Author Topic: Pentagon/Northcom to stage domestic Cyber attacks/w/1918 flu to usher in IPv6  (Read 119893 times)

0 Members and 2 Guests are viewing this topic.

Offline phosphene

  • Member
  • *****
  • Posts: 1,826
Bill Frist calls h1n1 nasal vaccine "modified"
« Reply #160 on: October 14, 2009, 05:35:01 am »
Bill Maher says "no" to the flu vaccine. Author Bill Frist, while trying defend against Maher's use of the phrase "live virus", mentions that the difference between the inject-able vaccine and the nasal vaccine is that the nasal virus "has been modified" @ 4:30
"A strange game. The only winning move is not to play."--Joshua


  • Guest
Eligibility for swine flu mist expands

Children up to 18 years of age are now eligible to receive the H1N1 swine flu vaccine.

This is an increase in age from last week’s priority recommendation that children ages 2 to 10 get the vaccine. Ventura County Public Health Officer Dr. Bob Levin made the decision to increase the age limit as soon as he got an idea of how many county residents would be asking for the vaccine.

“When we didn’t have lines out the door, we decided to increase the age limit,” Levin said.The Centers for Disease Control gave county health officers the leeway to increase the age limit if enough vaccine was available. Levin said he plans to expand the groups eligible to receive the vaccine as soon as possible.

Children 2 to 18 will get the vaccine in the form of a nasal spray called FluMist. The county received its first shipment of 115,500 doses of this live attenuated influenza vaccine last week.

Public Health officials expect the injectable form of the vaccine to arrive this week or next. That vaccine will contain components from dead H1N1 viruses.

Another group that will be given priority for getting the vaccine are healthy, nonpregnant household members ages 2 to 49 who have contact with a child under 6 months of age.

As sufficient supplies of injectable and nasal mist H1N1 vaccine arrive, groups permitted to receive the vaccine will widen to include those from 6 months to 24 years of age; pregnant women; members of any household with a child under 6 months of age; healthcare workers; emergency medical personnel; and those with high-risk medical conditions up to age 65. All other groups are considered at very low risk.

You can get FluMist at Ventura County Health Care Agency Public Health Clinics or call your physician.

For more information, call 211 or 981-5390, or click on

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Re: Bill Frist calls h1n1 nasal vaccine "modified"
« Reply #162 on: October 14, 2009, 01:26:22 pm »
Bill Maher says "no" to the flu vaccine. Author Bill Frist, while trying defend against Maher's use of the phrase "live virus", mentions that the difference between the inject-able vaccine and the nasal vaccine is that the nasal virus "has been modified" @ 4:30

Bill Frist - A member of the board of GE's Health Care group "Healthymagination":

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
US homeland security to police the Net,1000000097,2126311,00.htm
Declan McCullagh, CNET  CNet
Published: 21 Nov 2002 12:55 GMT

A massive new bureaucracy will play a major role in securing software, hardware and the Net

The overwhelming vote by the Senate on Tuesday approving a Homeland Security Department has cleared the way for massive reorganisation of the federal government that will have a dramatic impact on computer and network security in the US.

The bill -- which sets the stage for the largest federal reorganisation since the Defence Department was formed in 1947 -- does more than reshuffle government agencies. It gives the government a major role in securing operating systems, hardware and the Internet, including allowing for more police surveillance of the Net; punishing malicious computer hackers with up to life in prison; establishing a national clearinghouse for computer and network security work; and spending at least half a billion dollars a year for homeland security research.

President Bush is expected to sign the bill by the end of the month. "The United States Congress has taken a historic and bold step forward to protect the American people by passing legislation to create the Department of Homeland Security," Bush said after the vote. "This landmark legislation, the most extensive reorganisation of the federal government since the 1940s, will help our nation meet the emerging threats of terrorism in the 21st century."

Attorney General John Ashcroft heralded the Senate's 90-9 vote for the massive new bureaucracy, which combines about 170,000 employees from 22 existing agencies, as beginning "a new era of cooperation and coordination in the nation's homeland defence."

Earlier on Tuesday, the Senate voted 52-47, largely along party lines, to reject Democratic amendments to the bill.

The final bill prohibits the Justice Department's proposed citizen-informant program called TIPS (Terrorist Information and Prevention System) and rejects "the development of a national identification system or card." But privacy advocates and civil libertarians remain worried about the negative consequences of such a sweeping reorganisation of law enforcement functions with little oversight.

In a statement calling for more supervision of law enforcement practices, the Centre for Democracy and Technology said the plan "raises serious concerns about the privacy of Americans" by granting the government "substantial -- and potentially invasive -- authorities to compile, analyse and mine the personal information of millions of Americans".

Technology companies, on the other hand, praised the plan, which promises to be a cash cow for businesses that develop security products.

AeA, a trade group representing technology companies, in particular applauded a provision that would require the government to focus on small businesses.

"Some of the most cutting-edge technologies are being developed in smaller firms, but we are frequently lost in the shadow of the big guys," Michele Wong, chief executive officer of Synergex and an AeA board member, said in a statement.

Meanwhile, Microsoft is one of many large technology companies looking to further expand its government contracts into the homeland security arena. The company has named a new internal federal director of homeland security to work with the government on information technology issues.

After the federal reorganisation is complete, the new department will mash together five agencies that currently divvy up responsibility for "critical infrastructure protection." Those are the FBI's National Infrastructure Protection Centre, the Defence Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis centre, and the Federal Computer Incident Response Centre.

Policing the Net

A last-minute addition to the bill last week, before the House approved it by a 299-121 vote, is the 16-page Cyber Security Enhancement Act. It stiffens prison terms for hackers, expands the ability of police to conduct Internet or telephone eavesdropping without first obtaining a court order, and grants Internet providers more latitude to disclose information about subscribers to police.

