Text only | Text with Images

Hurricane Electric's IPv6 Tunnel Broker Forums

Tunnelbroker.net Specific Topics => Questions & Answers => Topic started by: deisenst on August 03, 2015, 11:56:52 PM

Title: IPv6 portscan
Post by: deisenst on August 03, 2015, 11:56:52 PM
Hi folks,
I tried doing an IPv6 portscan from the tunnelbroker.net webpage, and it showed:
PORT      STATE    SERVICE
445/tcp   open     microsoft-ds

Does this mean that my port 445 on my Windows machine is visible to the entire IPv6 Internet?

Thanks.    --David Eisenstein
Title: Re: IPv6 portscan
Post by: evantkh on August 04, 2015, 02:55:59 AM
Yes. I think you may want to use an IPv6 firewall like ip6tables.
Title: Re: IPv6 portscan
Post by: kriteknetworks on August 04, 2015, 04:41:06 AM
Yes, its open to the world. Ensure the machine has a firewall running on it.
Title: Re: IPv6 portscan
Post by: deisenst on August 04, 2015, 05:30:16 AM
Thank you.  I was using an old version of Zonealarm.  Removed it and enabled Windows Firewall and that port (and others) are no longer visible to the IPv6 portscan.
Title: Re: IPv6 portscan
Post by: hammy559 on September 03, 2015, 12:32:34 AM
To keep your network free and clear of outside traffic trying to access windows services, I recommend you block ports 445, 137-139 in the FORWARD-ing rules on your edge router if possible.  By adding those ports to that table, any outside SMB connections to your internal ipv6 network will fail.  This will protect you from the outside if you put up another Windows machine and forget to enable the firewall.
Text only | Text with Images