Results 1 to 7 of 7

Thread: Teredo and IPv6

  1. #1
    5 Star Lounger Lugh's Avatar
    Join Date
    Jun 2010
    Location
    Indy
    Posts
    620
    Thanks
    166
    Thanked 77 Times in 68 Posts

    Teredo and IPv6

    I'm on a new install [yesterday] of Win7 Pro-64, using IE11, all fully updated--so no caches etc to clear.

    Last night and today on BBC.com and Bing search, MalwareBytes started sliding out 'malicious site blocked' notifications. The MBAM 'Daily Protection Log' showed them all as outbound from iexplore.exe to following IP addresses and domains:
    92.242.140.21 teredo.ipv6.microsoft.com;
    23.216.11.73 tap2-cdn.rubiconproject.com [an advertising company];
    92.242.140.21 m12n.servebom.com [MBAM blocks it, so can't tell what it does, but this thread] on Tom's Hardware suggests it's an ad server].

    I have scanned, but haven't installed Adblock Plus yet, so that may take care of the ad companies--just including the info in case it might be relevant.

    My question is around the first MS IP above. Reading around a bit, Teredo is a tunneling protocol to enable IPv6 and IPv4 to work properly together. Seems harmless and perhaps helpful from the bits I saw. You agree?

    If benign, any advice on the best way to avoid MBAM alerts? Eg if it'll always be a specific domain, I can whitelist that.

    Thanks,
    Mike

    PS a search in this forum for "Teredo" returned 14 threads--but none looked promising from the thread subject and mouseover snippet.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    Can you give us the full URL for BBC.com that you are trying to access ?

    I'm not sure if the first one is MS phoning home through the Telemetry updates but run the Avast Browser Cleanup Tool to see what that finds. https://www.avast.com/browser-cleanup

  3. #3
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    561
    Thanks
    51
    Thanked 68 Times in 66 Posts
    Teredo is indeed almost exactly what you described it as. Specifically, it allows an IPv4 connection to form when you only have IPv6 networking running. It's how the backwards compatibility angle is supposed to be supported in Windows. That means it is entirely legitimate.

    That also means the first address listed, is OK: teredo.ipv6.microsoft.com

    However the other ones are suspect. I cannot say they are good or bad for sure. Anything that is an ad network though is automatically suspect; ad networks have gotten a bad reputation for hosting malware. Most of the time it's unintentional on the ad network owner's part, but neither have they done enough to secure their systems, so the reputational damage on them is deserved.

  4. #4
    5 Star Lounger Lugh's Avatar
    Join Date
    Jun 2010
    Location
    Indy
    Posts
    620
    Thanks
    166
    Thanked 77 Times in 68 Posts
    Quote Originally Posted by Sudo15 View Post
    Can you give us the full URL for BBC.com that you are trying to access ?

    I'm not sure if the first one is MS phoning home through the Telemetry updates but run the Avast Browser Cleanup Tool to see what that finds. https://www.avast.com/browser-cleanup
    http://www.bbc.com/news

    Thanks Sudo, Avast says I'm clean.

    Quote Originally Posted by BHarder View Post
    Anything that is an ad network though is automatically suspect
    Agreed. I haven't seen the suspect two since installing Adblock Plus. Thanks for confirming Teredo is benign.

  5. #5
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    Is MBAM still flagging the BBC web site ?

    While I don't have the Premium version of MBAM, Norton 360 usually lets me know if a particular site is a bit iffy but can also falsely flag.

    What I have found recently with Norton but don't know if the same will apply with MBAM, is that it will block www.betfred.com in IE 11 but not in Firefox - so if MBAM flags any more sites, try them in another browser.

  6. #6
    5 Star Lounger Lugh's Avatar
    Join Date
    Jun 2010
    Location
    Indy
    Posts
    620
    Thanks
    166
    Thanked 77 Times in 68 Posts
    Quote Originally Posted by Sudo15 View Post
    Is MBAM still flagging the BBC web site ?
    I turned off MBAM's notifications, they were too annoying--many alerts from Skype in addition to the sites. MBAM will still warn me if I try to visit a suspect URL, so I should be ok.

    MBAM didn't block BetFred in my IE 11. I've found MBAM's site warnings credible over the years, so between it and WoT I expect I'm fairly safe.

  7. #7
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    If you get a warning in one browser with a site you would expect to be safe, see if it's confirmed in another browser as I do.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •