Is Teredo in my router a back door?

Question

I use the school computer, which I bought from school, administered by the IT-department. I opened a port to my computer when I stumbled upon this:

It points to my computer IP. (I have a static IP to my router.) The contract says the IT-department isn't allowed to enter our computers via a backdoor, but I already caught them with a hidden administrator account that they explained that was there just in case I lost my password. (But I suppose they could change it without that backdoor because the school uses domain user accounts.) It would be no problem for them to install anything on our computers without us necessarily noticing...

Could this be another back door, or what could it be used for? There isn't any other UPnP entries to another of the computers (wirelessly connected) here on the router.

anyways if i got a computer from school i would format the s*** out of it prior to normal use — beppe9000, Aug 25 '16 at 10:11

score 9 · Accepted Answer · answered Dec 26 '11 at 15:22

9

You shouldn't be worried about it. It looks as if Teredo is a IPv6 tunneling technology. According to this Wikipedia article it allows for IPv6 connectivity by tunneling IPv6 packets through your router encapsulated in IPv4/UDP datagrams (so you can still talk IPv6 even though your router doesn't).

answered Dec 26 '11 at 15:22

Krzysztof Kotowicz

4,068
20
30

Thank you, but why isn't Teredo set up in our personal router for anyone else? I have a wirelessly connected laptop with Windows 7 Ultimate too... – Friend of Kim Dec 26 '11 at 18:11
9

But even though it SAYS Teredo, it doesn't have to BE Teredo.. – Friend of Kim Dec 26 '11 at 18:15

score 7 · Answer 2 · edited Dec 26 '13 at 08:02

All this is quite simple to work around, just turn Teredo off. From 'Accessories', run 'Command Prompt' with a right-click 'run as Administrator', then when you get the command prompt, type in:

netsh interface teredo set state disable

then exit and close the CMD prompt window. You will need a reboot to effect the change completely.

If you find you now can't go to your favorite website, chat club, MMORPG, etc., then you know what Teredo was actually doing, but why it is on your Win7 or higher machine is not really a mystery - it is 'down talking' to IP4 systems using it (in theory -however, in reality, since this functionality is already built-in to Windows without Teredo, chances are, it's some junky crawler you picked up....ewww....iccck!)

If you need to turn Teredo back on for some legitimate reason, just enter:

netsh interface teredo set state enable

at that same CMD prompt. SIMPLE! (oh, and reboot...of COURSE).

score 5 · Answer 3 · answered Dec 28 '11 at 05:23

5

Teredo can be used for malicious purposed. unfortunately without seeing a traffic capture of what is actually being send across the port it is difficult to determine what its purpose is. I recommended using wireshark to capture traffic destined for that port on the local machine. It is also possible that it simply is Teredo. I will be happy to assist you with traffic analysis if necessary. At the end of the day if your not using Teredo an you have no use for the port than simply close it up.

http://www.symantec.com/avcenter/reference/Teredo_Security.pdf

answered Dec 28 '11 at 05:23

atorrrr

199
3

Thanks :) I don't know what uses Teredo, but anyway I can't turn it off. I can only turn off all of the UPnP. Skype uses one there too, unfortunately. But I'll capture some traffic and check what it is! – Friend of Kim Dec 28 '11 at 10:24
I used udp.port == xxxx and it says SRC and DST is just some letters and numbers, but if I click one it says in the IPv4: DST: 65.55.158.118, and after a lookup it says it's Microsoft in the US. – Friend of Kim Dec 28 '11 at 10:48
And this one: 244.0.0.253, should be iana.org... – Friend of Kim Dec 28 '11 at 10:50
@50ndr33 Could you provide a more detailed log? – psalomonsen Dec 28 '11 at 13:32
Alright, so the letters and numbers sound like an IPv6 address. Should look something like this 3ffe:1900:4545:3:200:f8ff:fe21:67cf. Did you by chance agree to be part of the Microsoft Customer Experience? – atorrrr Dec 28 '11 at 14:16
Sounds as if microsoft is collecting data:http://www.microsoft.com/products/ceip/EN-US/default.mspx – atorrrr Dec 28 '11 at 14:22
Maybe it is. I could have participated, yes, but I haven't used any of the programs in a few days time now.. Yes I can give some more detailed info, but how should I transfer it? Thanks! :) – Friend of Kim Dec 28 '11 at 18:07

Bill · Answer 4 · 2013-01-05T01:19:31.703

I ran across also this mysterious Toredo port which one day just popped up on my "vintage" XP box. After a bit of searching now I understand that Win7/8 creates these ports but how on earth did it open on my XP? Wellllll, one day I shared a drive on my Win7 laptop to my XP box which evidently opened up the Toredo port. Mystery solved :)

Bill

***Update: Well it turns out that when I have UPnP enabled on the XP box it installs Toredo from the Win7 shared drive network which has uTorrent installed on it. So basically the culprit is uTorrent which seems to be spreading Toredo thru local network connections/shares. I've read about uTorrent spreading all kinds of malicious apps. So beware sharing/conecting a machine on your local network and also UPnP enabled, it can spread Toredo!!!

Is Teredo in my router a back door?

4 Answers4