• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

IPv6 portscan

Started by deisenst, August 03, 2015, 11:56:52 PM

Previous topic - Next topic

deisenst

Hi folks,
I tried doing an IPv6 portscan from the tunnelbroker.net webpage, and it showed:
PORT      STATE    SERVICE
445/tcp   open     microsoft-ds

Does this mean that my port 445 on my Windows machine is visible to the entire IPv6 Internet?

Thanks.    --David Eisenstein

evantkh

Yes. I think you may want to use an IPv6 firewall like ip6tables.

kriteknetworks

Yes, its open to the world. Ensure the machine has a firewall running on it.

deisenst

Thank you.  I was using an old version of Zonealarm.  Removed it and enabled Windows Firewall and that port (and others) are no longer visible to the IPv6 portscan.

hammy559

To keep your network free and clear of outside traffic trying to access windows services, I recommend you block ports 445, 137-139 in the FORWARD-ing rules on your edge router if possible.  By adding those ports to that table, any outside SMB connections to your internal ipv6 network will fail.  This will protect you from the outside if you put up another Windows machine and forget to enable the firewall.