Another addition, which was opposed by open-government activists and journalist groups, says that information businesses give the department that's related to "critical infrastructure" will not be subject to the Freedom of Information Act. That could include details on virus research, security holes in applications, or operating system vulnerabilities.

Included in the bill is a Homeland Security Advanced Research Projects Agency (HSARPA), modelled after the Defence Advanced Research Projects Agency, which will receive at least $500m (£323m) a year to fund the development of new technologies. According to the bill, HSARPA will "promote revolutionary changes in technologies that would promote homeland security, advance the development (of technologies), and accelerate the prototyping and deployment of technologies that would address homeland vulnerabilities".

The final version of the mammoth, 484-page bill also does the following:

* Establishes an office that is designed to become "the national focal point for work on law enforcement technology". Categories include computer forensics, tools for investigating computer crime, firearms that recognise their owner, and DNA identification technologies. The office also is charged with funding the development of tools to help state and local law enforcement agencies thwart computer crime.

* Creates a Directorate for Information Analysis and Infrastructure Protection that is charged with analysing vulnerabilities in systems including the Internet, telephone networks, and other critical infrastructures.

* Orders the creation of "a comprehensive national plan for securing the key resources and critical infrastructure of the United States" including information technology, financial networks and satellites.

* Requires all federal agencies, including the CIA, the Defence Department, and National Security Agency, to provide the new department with any "information concerning the vulnerability of the infrastructure of the United States."

* Punishes any department employee with one year in prison for disclosing details that are "not customarily in the public domain" about critical infrastructures.

* Creates a privacy representative and a civil liberties officer to ensure that the department follows reasonable "privacy protections relating to the use, collection and disclosure of personal information."

* Orders the department to provide technical assistance and confidential warnings of potential vulnerabilities to companies that operate "critical information systems."

* Allows the department to create a national corps of volunteers to "assist local communities to respond and recover from attacks on information systems and communications networks."

* Creates a Homeland Security Institute to perform systems analysis, risk analysis, and simulation and modelling to determine the vulnerabilities of critical infrastructures, including the Internet.

The nine senators who voted against the bill were Democrats Robert Byrd of West Virginia, Paul Sarbanes of Maryland, Daniel Akaka and Daniel Inouye of Hawaii, Edward Kennedy of Massachusetts, Russ Feingold of Wisconsin, Fritz Hollings of South Carolina, and Carl Levin of Michigan. Democratic-leaning independent James Jeffords of Vermont also opposed the bill.'s Lisa Bowman contributed to this report.
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Department of Homeland Security (DHS)

* Homepage:
Self Description

    May 2004: The agencies slated to become part of the Department of Homeland Security will be housed in one of four major directorates: Border and Transportation Security, Emergency Preparedness and Response, Science and Technology, and Information Analysis and Infrastructure Protection.

    The Border and Transportation Security directorate will bring the major border security and transportation operations under one roof, including:

        * The U.S. Customs Service (Treasury)
        * The Immigration and Naturalization Service (part) (Justice)
        * The Federal Protective Service
        * The Transportation Security Administration (Transportation)
        * Federal Law Enforcement Training Center (Treasury)
        * Animal and Plant Health Inspection Service (part)(Agriculture)
        * Office for Domestic Preparedness (Justice)

    The Emergency Preparedness and Response directorate will oversee domestic disaster preparedness training and coordinate government disaster response. It will bring together:

        * The Federal Emergency Management Agency (FEMA)
        * Strategic National Stockpile and the National Disaster Medical System (HHS)
        * Nuclear Incident Response Team (Energy)
        * Domestic Emergency Support Teams (Justice)
        * National Domestic Preparedness Office (FBI)

    The Science and Technology directorate will seek to utilize all scientific and technological advantages when securing the homeland. The following assets will be part of this effort:

        * CBRN Countermeasures Programs (Energy)
        * Environmental Measurements Laboratory (Energy)
        * National BW Defense Analysis Center (Defense)
        * Plum Island Animal Disease Center (Agriculture)

    The Information Analysis and Infrastructure Protection directorate will analyze intelligence and information from other agencies (including the CIA, FBI, DIA and NSA) involving threats to homeland security and evaluate vulnerabilities in the nation's infrastructure. It will bring together:

        * Critical Infrastructure Assurance Office (Commerce)
        * Federal Computer Incident Response Center (GSA)
        * National Communications System (Defense)
        * National Infrastructure Protection Center (FBI)
        * Energy Security and Assurance Program (Energy)

    The Secret Service and the Coast Guard will also be located in the Department of Homeland Security, remaining intact and reporting directly to the Secretary. In addition, the INS adjudications and benefits programs will report directly to the Deputy Secretary as the U.S. Citizenship and Immigration Services.

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
DHS concludes public phase of quadrennial review
October 12, 2009 - 4:19am

The Department of Homeland Security has wrapped up the third and final phase of its public comment period on its agency-wide Quadrennial Homeland Security Review.

DHS officials say that more than 20,000 people participated in the first-ever web-based discussion on the department's performance when it comes to its core mission of homeland security.

Officials will now boil down all the responses from the open comment period into the final report to Congress being prepared by DHS secretary Janet Napolitano. The report must be delivered to Capitol Hill by December 31st of this year.

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Analysis: Does Congress understand cybersecurity, technology use?

October 12, 2009 - 1:10pm

By Max Cacas

Under the U.S. Constitution, Congress provides both oversight and funding for the activities of federal government agencies. But how well do Capitol Hill lawmakers do when it comes to really understanding the federal agencies they oversee?

Recently, we covered the opening of a local museum's exhibit on cybersecurity, and a panel on technology in government, and asked the question, "How well does Congress understand the challenges involved in that area?"

