• Teredo and IPv6

    Home » Forums » Networking – routers, firewalls, network configuration » Teredo and IPv6

    Author
    Topic
    Lugh
    AskWoody_MVP
    September 11, 2015 at 2:44 pm #502166

    I’m on a new install [yesterday] of Win7 Pro-64, using IE11, all fully updated–so no caches etc to clear.

    Last night and today on BBC.com and Bing search, MalwareBytes started sliding out ‘malicious site blocked’ notifications. The MBAM ‘Daily Protection Log’ showed them all as outbound from iexplore.exe to following IP addresses and domains:
    92.242.140.21 teredo.ipv6.microsoft.com;
    23.216.11.73 tap2-cdn.rubiconproject.com [an advertising company];
    92.242.140.21 m12n.servebom.com [MBAM blocks it, so can’t tell what it does, but this thread] on Tom’s Hardware suggests it’s an ad server].

    I have scanned, but haven’t installed Adblock Plus yet, so that may take care of the ad companies–just including the info in case it might be relevant.

    My question is around the first MS IP above. Reading around a bit, Teredo is a tunneling protocol to enable IPv6 and IPv4 to work properly together. Seems harmless and perhaps helpful from the bits I saw. You agree?

    If benign, any advice on the best way to avoid MBAM alerts? Eg if it’ll always be a specific domain, I can whitelist that.

    Thanks,
    Mike

    PS a search in this forum for “Teredo” returned 14 threads–but none looked promising from the thread subject and mouseover snippet.

    Lugh.
    ~
    Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
    i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

    Reply | Quote
    Viewing 3 reply threads
    Author
    Replies
    • WSSudo
      AskWoody Lounger
      September 11, 2015 at 5:08 pm #1527989

      Can you give us the full URL for BBC.com that you are trying to access ?

      I’m not sure if the first one is MS phoning home through the Telemetry updates but run the Avast Browser Cleanup Tool to see what that finds. https://www.avast.com/browser-cleanup

      Reply | Quote
    • bharder
      AskWoody Lounger
      September 12, 2015 at 11:35 pm #1528101

      Teredo is indeed almost exactly what you described it as. Specifically, it allows an IPv4 connection to form when you only have IPv6 networking running. It’s how the backwards compatibility angle is supposed to be supported in Windows. That means it is entirely legitimate.

      That also means the first address listed, is OK: teredo.ipv6.microsoft.com

      However the other ones are suspect. I cannot say they are good or bad for sure. Anything that is an ad network though is automatically suspect; ad networks have gotten a bad reputation for hosting malware. Most of the time it’s unintentional on the ad network owner’s part, but neither have they done enough to secure their systems, so the reputational damage on them is deserved.

      Reply | Quote
      • Lugh
        AskWoody_MVP
        September 13, 2015 at 8:33 pm #1528154

        Can you give us the full URL for BBC.com that you are trying to access ?

        I’m not sure if the first one is MS phoning home through the Telemetry updates but run the Avast Browser Cleanup Tool to see what that finds. https://www.avast.com/browser-cleanup

        http://www.bbc.com/news

        Thanks Sudo, Avast says I’m clean.

        Anything that is an ad network though is automatically suspect

        Agreed. I haven’t seen the suspect two since installing Adblock Plus. Thanks for confirming Teredo is benign.

        Lugh.
        ~
        Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
        i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

        Reply | Quote
    • WSSudo
      AskWoody Lounger
      September 14, 2015 at 2:46 am #1528171

      Is MBAM still flagging the BBC web site ?

      While I don’t have the Premium version of MBAM, Norton 360 usually lets me know if a particular site is a bit iffy but can also falsely flag.

      What I have found recently with Norton but don’t know if the same will apply with MBAM, is that it will block http://www.betfred.com in IE 11 but not in Firefox – so if MBAM flags any more sites, try them in another browser.

      Reply | Quote
      • Lugh
        AskWoody_MVP
        September 14, 2015 at 9:18 pm #1528278

        Is MBAM still flagging the BBC web site ?

        I turned off MBAM’s notifications, they were too annoying–many alerts from Skype in addition to the sites. MBAM will still warn me if I try to visit a suspect URL, so I should be ok.

        MBAM didn’t block BetFred in my IE 11. I’ve found MBAM’s site warnings credible over the years, so between it and WoT I expect I’m fairly safe.

        Lugh.
        ~
        Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
        i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

        Reply | Quote
    • WSSudo
      AskWoody Lounger
      September 15, 2015 at 3:36 am #1528298

      If you get a warning in one browser with a site you would expect to be safe, see if it’s confirmed in another browser as I do.

      Reply | Quote
    Viewing 3 reply threads
    Reply To: Teredo and IPv6

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.