On modern servers, for example Windows Server 2012 R2 you might see “suspicious” traffic to IP addresses 94.245.121.253 or 157.56.144.215 on port 3544. This traffic is coming from the Microsoft Teredo implementation. These IP addresses actually resolve to terodo.ipv6.microsoft.com
What is teredo?
Teredo is a protocol that allows computers behind a NAT firewall (most home computers are) and without a native IPv6 connection to access remote IPv6 resuorces. The idea is that home users can start accessing IPv6 web services before their local connection supports the protocol, making the transition from IPv4 easier.
.gif)
Recent Posts
The time is finally come! Samsung have released their Galaxy Watch 4 series of watches. It features Google Wear OS 3. and it comes in two models, being the standard model and the watch 4 classic. In...
Microsoft 365 Defender cross check with on-premises Active Directory
Recently I was reviewing the new Microsoft 365 Defender portal and I noticed that a few endpoints were missing from the device inventory. This got me thinking that it would be great if I could...