Just more ramblings of another IT Guy

Outbound traffic on UDP port 3544

While reviewing  firewall logs I observed unexpected outbound communication attempts on UDP 3544 from a newly deployed Windows 7 installation.

 

“…..dstip=157.56.144.215proto=17length=89tos=0x00prec=0x00ttl=127srcport=64379dstport=3544“…..”

 

After quick a quick Google search it became apparent that this was related to “Teredo
http://en.wikipedia.org/wiki/Teredo_tunneling

A Teredo client is an IPv6/IPv4 node that supports a Teredo tunneling interface through which packets are tunneled to other Teredo clients or nodes on the IPv6 Internet (via a Teredo relay). A Teredo client communicates with a Teredo server to obtain an address prefix from which a Teredo-based IPv6 address is configured or used to facilitate communication with other Teredo clients or hosts on the IPv6 Internet.
https://msdn.microsoft.com/en-us/library/windows/desktop/bb968770(v=vs.85).aspx

The Teredo relay listens on UDP port 3544 for Teredo traffic.

 

To disable open a command prompt and issue the following command

1. netsh interface
2. teredo
3. set state disabled

This will stop the outbound UDP 3544 traffic

 

This entry was posted in Security, Tips+Tricks. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *