Hurricane Electric's IPv6 Tunnel Broker Forums

Any site - ala GRC shieldsup, etc. - testing from the cloud for open ports using IPv6 ?

Not that I expect bad news, but running Win 2k, I don't have an ipv6 enabled firewall, nor even the protection that the Speedtouch home router using PAT/NAT affords in IPv4. A TCP/UDP port test of my box using ipv6 could be a useful eye-opener, I say.

perhaps some web enabled nmap -6 scanner, plug in the IPv6 address? I'd search for that.

Solved - I Nmap'd to my site from a remote "shell account" : all korrekt :=)

Can you advise a small Windows app that can open a listener on selected TCP or UDP port in IPv6, ala netcat ?

Quote from: Ninho on August 05, 2009, 04:36:01 AM
Solved - I Nmap'd to my site from a remote "shell account" : all korrekt :=)

Can you advise a small Windows app that can open a listener on selected TCP or UDP port in IPv6, ala netcat ?

Was this a free ipv6 enabled shell?  If so, could you tell me where?

Quote from: jimb on August 05, 2009, 04:40:18 AM
Was this a free ipv6 enabled shell?

Free shell it is. BSD Unix box, I think. IPv6 enabled ? Let's qualify : I access it on ipv4 only, can't tell if it also reachable on the v6 internet - a good question, indeed. From the shell I was able to 'nmap -6' my home box without it giving error messages, so, I think, it has acceptable outgoing access to the ipv6 internet. The question deserves further study, sorry for being fuzzy...

Quotecould you tell me where?

Of course, but I am in no position to offer you membership, you'll have to ask the sysop (Xavier). At <http://www.rootshell.be> you'll find a forum and instructions for applying.The unix box itself is in the USA.

I've googled for online TCP/IPv6 port scanning/pinging without much\\\any success !

This URL promises a lot of tests, ping, tracepath, port scan... but the tests are not working ATM :(

<http://www.subnetonline.com/pages/ipv6-network-tools.php>

Somebody has other references to share ? May I suggest HE/Tunnelbroker could bring us a test page.

Answering my own question, the Viking's :

<http://www.vikingscan.org/home>

does a configurable 'nmap -6' scan of the requestor's IPv6 address,
scan results appear both in the browser and emailed to user.

Quote from: Ninho on August 06, 2009, 06:53:30 AMMay I suggest HE/Tunnelbroker could bring us a test page.

Ask and ye shall receive: http://tunnelbroker.net/ipv6_portscan.php

Scans are limited to a single v6 address at a time and only within your own /64s, /48s or your side's tunnel endpoints (::2 of the ptp /64s).

The usual disclaimers apply.  Might be bugs, not a replacement for an in-depth security sweep, etc.

Nice.  Tried it out and seems to work.

I noticed one odd thing though.  When I tried to scan my side of the tunnel (client ipv6), it errored out saying that the ping probe failed, but it looks like I never got a ping on the interface according to my tcpdump and ip6tables stats.

It scanned the inside hosts on my /48 fine though.

Quote from: kcochran on August 09, 2009, 05:06:01 AM
Ask and ye shall receive: http://tunnelbroker.net/ipv6_portscan.php

Great ! What is the exact "nmap" command used ? It would be nice if we were able to choose port number(s) to scan, as well as a few other nmap options, within reason - like that other test does.

Right now it's just "nmap -6 2>&1 $V6ADDR"

What sorts of additional options would you like to see?

Quote
What sorts of additional options would you like to see?

Type of test, proto (TCP/UDP/other?), range of ports to test (where applicable)...
(added on 08/28/09 -> Scan options, including -PN (don't ping).

I'm not an "nmap -6" command line artist, someone else may want to chime in.

Did you give a look at the Viking's page <http://miniscan6.vikingscan.org/MiniScan-0.2/miniscan/create> ?
He has a load of options available already. Don't forget to click the plus sign along
"Advanced options - optional"

Just a minor suggestion, some linewrap on the output.  When I get the lineInteresting ports on jrowens-1-pt.tunnel.tserv3.fmt2.ipv6.he.net (2001:470:1f04:9b2::2):
it goes clear across and overlays the "Services" sidebar box. (At least, I think it's on top; hard to be sure.)