At the opening of the International Spy Museum's gallery on cybersecurity entitled "Weapons of Mass Disruption", Jim Lewis from the Center for Strategic and International Studies, and a co-author of a report on cybersecurity submitted to President Obama at the start of his presidency, cites what he calls 'the conversion experience':

    You can talk to congressmen before the classified briefing, and it's like, 'why are you bothering me with this stuff?' When you talk to them after the classified briefing, what they say is, 'Is it safe to do online banking?' But it also helps if you're a member of Congress, and say, you meet with some Tibetan human rights activists, and someone gets on your office network, and harvests your files. So what I hear from people on the Hill is a lot of interest. There's currently 18 bills pending on cybersecurity, that's amazing. Second, it's bipartisan, it's non-partisan, both parties agree we have a real problem, and we have to do something about it. So when you see Senator Rockefeller, Senator Snowe, Senator Lieberman, Senator Collins, you see a real bipartisan effort, and that's encouraging.

That said, Lewis also thinks that we're unlikely to see any action on those cybersecurity bills this year because, as he told the Spy Museum audience, "there are other things on the agenda that will eat it up, but in 2010, we'll see some progress on the Hill."

Also speaking at the Spy Museum opening, Mike McConnell, the former Director of National Intelligence, believes members of Congress understanding of cybersecurity issues is improving.

    The question is, do they understand? Broadly, not yet, but increasingly, members are getting the briefings and so on, so we're on a positive trend.

McConnell goes on to say, however, that it's the tradition of Congress (and the government) to be mostly reactive, and almost never proactive to issues like cybersecurity. He cites the creation of the Federal Reserve System in 1913, as a reaction to the banking crisis then, and the creation of Social Security as a reaction to the Great Depression.

When it comes to cybersecurity, McConnell believes that Congress and the government must move beyond the impulse for top secret plans to combat cyberthreats, as happened during the most recent Bush administration, and having an open and public discussion about our vulnerability, "even if it means revealing some of our thinking on what some of us might do in an attack scenario."

At the recent Excellence in Government conference on the use of technology and the government, Vivek Kundra, Office of Management and Budget's Federal Chief Information Officer, was recently asked to comment on the challenge of engaging Congress on matters related to technology, given the legislative branch's oversight responsibility, and 'power of the purse':

    We're working very closely with the Congress. If you look at what we did with the IT dashboard when we launched it, we worked closely with the Hill, we worked closely with the Government Accountability Office, and the IG community. But part of the problem we have is how to optimize the spending within the federal government. Horizontally, the greatest challenge we have is to deliver on these platforms around procurement systems. The challenge comes in terms of the specific bureaus and showing enduring value to moving to a platform-centric environment rather than a vertical environment.

Kundra says until now, the challenge with the Hill has been moving past the old notions of "data centers and infrastructure."

Aneesh Chopra, the President's Chief Technology Officer, adds in answer to the same question, that all the key legislation now proposed by the White House, including health care reform, energy, higher education, all have provisions for transparency and efficiency using new technologies, as he puts it "as a core component of the legislation."

David McClure, associate administrator with the Office of Citizen Services at General Services Administration, calls the area of congressional oversight a "thorny area", citing the fact that the Congress is composed of 535 individuals who are running for re-election almost from the day they are elected to office.

    The secret is results, both short term and long term, we've got to perform, we've got to deliver, but we've also got to stay on course.

McClure concluded by saying even when agency heads are leaving office at the end of a Presidential* term, it's their job to make sure that any project they initiate with Congress's help must be "moving toward a good target." *Reinforcing the fact that there is no left/right - there is only one force making these plans... the NWO fascist corporate bankster bastards via their revolving door puppets.

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
PayChoice Suffers Another Data Breach

Payroll services provider PayChoice took its Web-based service offline for the second time in a month on Wednesday in response to yet another data breach caused by hackers.

Moorestown, N.J. based PayChoice, provides direct payroll processing services and licenses its online employee payroll management product to at least 240 other payroll processing firms, serving 125,000 organizations. On Thursday morning, the company sent a notice to its customers saying it had once again closed - the portal for PayChoice's online payroll service -- this time after some clients began noticing bogus employees being added to their payroll.

"After investigation, we determined that valid user credentials for an Online Employer user were used in an unauthorized manner to add these fictitious employees in an attempt to have payments made to fraudulent bank accounts," the company said in an e-mail alert to their clients sent Thursday.

This week's attack appears to be the second stage of a sophisticated cyber assault launched last month against PayChoice customers. In that attack, hackers broke into the company's servers and stole customer user names and passwords. The attackers then included that information in e-mails to PayChoice's customers warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to The supposed plug-in offered in that e-mail was instead malicious software designed to steal the victim's user names and passwords.

The statement sent to customers Thursday said that in this week's attack the thieves appear to have stolen login IDs and passwords by exploiting a weakness in the Web site component that allows customers to change their password. PayChoice also said it has disabled the change password capability on the site until it can eliminate the vulnerability, and that it had modified all login IDs to prevent access to the site using potentially compromised credentials.

In response to questions, the company sent an e-mailed statement, attributed to PayChoice chief executive Robert Digby.

"On Thursday, PayChoice deployed additional security measures to protect client data after the company identified a key mechanism used by online attackers. PayChoice's Online Employer site was briefly taken off line after the company discovered a security breach that occurred on October 14. PayChoice reopened the site with limited functions as it continues to tighten the security based on forensic findings from Wednesday's attack," Digby wrote. "PayChoice has communicated directly with its clients with precautionary recommendations and will update them as more information is available."

Steve Friedl, a blogger and security expert who writes the Unixwiz blog and is also a consultant for Evolution Payroll - a PayChoice competitor - said the timing of this latest attack was notable: Friedl said most of the payroll industry leaders -- including PayChoice -- are busy exhibiting and attending talks at a major industry conference in Park City, Utah this week.

