Why is my Windows server communicating with hosts 94.245.121.253 or 157.56.144.215?

On modern servers, for example Windows Server 2012 R2 you might see “suspicious” traffic to IP addresses 94.245.121.253 or 157.56.144.215 on port 3544. This traffic is coming from the Microsoft Teredo implementation. These IP addresses actually resolve to terodo.ipv6.microsoft.com

What is teredo?

Teredo is a protocol that allows computers behind a NAT firewall (most home computers are) and without a native IPv6 connection to access remote IPv6 resuorces. The idea is that home users can start accessing IPv6 web services before their local connection supports the protocol, making the transition from IPv4 easier.

You can leave a response, or trackback from your own site.

Leave a Reply