While reviewing firewall logs I observed unexpected outbound communication attempts on UDP 3544 from a newly deployed Windows 7 installation.
“…..dstip=“157.56.144.215” proto=“17” length=“89” tos=“0x00” prec=“0x00” ttl=“127” srcport=“64379” dstport=“3544“…..”
After quick a quick Google search it became apparent that this was related to “Teredo”
http://en.wikipedia.org/wiki/Teredo_tunneling
A Teredo client is an IPv6/IPv4 node that supports a Teredo tunneling interface through which packets are tunneled to other Teredo clients or nodes on the IPv6 Internet (via a Teredo relay). A Teredo client communicates with a Teredo server to obtain an address prefix from which a Teredo-based IPv6 address is configured or used to facilitate communication with other Teredo clients or hosts on the IPv6 Internet.
https://msdn.microsoft.com/en-us/library/windows/desktop/bb968770(v=vs.85).aspx
The Teredo relay listens on UDP port 3544 for Teredo traffic.
To disable open a command prompt and issue the following command
1. netsh interface
2. teredo
3. set state disabled
This will stop the outbound UDP 3544 traffic
Leave a Reply