"The timing is impeccable," Friedl said. "Paychoice and many of their licensees are at a major payroll conference in Utah, so it's a ripe time to slip something by a short-staffed operation."

By Brian Krebs  |  October 15, 2009; 8:40 PM ET

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline phosphene

  • Member
  • *****
  • Posts: 1,826
the Teredo protocol remotely and automatically forwards ports on old routers. Supposedly for ipv6 purposes. Can't turn it off either. Scary stuff.

Teredo tunneling

Teredo is a tunneling protocol designed to grant IPv6 connectivity to nodes that are located behind IPv6-unaware NAT devices. It defines a way of encapsulating IPv6 packets within IPv4 UDP datagrams that can be routed through NAT devices and on the IPv4 internet.

    * 1 Purpose
    * 2 Overview
          o 2.1 Teredo node types
          o 2.2 Teredo IPv6 addressing
          o 2.3 Teredo servers
          o 2.4 Teredo relays
    * 3 Limitations
    * 4 Alternatives to Teredo
    * 5 Security considerations
          o 5.1 Exposure
          o 5.2 Firewalling
          o 5.3 Blocking
    * 6 Implementations
    * 7 Choice of the name Teredo
    * 8 References
    * 9 External links

[edit] Purpose

6to4, the most common IPv6 over IPv4 tunneling protocol, requires the tunnel endpoint to have a public IPv4 address. However, many hosts are currently attached to the IPv4 Internet through one or several NAT devices, usually because of IPv4 address shortage. In such a situation, the only available public IPv4 address is assigned to the NAT device, and the 6to4 tunnel endpoint needs to be implemented on the NAT device itself. Many NAT devices currently deployed, however, cannot be upgraded to implement 6to4, for technical or economic reasons.

Teredo alleviates this problem by encapsulating IPv6 packets within UDP/IPv4 datagrams, which most NATs can forward properly. Thus, IPv6-aware hosts behind NATs can be used as Teredo tunnel endpoints even when they don't have a dedicated public IPv4 address. In effect, a host implementing Teredo can gain IPv6 connectivity with no cooperation from the local network environment.

Teredo is intended to be a temporary measure: in the long term, all IPv6 hosts should use native IPv6 connectivity. The Teredo protocol includes provisions for a sunset procedure: Teredo implementation should provide a way to stop using Teredo connectivity when IPv6 has matured and connectivity becomes available using a less brittle mechanism.
[edit] Overview

    For a complete explanation, see Teredo Overview in External links.

The Teredo protocol performs several functions:

   1. Diagnoses UDP over IPv4 (UDPv4) connectivity and discovers the kind of NAT present (using a simplified replacement to the STUN protocol);
   2. assigns a globally-routable unique IPv6 address to each host using it;
   3. encapsulates IPv6 packets inside UDPv4 datagrams for transmission over an IPv4 network (this includes NAT traversal);
   4. routes traffic between Teredo hosts and native (or otherwise non-Teredo) IPv6 hosts.

[edit] Teredo node types

Teredo defines several different kinds of node:

    * A Teredo client is a host which has IPv4 connectivity to the internet from behind a NAT and uses the Teredo tunneling protocol to access the IPv6 Internet. Teredo clients are assigned an IPv6 address that starts with the Teredo prefix (2001:0000::/32).

    * A Teredo server is a well-known host which is used for initial configuration of a Teredo tunnel. A Teredo server never forwards any traffic for the client (apart from IPv6 pings), and has therefore very modest bandwidth requirements (a few hundred bits per second per client at most)[citation needed], which allows a single server to support large numbers of clients. Additionally, a Teredo server can be implemented in a fully stateless manner, thus using the same amount of memory regardless of how many clients it supports.

    * A Teredo relay serves as the remote end of a Teredo tunnel. A Teredo relay must forward all of the data on behalf of the Teredo clients it serves, with the exception of direct Teredo client to Teredo client exchanges. Therefore, a relay requires a lot of bandwidth and can only support a limited number of simultaneous clients. Each Teredo relay serves a range of IPv6 hosts (e.g. a single campus/company, an ISP or a whole operator network, or even the whole IPv6 Internet); it forwards traffic between any Teredo clients and any host within said range.

    * A Teredo host-specific relay is a Teredo relay whose range of service is limited to the very host it runs on. As such, it has no particular bandwidth or routing requirements. A computer with a host-specific relay will use Teredo to communicate with Teredo clients, but it will stick to its main IPv6 connectivity provider to reach the rest of the IPv6 Internet.

[edit] Teredo IPv6 addressing

Each Teredo client is assigned a public IPv6 address which is constructed as follows (the higher order bit is numbered 0):

    * Bits 0 to 31 are set to the Teredo prefix (normally 2001:0000::/32).
    * Bits 32 to 63 embed the primary IPv4 address of the Teredo server that is used.
    * Bits 64 to 79 can be used to define some flags. Currently only the higher order bit is used; it is set to 1 if the Teredo client is located behind a cone NAT, 0 otherwise. For Microsoft's Windows Vista and Windows Server 2008 implementations, more bits are used. In those implementations, the format for these 16 bits is "CRAAAAUG AAAAAAAA", where "C" remains the "Cone" flag, and the 12 "A" bits are randomly chosen by the Teredo client to introduce additional protection for the Teredo node against IPv6-based scanning attacks.
    * Bits 80 to 95 contains the obfuscated UDP port number. This is the port number that is mapped by the NAT to the Teredo client with all bits inverted.
    * Bits 96 to 127 contains the obfuscated IPv4 address. This is the public IPv4 address of the NAT with all bits inverted.

