Hi folks,
I tried doing an IPv6 portscan from the tunnelbroker.net webpage, and it showed:
PORT STATE SERVICE
445/tcp open microsoft-ds
Does this mean that my port 445 on my Windows machine is visible to the entire IPv6 Internet?
Thanks. --David Eisenstein
Yes. I think you may want to use an IPv6 firewall like ip6tables.
Yes, its open to the world. Ensure the machine has a firewall running on it.
Thank you. I was using an old version of Zonealarm. Removed it and enabled Windows Firewall and that port (and others) are no longer visible to the IPv6 portscan.
To keep your network free and clear of outside traffic trying to access windows services, I recommend you block ports 445, 137-139 in the FORWARD-ing rules on your edge router if possible. By adding those ports to that table, any outside SMB connections to your internal ipv6 network will fail. This will protect you from the outside if you put up another Windows machine and forget to enable the firewall.