Security is important.
Testable by having a TCP port, perhaps something in the range of 501 to 550 or > 1024 , return icmp6-adm-prohibited.
The test form would include the target address and the port the admin will set to return icmp6-adm-prohibited
A suggestion to the test taker of using a normally unused port, perhaps something in the range of 501 to 550 or just in the high range of 1025 to 65535, to return icmp6-adm-prohibited.
A bit more comprehensive test would be:
Set up a firewall to filter IPv6 traffic. Test will attempt to telnet to the port.
Responses to include:
Accept
icmp6-adm-prohibited
icmp6-addr-unreachable
icmp6-port-unreachable
icmp6-no-route
Host to test against: ____
Port to allow traffic to ____ (examples: 22, 25, 53, 80, 443)
Port that will be adm-prohib ____
Port that will be addr-unreach ____
Port that will be port-unreach ____
Port that will be no-route ____
When the test is run a programmatic equivalent of this test to ports 501-504 and 25 will occur
michael@hive:~$ for p in 1 2 3 4
> do
> telnet -6 $IPv6_addr 50$p
> done
Trying $IPv6_addr...
telnet: Unable to connect to remote host: No route to host
Trying $IPv6_addr...
telnet: Unable to connect to remote host: No route to host
Trying $IPv6_addr...
telnet: Unable to connect to remote host: Permission denied
Trying $IPv6_addr...
telnet: Unable to connect to remote host: Network is unreachable
michael@hive:~$ telnet -6 $IPv6_addr 25
Trying $IPv6_addr...
Connected to $IPv6_addr.
Escape character is '^]'.
220 post.michaelsnet.us ESMTP Postfix
For better or worse this would be limited to people with control over capable firewalls.