As an example, 2001:0000:4136:e378:8000:63bf:3fff:fdd2 refers to a Teredo client:

    * using Teredo server at address (4136e378 in hexadecimal),
    * located behind a cone NAT (bit 64 is set),
    * using UDP mapped port 40000 on its NAT (in hexadecimal 63bf xor ffff equals 9c40, or decimal number 40000),
    * whose NAT has public IPv4 address (3ffffdd2 xor ffffffff equals c000022d, which is to say

[edit] Teredo servers

    For a list of existing Teredo servers, see the list in External links.

Teredo servers are used by Teredo clients to autodetect the kind of NAT behind which they are located (if any), through a simplified STUN-like qualification procedure. Teredo clients also maintain a binding on their NAT toward their Teredo server, by sending a UDP packet at regular time intervals. That ensures that the server can always contact any of its clients, which is required for hole punching to work properly.

If a Teredo relay (or another Teredo client) has to send an IPv6 packet to a Teredo client, it will first send a Teredo bubble packet to the client's Teredo server, whose IP address can be inferred from the Teredo IPv6 address of the Teredo client. The server can then forward the bubble to the client, so the Teredo client software knows that hole punching must be done toward the Teredo relay.

Teredo servers can also transmit ICMPv6 packet from Teredo clients toward the IPv6 Internet. In practice, when a Teredo client wants to contact a native IPv6 node, it must find out where the corresponding Teredo relay is (i.e. which public IPv4 and UDP port number to send encapsulated IPv6 packets to). To do that, the client crafts an ICMPv6 Echo Request (ping) toward the IPv6 node, and sends it through its configured Teredo server. The Teredo server decapsulates the ping onto the IPv6 Internet, so that the ping should eventually reach the IPv6 node. The IPv6 node should then reply with an ICMPv6 Echo Reply, as mandated by RFC 2460. This reply packet will be routed to the closest Teredo relay, which will finally try to contact the Teredo client.

Maintaining a Teredo server requires little bandwidth because they are not involved into the actual transmission and reception of IPv6 packets. Also, it does not involve any access to the Internet routing protocols. The only requirements for a Teredo server are:

    * the ability to emit ICMPv6 packets with a source address belonging to the Teredo prefix,
    * two distinct public IPv4 addresses (although not written down in the official specification, Microsoft Windows clients expect both addresses to be consecutive); the second IPv4 address is needed for the purpose of NAT detection.

Public teredo servers:

    * / (France)
    * (Spain)
    * (USA, Redmond) (default for WindowsXP/2003/Vista/2008 OS)
    * (South Korea)

[edit] Teredo relays

A Teredo relay potentially requires a lot of network bandwidth. Also, it must export (advertise) a route toward the Teredo IPv6 prefix (2001:0::/32) to other IPv6 hosts. That way, the Teredo relay will receive traffic from the IPv6 hosts addressed to any Teredo client, and forward it over UDP/IPv4. Symmetrically, it will receive packets from Teredo clients addressed to native IPv6 hosts over UDP/IPv4 and inject those into the native IPv6 network.

In practice, network administrators can set up a private Teredo relay for their company or campus; this will provide a short path between their IPv6 network and any Teredo client. However setting up a Teredo relay on a scale beyond that of a single network requires the ability to export BGP IPv6 routes to the other autonomous systems (AS's).

Unlike 6to4, where the two halves of a connection can use different relays, traffic between a native IPv6 and a Teredo host will use the same Teredo relay, namely the one that is closest to the native IPv6 host network-wise. The Teredo host cannot localize a relay by itself (since it cannot send IPv6 packets by itself); if it needs to initiate a connection to a native-v6 host, it will send the first packet through the Teredo server, which sends a packet to the native-v6 host using the client's Teredo IPv6 address. The native-v6 host then responds as usual to the client's Teredo IPv6 address, which will eventually cause the packet to find a Teredo relay, which will initiate a connection to the client (possibly using the Teredo server for NAT piercing). The relay is then used for communication between the two hosts for as long as is needed. This design means that neither the Teredo server nor client needs to know the IPv4 address of any Teredo relays; a suitable one is automatically found by means of the global IPv6 routing table, since all Teredo relays advertise the network 2001:0::/32.

    For near-realtime information on Teredo and BGP, see the External links.

On March 30, 2006, Italian ISP ITGate was the first AS to start advertising a route toward 2001::/32 on the IPv6 Internet, so that RFC 4380-compliant Teredo implementations would be fully usable. As of 16 February 2007, it is not functional.

In Q1 2009, IPv6 backbone Hurricane Electric enabled 14 Teredo relays[1] in an anycast implementation and advertising 2001::/32 globally. The relays were located in: Seattle, Fremont, Los Angeles, Chicago, Dallas, Toronto, New York, Ashburn, Miami, London, Paris, Amsterdam, Frankfurt and Hong Kong.

It is expected that large network operators will be maintaining Teredo relays. As with 6to4, it remains however unclear how well the Teredo service will scale up if a large proportion of Internet hosts start using IPv6 through Teredo in addition to IPv4.

While Microsoft has been operating a set of Teredo servers ever since the first Teredo pseudo-tunnel for Windows XP was released, it has never provided a Teredo relay service for the IPv6 Internet as a whole.
[edit] Limitations

Teredo is not compatible with all NAT devices. Using the terminology of RFC 3489, full cone, restricted and port-restricted NAT devices are supported, while symmetric NATs are not. National Chiao Tung University proposed SymTeredo which enhanced the original Teredo protocol to support symmetric NATs, and the Microsoft and Miredo implementations implement certain unspecified non-standard extensions to improve support for symmetric NATs. However, connectivity between a Teredo client behind a symmetric NAT, and a Teredo client behind a port-restricted or symmetric NAT remains seemingly impossible.[citation needed]

Indeed, Teredo assumes that when two clients exchange encapsulated IPv6 packets, the mapped/external UDP port numbers used will be the same as those that were used to contact the Teredo server (and building the Teredo IPv6 address). Without this assumption, it would not be possible to establish a direct communication between the two clients, and a costly relay would have to be used to perform triangle routing. A Teredo implementation tries to detect the type of NAT at startup, and will refuse to operate if the NAT appears to be symmetric. (This limitation can sometimes be worked around by manually configuring a port forwarding rule on the NAT box, which requires administrative access to the device).

