Nmap toggles used by HE IPv6 portscan page

rsreese · September 24, 2010, 08:59:43 PM

What Nmap toggles are used by http://tunnelbroker.net/ipv6_portscan.php

I'm getting some interesting results but I'm assuming that's because I'm scanning through a tunnel so the scan is penetrating the firewall rendering it useless. I would like to fix this by applying ACL's to the tunnel interface.

kcochran · September 24, 2010, 09:15:04 PM

nmap -6 $IPADDR

That's it.

And if your firewall is only watching for v4, it won't catch anything v6 related.

rsreese · September 24, 2010, 09:20:48 PM

Thanks for the quick reply. That's what I thought.

Would filtering the tunnel interface be the best scenario since I do not assume you can filter IPv6 at the IPv4 interface in which the encapsulated IPv6 packets arrived at?

kcochran · September 24, 2010, 09:26:28 PM

Yeah, you'd have to stick any ACLs on the actual v6 interfaces. Trying to filter on the v4 won't work, since it has no real concept of the embedded IPv6 traffic until it's unencapsulated.

rsreese · September 24, 2010, 10:01:07 PM

Thanks for the help, found a pretty simple how-to here: http://wiki.nil.com/IPv6_over_IPv4_tunneling

News:

Nmap toggles used by HE IPv6 portscan page

rsreese

kcochran

rsreese

kcochran

rsreese