v6) incoming into the
> relay box, shows that said teredo packets (ie 2001:0 in both src and
> dst) have v4 source address belonging to v4 unicast users on my
> network and v4 destination being 18.104.22.168 which is the 6to4
> anycast ip.
6to4 tunnels are just proto-41 tunnels, with one difference, they should
only handle packets where a source address on the tunnel side is 6to4
(thus 2002::/16). Clearly you are accepting proto-41 traffic with any
kind of source address, otherwise this could not be happening.