Teredo can only provide a single IPv6 address per tunnel endpoint. As such, it is not possible to use a single Teredo tunnel to connect multiple hosts, contrary to 6to4 and some point-to-point IPv6 tunnels.

The bandwidth available to all Teredo clients toward the IPv6 Internet is limited by the availability of Teredo relays (which are no different in that respect from 6to4 relays).
[edit] Alternatives to Teredo
Main article: IPv6#Transition mechanisms

6to4 requires a public IPv4 address, but provides a large 48-bit IPv6 prefix for each tunnel endpoint, and has a lower encapsulation overhead.

Point-to-point tunnels (Network_topology#Point-to-point) can be more reliable and are more accountable than Teredo, and typically provides permanent IPv6 addresses that do not depend on the IPv4 address of the tunnel endpoint. Some point-to-point tunnel brokers additionally support UDP encapsulation to traverse NATs (for instance, the AYIYA protocol can do this). On the other hand, point-to-point tunnels normally require registration. Automated tools (for instance AICCU) exist to make it easy to use Point-to-Point tunnels.
[edit] Security considerations
[edit] Exposure

Teredo increases the attack surface by assigning globally routable IPv6 addresses to network hosts behind NAT devices, which are otherwise mostly unreachable from the Internet. By doing so, Teredo potentially exposes any IPv6-enabled application with an open port to the outside. It also exposes the IPv6 stack and the Teredo tunneling software to attacks should they have any remotely exploitable vulnerability.

The Microsoft IPv6 stack has a "protection level" socket option. This allows applications to specify whether they are willing to handle traffic coming from the Teredo tunnel, from anywhere except Teredo (the default), or only from the local Intranet.

[edit] Firewalling

For a Teredo (pseudo-)tunnel to operate properly, outgoing UDP packets must not be filtered. Moreover, replies to these packets (i.e. "solicited traffic") must also not be filtered. This corresponds to the typical setup of a NAT and its stateful firewall functionality.
[edit] Blocking

Teredo tunneling software will detect a fatal error and stop if outgoing IPv4 UDP traffic is blocked.
[edit] Implementations

Several implementations of Teredo are currently available:

    * Windows XP SP2 includes a client and host-specific relay (also in the Advanced Networking Pack for Service Pack 1).
    * Windows Server 2003 has a relay and server provided under the Microsoft Beta program.
    * Windows Vista and Windows 7 have built-in support for Teredo with an unspecified extension for symmetric NAT traversal.
    * Miredo is a client, relay and server for Linux, *BSD and Mac OS X,
    * ng_teredo is a relay and server based on netgraph for FreeBSD from the LIP6 University and 6WIND.
    * NICI-Teredo is a relay for the Linux kernel and a userland Teredo server, developed at the National Chiao Tung University.

[edit] Choice of the name Teredo

The initial nickname of the Teredo tunneling protocol was shipworm. The idea was that the protocol would pierce holes through NAT devices, much like the shipworms bore tunnels through wood. Shipworms are responsible for the loss of very many wooden hulls, but Christian Huitema in the original draft noted that "the animal only survives in relatively clean and unpolluted water; its recent comeback in several Northern American harbors is a testimony to their newly retrieved cleanliness. Similarly, by piercing holes through NAT, the service would contribute to a newly retrieved transparency of the Internet."

Christian Huitema quickly changed the name to Teredo to avoid confusion with computer worms[2]. Teredo navalis is the Latin name of one of the best known species of shipworm.
[edit] References

   1. ^ Levy, Martin (2009-05-28). "Hurricane Electric's experience in deploying Teredo and 6to4 relays". LACNIC-XII/FLIP6 2009 Conference, Panama City, Panama.
   2. ^ Huitema, Christian (2001-12-19). "(ngtrans) Renaming Shipworm as Teredo?". IETF ngtrans wg mailing list.

    * C. Huitema. Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs). RFC 4380, February 2006.

[edit] External links

    * Teredo Overview on Microsoft TechNet
    * Teredo relays: list of Teredo relays on
    * Current anycast Teredo BGP routes
    * TEREDO-MNT: list of operators advertising the Teredo prefix via BGP
    * List of Teredo servers maintained by SixXS

Retrieved from ""
Categories: IPv6 | Tunneling protocols
"A strange game. The only winning move is not to play."--Joshua


  • Guest
Yea you can tunnel IPv6

You might also find it educational to actually try to get yourself a proper IPv6 connection.
At least go through the motions.

You'll be surprised what you find.

Offline Republic Renewal

  • Member
  • ****
  • Posts: 263
  • I felt the storm approaching...
Agree strongly with the name, so I will assume that your using a library computer, self generated home electricity, well-pumped water , and a self-installed heater all paid for by cash? Can I ask what you do for a living? Is your water pure and non-toxinated?

Don't get me wrong, you could be living with a friend like me. There is nothing in my name (except that my paycheck stubs come here, although i would prefer an under the table job. The only true (liveable) way to stay off the grid is either A become homeless  or B live with someone else whose name is on everything while you pay cash paid to you from under the table work. THIS IS ALL ASSUMING THAT WE AREN"T BEING WATCHED AT THIS MOMENT FROM SATELLITES! AS I AM SURE THEY WILL FIND YOU IF THEY NEED TO! PERHAPS TRACKING YOUR SOCIAL?
Nosce te Ipsum

Know Thyself

Offline trailhound

  • Member
  • *****
  • Posts: 4,722
Agree strongly with the name, so I will assume that your using a library computer, self generated home electricity, well-pumped water , and a self-installed heater all paid for by cash? Can I ask what you do for a living? Is your water pure and non-toxinated?