Back to this request, which sadly hasn't progressed

Quote from: kcochran on August 09, 2009, 06:41:12 AM
Right now it's just "nmap -6 2>&1 $V6ADDR"

What sorts of additional options would you like to see?

Please let us specify our own list of options ! There shouldn't be security problems, since you let us test our own tunneled IP6 addresses only. I take it  you can and will want to log or monitor the tests and take appropriate action in case of abuse.

At the very least, please let use do the probes without pinging ( nmap -P N).
User specified ports. UDP !

With due regards,

I've added the -PN option.

Thank you, HE and specifically KCochran !

Could you now think of a method for allowing the testing of ports above the first thousand ?
I assume you're concerned over use of your resources & possible denial of service. However, the users have to be identified and known to the system, right ? We could have a form entry for a range of ports to scan, that would accept maximum 1024 (or pick your number) consecutive ports at a time. If you're paranoïd  even :-\ an additional validation system or 'captcha' could be added.

What do you all think of this modest proposal ?

I know this probably isn't what you're looking for, but I just want to mention that Comodo supposedly has a service that will scan IPv6 addresses.  At least that's what they've told me, I haven't signed up with them to actually test it yet.

It's not a question of security so much, as you have to be logged in to use it, and it is constrained to your IPv6 ranges.  It's really that nmap can take a very loooong time when it's doing a portscan if the remote site isn't responding, potentially leaving nmap spinning until it finishes.

Quote from: kcochran on October 25, 2009, 02:47:46 PM
It's really that nmap can take a very loooong time when it's doing a portscan if the remote site isn't responding, potentially leaving nmap spinning until it finishes.

Back to you over this one, KC. Not contesting your quote either, but... do we understand each other correctly ? What I'm suggesting is, please let us specify the first port number for a check, instead of starting at port 1 always. Keep the number of tested ports the same (1024 for instance). Surely NMAPping ports 1000 to 2000 won't take significantly more ressources from HE than the case of 1 to 1000, and, since this is manually initiated from a webpage (and logged) the risks of abusive use against HE's systems are minimal ?

Thank you for the IPv6 Portscan.
Is it possible to add the option to scan one (or more) specific port(s)?

Does somebody known a program to open a local port and supports ipv6?
The program i use for ipv4: "Local TCP Port Opener" from http://software.mediakonst.se/#PORT

I have opened port 25 and is shown as open on http://www.grc.com/x/ne.dll?rh1dkyd2
The IPv6 Portscan doesn't show this open port.

result portscan:
All 1000 scanned ports are closed
Nmap done: 1 IP address (1 host up) scanned in 4.92 seconds

An other Portscan http://ipv6.wcclan.net/portscan

Quote from: ngjvjRbYM on November 13, 2009, 04:39:33 PM
Does somebody known a program to open a local port and supports ipv6?

If it's just to have the port open for testing purposes, search for ncat6, a recompilation of Hobbit's well-known "swiss knife" ncat program. Else have a TCP v6 enabled server for whatever service you intend to open listen on the appropriate port.

QuoteI have opened port 25 and is shown as open on http://www.grc.com/x/ne.dll?rh1dkyd2
The IPv6 Portscan doesn't show this open port.

Of course, you appear to be running some flavour of Windows, that has dual stacks, the TCP (v6) and TCP (v4) ports are independent.

HTH !

I can't find ncat6. I have found Ncat. Ncat seems to support IPv6
Ncat is integrated with Nmap in Nmap version 4.85BETA1 and later (see the Nmap download page (http://nmap.org/download.html)).

It is working. I have used "ncat -6 -k -l 25" from command prompt without the " " to open IPv6 local port 25.
The open port is shown in the portscan results.

It looks like the portscan tool doesn't really send an ICMP echo packet to determine if the host is up. What I see in my logs are TCP requests to 80 and 443.

Quote from: mattbrous on December 18, 2009, 04:45:19 PM
It looks like the portscan tool doesn't really send an ICMP echo packet to determine if the host is up. What I see in my logs are TCP requests to 80 and 443.

They are sending TCP SYNs to 80 and 443.  If they want to send pings they need to add -PE to the command line (or they could change the page to say they are doing host discovery with TCP).

From the nmap man page:

       -6 (Enable IPv6 scanning) .
           Since 2002, Nmap has offered IPv6 support for its most popular features. In particular,
           ping scanning (TCP-only), connect scanning, and version detection all support IPv6.