Text only | Text with Images

Hurricane Electric's IPv6 Tunnel Broker Forums

Tunnelbroker.net Specific Topics => Questions & Answers => Topic started by: rsreese on September 24, 2010, 08:59:43 PM

Title: Nmap toggles used by HE IPv6 portscan page
Post by: rsreese on September 24, 2010, 08:59:43 PM
What Nmap toggles are used by http://tunnelbroker.net/ipv6_portscan.php

I'm getting some interesting results but I'm assuming that's because I'm scanning through a tunnel so the scan is penetrating the firewall rendering it useless. I would like to fix this by applying ACL's to the tunnel interface.
Title: Re: Nmap toggles used by HE IPv6 portscan page
Post by: kcochran on September 24, 2010, 09:15:04 PM
nmap -6 $IPADDR

That's it.

And if your firewall is only watching for v4, it won't catch anything v6 related.
Title: Re: Nmap toggles used by HE IPv6 portscan page
Post by: rsreese on September 24, 2010, 09:20:48 PM
Thanks for the quick reply. That's what I thought.

Would filtering the tunnel interface be the best scenario since I do not assume you can filter IPv6 at the IPv4 interface in which the encapsulated IPv6 packets arrived at?
Title: Re: Nmap toggles used by HE IPv6 portscan page
Post by: kcochran on September 24, 2010, 09:26:28 PM
Yeah, you'd have to stick any ACLs on the actual v6 interfaces.  Trying to filter on the v4 won't work, since it has no real concept of the embedded IPv6 traffic until it's unencapsulated.
Title: Re: Nmap toggles used by HE IPv6 portscan page
Post by: rsreese on September 24, 2010, 10:01:07 PM
Thanks for the help, found a pretty simple how-to here: http://wiki.nil.com/IPv6_over_IPv4_tunneling
Text only | Text with Images