• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 Firewall Hurricane Tunnel

Started by ngjvjRbYM, May 19, 2009, 07:30:22 PM

Previous topic - Next topic

ngjvjRbYM

I have the AVG 8.5 firewall and Windows XP with sp3. To be able to use the Hurricane Tunnel
i need to allow all protocol 41 traffic to and from Hurricane. Only this makes the IPv6
( with the Hurricane tunnel ) possible.

1- Is there an option to configure ( like a firewall ) the open / closed ports of the tunnel?

2- Is it possible for somebody to break in my computer using the Hurricane Tunnel?

3- Is it possible for somebody to install a rootkit  in my computer using the Hurricane Tunnel?

4- Is the traffic filtered for this kind of danger?


The best solution would be that all software / hardware firewalls support the construction
used by Hurricane to setup the Tunnel. That is going to take time.

kcochran

1. That's entirely up to your firewall software.
2. If they're also on IPv6, and they find an exploitable service on your system that is listening on an IPv6 address.
3. They'd have to do the above first, really.
4. We do not generally filter any traffic over tunnels.  With the variety of Operating Systems, vulnerabilities, and applications, there's no way to do this, and have a functional service.

Ideally, the firewall software would support IPv6, and simply apply rules to the v6 interface.  When you receive a packet over a tunnel, it gets de-encapsulated (removing the v4 / proto 41 wrapper), and it should then be passed to the v6 interface internally for normal processing.

ngjvjRbYM


ngjvjRbYM

I have updated to AVG 9.0.
The same problem still exist and the same workaround is working.
I had the still hope that AVG would have fixed this by now.
It seems like AVG is not able to Removing the v4 / proto 41 wrapper like it should.

The Firewall is working for the IPv6 traffic using Teredo and gogo6.