• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

IPv6 Portscan failure

Started by ratcheer, February 21, 2011, 08:24:05 AM

Previous topic - Next topic

ratcheer

I seem to have everything working on my tunnel except the IPv6 Portscan, which always fails with the message "Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-21 08:10 PST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.13 seconds".

I do not know where to put "-PN".

I have configured my client firewall (ufw on Ubuntu) to allow IPv6, and I have configured my router not to block anonymous WAN requests. What else do I need to attend to?

Thanks,
Tim

ratcheer

I apologize. There is a checkbox right on the portscan submit page.  :-[

Tim

ratcheer

I assume this is a good result?

Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-21 08:25 PST
All 1000 scanned ports on ratcheer-1-pt.tunnel.tserv13.ash1.ipv6.he.net (2001:470:7:b57::2) are filtered

Nmap done: 1 IP address (1 host up) scanned in 202.00 seconds


Thanks,
Tim

kriteknetworks

The scan only covers the first 1023 ports, aka "privileged" ports, services that require root to bind to the ports (linux/unix). I don't know what the Windows default behaviour is regarding privileged ports.

ratcheer

Quote from: kriteknetworks on February 21, 2011, 08:44:53 AM
I don't know what the Windows default behaviour is regarding privileged ports.

I am on Ubuntu 10.10

Tim

johnpoz

Something is not right on that portscanner for sure - I know for a fact that ping is working from outside to an ip, but it it seems to fail the ping test.

so from another scanner.

http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php

IPv6 Ping Output:

PING 2001:470:snipped:b85::666(2001:470:snipped:b85::666) 32 data bytes
40 bytes from 2001:470:snipped:b85::666: icmp_seq=0 ttl=56 time=171 ms
40 bytes from 2001:470:snipped:b85::666: icmp_seq=1 ttl=56 time=176 ms
40 bytes from 2001:470:snipped:b85::666: icmp_seq=2 ttl=56 time=172 ms
40 bytes from 2001:470:snipped:b85::666: icmp_seq=3 ttl=56 time=165 ms

--- 2001:470:snipped:b85::666 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 165.971/171.631/176.412/3.757 ms, pipe 2

Finished!

if ping an IPv6 that is not online

IPv6 Ping Output:

PING 2001:470:snipped:b85::667(2001:470:snipped:b85::667) 32 data bytes
From 2001:470:snippedtunnel:b85::2 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:470:snippedtunnel:b85::2 icmp_seq=3 Destination unreachable: Address unreachable

--- 2001:470:snipped:b85::667 ping statistics ---
4 packets transmitted, 0 received, +2 errors, 100% packet loss, time 3000ms

Shows can not get there - but if I try that same 666 address that pings just fine using the he portscanner without marking it to not ping first I get this.
http://www.tunnelbroker.net/ipv6_portscan.php

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-14 11:32 PDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 3.12 seconds

Now I if I use the -PN checkbox, then it reports any ports that I have listening.. But something is not quite right with the ping portion of it.


peebles

nmap can use icmp in more than one way (not sure how it's implemented at HE), I use nmap to test for open ports and ping to check that the the workstation is up.

From : http://nmap.org/bennieston-tutorial/

QuoteThe -P0 (that's a zero) option allows you to switch off ICMP pings. The -PT option switches on TCP Pings, you can specify a port after the -PT option to be the port to use for the TCP ping.

Disabling pings has two advantages: First, it adds extra stealth if you're running one of the more stealthy attacks, and secondly it allows Nmap to scan hosts which don't reply to pings (ordinarily, Nmap would report those hosts as being "down" and not scan them).

In conjunction with -PT, you can use -PS to send SYN packets instead of ACK packets for your TCP Ping.

The -PU option (with optional port list after) sends UDP packets for your "ping". This may be best to send to suspected-closed ports rather than open ones, since open UDP ports tend not to respond to zero-length UDP packets.

Other ping types are -PE (Standard ICMP Echo Request), -PP (ICMP Timestamp Request), -PM (Netmask Request) and -PB (default, uses both ICMP Echo Request and TCP ping, with ACK packets)


Different tools for different jobs, I use looking glass for ping and traceroute. Also, on a different note, if you happen to be using ufw to firewall your ipv6, you'll notice that if you turn it off for a second then run nmap as per usual, it works.

Looking glass link below:

http://lg.he.net/

Happy to compare nmap readouts with you if that helps?

Regards,

Billy

johnpoz

yeah I hear ya - but they don't tell you what the ping options they are using are set for.. I would assume it would just be default?  Which is echo request and tcp??

So shouldn't simple echo request work?  the looking glass ping works just fine as well