Why is my Windows server communicating with hosts 94.245.121.253 or 157.56.144.215?

On modern servers, for example Windows Server 2012 R2 you might see “suspicious” traffic to IP addresses 94.245.121.253 or 157.56.144.215 on port 3544. This traffic is coming from the Microsoft Teredo implementation. These IP addresses actually resolve to terodo.ipv6.microsoft.com What is teredo? Teredo is a protocol that allows computers behind a…

read more