Don't get me wrong, you could be living with a friend like me. There is nothing in my name (except that my paycheck stubs come here, although i would prefer an under the table job. The only true (liveable) way to stay off the grid is either A become homeless  or B live with someone else whose name is on everything while you pay cash paid to you from under the table work. THIS IS ALL ASSUMING THAT WE AREN"T BEING WATCHED AT THIS MOMENT FROM SATELLITES! AS I AM SURE THEY WILL FIND YOU IF THEY NEED TO! PERHAPS TRACKING YOUR SOCIAL?

Alex interviews Rob Savoye on the Rainbow family


"Do not let your hatred of a people incite you to aggression." Qur'an 5:2
At the heart of that Western freedom and democracy is the belief that the individual man, the child of God, is the touchstone of value..." -RFK

Offline Republic Renewal

  • Member
  • ****
  • Posts: 263
  • I felt the storm approaching...
Nosce te Ipsum

Know Thyself

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
The Flu will keep people at home sick.
Offices will ask workers to telecommute.
Telecommuters will "clog" the internet.
Internet services will be pared down to accommodate 'important' connections.
Internet switchover to new filtered, controlled internet will occur without complaints from anyone.

The end of the internet as we know it (place for truth) will be ushered in as people thank the government for protecting them.

This article from the CIA/Washington Post should ring alarm bells... this is what they're going to use to end all that pesky truth on the internet:


Flu-wary telecommuters may clog Web networks, GAO says
By Cecilia Kang
Wednesday, October 28, 2009

As the spread of the H1N1 flu keeps more Americans away from work and school, a federal report warns that all those people logging on to the Web from home could overwhelm Internet networks.

The Government Accountability Office reported earlier this week that if the flu reaches a pandemic, a surge in telecommuting and children accessing video files and games at home could bog down local networks.

And if that were to happen, it is not clear whether the federal government is prepared to deal with the problem, the GAO said.

The Department of Homeland Security is in charge of communications networks during times of national emergency. But it doesn't have a strategy to deal with overloaded Internet networks -- an essential resource to keep the economy humming, and residents informed and connected during a pandemic, the GAO said. Furthermore, the DHS hasn't coordinated with agencies such as the Federal Communications Commission to create guidelines for how telecom, cable and satellite providers can minimize congestion.

Such confusion "would increase the risk that the federal government will not be able to respond rapidly or effectively if a pandemic quickly emerges," the GAO reported.

Network operators such as Comcast, AT&T, Cox and Verizon are limited in their options. They could add bandwidth capacity and lay down private lines for essential workers, but that is expensive and would take too long. Shutting down certain Web sites or prioritizing traffic could run into technical and regulatory hurdles, the report said.

An Internet service provider could decide to slow all connections in a certain neighborhood, but then that network operator would be violating contracts with customers, according to the report.

"Private Internet providers have limited ability to prioritize traffic or take other actions that could assist critical tele-workers. Some actions, such as reducing customers' transmission speeds or blocking popular Web sites, could negatively impact e-commerce and require government authorization," the GAO report said.

House Energy and Commerce Committee members commissioned the report, asking the GAO to specifically look at how financial markets would deal with such a scenario.

In its response to the GAO, the DHS said it didn't know which agency had clear or specific authority to allow telecom, cable and satellite companies to block or slow traffic to cope with congestion. The FCC can grant exceptions to its Internet access rules that would allow prioritization of certain traffic in instances where public safety is in jeopardy.

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline ekimdrachir

  • Member
  • *****
  • Posts: 7,144
    • Go Outside

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
OMG!! CYBER TERROR!! BE AFRAID! ... File-sharing software ban sought in House
« Reply #175 on: November 18, 2009, 05:45:51 am »
Those guys at Washington Post just don't STOP!!! They continue to spew bullshit stories...
They HATE the free internet... and I think they've got compromising photos of legislators...  ::)

File-sharing software ban sought in House
By Paul Kane
Wednesday, November 18, 2009

Weeks after an embarrassing security breach revealed details of dozens of ethics investigations, a House committee chairman introduced legislation Tuesday that would forbid federal employees to use popular file-sharing technology that was involved in the leak.

Rep. Edolphus Towns (D-N.Y.), who chairs the House Oversight and Government Reform Committee, aims to outlaw federal workers from using networks such as LimeWire, through which network members can share computer and music files.

The Washington Post reported last month on the inner workings of the House Ethics Committee and the Office of Congressional Ethics. The information came from a committee document that a junior staffer had exposed on her home computer, which was using peer-to-peer technology. A non-congressional source with no connection to the committee accessed the document and gave a copy to The Post.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," Towns said in a statement. "Voluntary self-regulations have failed, so now is the time for Congress to act."

Other peer-to-peer security breaches in the last year have involved documents about the president's helicopter,
financial information belonging to Supreme Court Justice Stephen G. Breyer,
and the location of a Secret Service safe house for the first family.
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40


  • Guest
Re: CSIS J. Lewis: "Internet should be able to be shutdown like planes on 911"
« Reply #176 on: January 25, 2010, 01:15:18 pm »

...Others say the president should be able to take such action. James Lewis, senior fellow for the Center for Strategic and International Studies, which last year issued a set of cybersecurity recommendations to Congress, likened the provision to President George W. Bush’s call to shut down airlines after the attacks of Sept. 11, 2001.

“It seems foolish not to have the same authority for cyberspace,” he said.
“It’s not that the president will wake up in a bad mood one day and implode Yahoo. This would apply only to severe national emergencies. … This is a great opportunity to blast us into a new level of discussion about cybersecurity.”

Excerpt from:

"James Lewis of the Center for Strategic and International Studies compared the provisions to President Bush’s decision to shut down airlines after the 9/11 attacks.

Next time you read a story that says ‘the government can’t shut down the internet because 90% of the infrastructure is privately owned’, I want you to think for a moment; did the government own the airlines?  Remember, once these systems are designated as critical infrastructure, regardless of their ownership, they will be required to comply with federal standards which put them indirectly under government control. Depending on who is attached to these networks, the systems will fall under control of either Homeland Security or the NSA.  Both competent agencies with the publics best interests at heart.

Obama Administration Seeks “Emergency Control” of the Internet

    Drafted by Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME), “best friends forever” of the National Security Agency (NSA) and the telecommunications industry, they were key enablers of Bush-era warrantless wiretapping and privacy-killing data mining programs that continue apace under Obama.

Once the ‘emergency’ is declared, and the networks are commandeered, privacy’s already dead zombie corpse is beheaded and killed with fire, so not even the illusion of privacy would remain.

The initial question remains. Can America Take Over The Internet?

My initial reactionary response to this absurd question is “of course not”.  Though after some discussion it seems to be that with enough pressure from the United States, most international corporations, telecommunications providers, and ISP’s are likely to cave and accept the forced compliance standards.  After all if America gets the DNSSEC root, then the DHS will be able to shut down pretty much whatever they want on an international scale, not to mention that the IANA was a US Department of Defense contract which ICANN was created to handle after the death of John Postal

New Agreement Means Greater Independence in Managing the Internet’s System of Unique Identifiers

    “The United States Department of Commerce has clearly signaled that multi-stakeholder management of the Internet’s system of unique identifiers is the way ahead and ICANN is the obvious organization to take that responsibility,”- ICANN will no longer have its work prescribed for it. How it works and what it works on is up to ICANN and its community to devise;- ICANN is not required to report every 6 months as it has been under the MOU. It will now provide an annual report that will be targeted to the whole Internet community; – There is no requirement to report regularly to the DOC. The DOC will simply meet with senior ICANN staff from time to time. “The ICANN model of multi-stakeholder consultation is working and this agreement endorses it.

No requirement to report to the Department of Commerce, they can just come over for drinks every once in a while to see how things are going.   “Multi-stakeholder consultation”, makes me wonder where the ICANN is getting its funding.  Strangely enough, the federal funding for ICANN seems to be incompletely listed.

ICANN Funding

    "It is unclear from the above paragraph whether ICANN inherits IANA’s self-proclaimed mandate of ‘Preserving the central coordinating functions of the global Internet for the public good.’ However, it would appear that it is in a good position to assert end-users should be willing to pay. If they are not, then the internet should be allowed to fall apart. Certainly the regulatory authorities who have largely stepped aside to allow this experiment to happen ‘would like to see an economically rational and practical charging system – a contribution per name registered for example.’ Therefore ICANN devises a funding scheme that not only takes account of internediary functions, but goes directly to the beneficiaries of the connectivity ICANN preserves and asks them for a contribution appropriate to the value of their benefit. ICANN provides security and stability. What is the price of that stabilty and security? What further can ICANN do to provide these services? It is in terms of the above argument that, apart from registry contributions, well-wisher contributions (disallowed as political contirbutions long-term?), we devised a quadripartite funding plan which can draw income from the end-user services ICANN provides. However it is not suggested that ICANN, in its not-for-profit guise, should operate these income streams directly -this would hazard the not-for-profit status of ICANN and threaten its mandate-, but that it be an agreed beneficiary on a cost-recovery basis, whilst any other pooled income accrues to internediaries pro rata."

So now, I believe, the question should be: “Can the World Take The Internet From the USA?”

Offline Outer Haven

  • Member
  • *****
  • Posts: 1,954
Is IPv6 already in place?
"Building the future and keeping the past alive are one and the same thing."
-- Snake


  • Guest
Is IPv6 already in place?

That is an interesting question.

The number of people able to use IPv6 is increasing all the time as ISP slowly but steadily implement it. Over time, ISP's will provide more and more services via IPv6 but this is still some way off, with only a few manufacturers producing fully IPv6 compatible DSL routers for instance.

Here is an example from the Verizon FAQ
I just picked them as a really big Amercian ISP, but its pretty much the same across the developed world

What are Verizon’s plans for deploying IPv6?
While IPv6 is needed to accommodate the growth in Internet usage, many existing servers and other Internet devices will not be speaking IPv6 for a while – the IPv4 format will still be in use for some time to come.

To best serve our customers during this time, Verizon is rolling out IPv6 address space in a "dual stack" mode – where IPv4 and IPv6 addresses are both loaded. The company will maintain IPv4 for those servers continuing to use that standard, and IPv6 for servers using this latest standard. The dual stack approach applies to both existing and new Verizon customers. Verizon is implementing these dual stack upgrades in its broadband network to support both FiOS and HSI Internet customers. The upgrades will start in 2013 and the first phase will include Verizon FiOS customers who have a dynamic IP address. Unless there is a need to enter an IP address directly, these changes will generally be transparent our customers.

Offline TahoeBlue

  • Global Moderator
  • Member
  • *****
  • Posts: 20,338
Is IPv6 already in place?

ipv6 Tier 1

NTT Com operates the world's largest tier 1 IPv6 backbone, spanning Asia, Europe, North America and Australia. Our global backbone has been fully upgraded to run dual stack both IPv4 and IPv6.
Behold, happy is the man whom God correcteth: therefore despise not thou the chastening of the Almighty: For he maketh sore, and bindeth up: he woundeth, and his hands make whole ; He shall deliver thee in six troubles: yea, in seven there shall no evil touch thee. - Job 5