Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: [1] 2

Author Topic: Any v6 Open Ports tests ?  (Read 23225 times)

Ninho

  • Full Member
  • ***
  • Posts: 138
Any v6 Open Ports tests ?
« on: August 05, 2009, 01:34:48 AM »

Any site - ala GRC shieldsup, etc. - testing from the cloud for open ports using IPv6 ?

Not that I expect bad news, but running Win 2k, I don't have an ipv6 enabled firewall, nor even the protection that the Speedtouch home router using PAT/NAT affords in IPv4. A TCP/UDP port test of my box using ipv6 could be a useful eye-opener, I say.


Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1722
Re: Any v6 Open Ports tests ?
« Reply #1 on: August 05, 2009, 01:36:22 AM »

perhaps some web enabled nmap -6 scanner, plug in the IPv6 address? I'd search for that.
Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #2 on: August 05, 2009, 04:36:01 AM »

Solved - I Nmap'd to my site from a remote "shell account" : all korrekt :=)

Can you advise a small Windows app that can open a listener on selected TCP or UDP port in IPv6, ala netcat ?
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Any v6 Open Ports tests ?
« Reply #3 on: August 05, 2009, 04:40:18 AM »

Solved - I Nmap'd to my site from a remote "shell account" : all korrekt :=)

Can you advise a small Windows app that can open a listener on selected TCP or UDP port in IPv6, ala netcat ?
Was this a free ipv6 enabled shell?  If so, could you tell me where?
Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #4 on: August 05, 2009, 07:16:21 AM »

Was this a free ipv6 enabled shell?

Free shell it is. BSD Unix box, I think. IPv6 enabled ? Let's qualify : I access it on ipv4 only, can't tell if it also reachable on the v6 internet - a good question, indeed. From the shell I was able to 'nmap -6' my home box without it giving error messages, so, I think, it has acceptable outgoing access to the ipv6 internet. The question deserves further study, sorry for being fuzzy...

Quote
   could you tell me where?

Of course, but I am in no position to offer you membership, you'll have to ask the sysop (Xavier). At <http://www.rootshell.be> you'll find a forum and instructions for applying.The unix box itself is in the USA.


Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #5 on: August 06, 2009, 06:53:30 AM »

I've googled for online TCP/IPv6 port scanning/pinging without much\\\any success !

This URL promises a lot of tests, ping, tracepath, port scan... but the tests are not working ATM :(

<http://www.subnetonline.com/pages/ipv6-network-tools.php>

Somebody has other references to share ? May I suggest HE/Tunnelbroker could bring us a test page.

Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #6 on: August 07, 2009, 03:44:15 AM »

Answering my own question, the Viking's :

<http://www.vikingscan.org/home>

does a configurable 'nmap -6' scan of the requestor's IPv6 address,
scan results appear both in the browser and emailed to user.

Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 414
Re: Any v6 Open Ports tests ?
« Reply #7 on: August 09, 2009, 05:06:01 AM »

May I suggest HE/Tunnelbroker could bring us a test page.

Ask and ye shall receive: http://tunnelbroker.net/ipv6_portscan.php

Scans are limited to a single v6 address at a time and only within your own /64s, /48s or your side's tunnel endpoints (::2 of the ptp /64s).

The usual disclaimers apply.  Might be bugs, not a replacement for an in-depth security sweep, etc.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Any v6 Open Ports tests ?
« Reply #8 on: August 09, 2009, 05:54:17 AM »

Nice.  Tried it out and seems to work.

I noticed one odd thing though.  When I tried to scan my side of the tunnel (client ipv6), it errored out saying that the ping probe failed, but it looks like I never got a ping on the interface according to my tcpdump and ip6tables stats.

It scanned the inside hosts on my /48 fine though.
« Last Edit: August 09, 2009, 05:57:55 AM by jimb »
Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #9 on: August 09, 2009, 06:28:53 AM »

Ask and ye shall receive: http://tunnelbroker.net/ipv6_portscan.php

Great ! What is the exact "nmap" command used ? It would be nice if we were able to choose port number(s) to scan, as well as a few other nmap options, within reason - like that other test does.

Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 414
Re: Any v6 Open Ports tests ?
« Reply #10 on: August 09, 2009, 06:41:12 AM »

Right now it's just "nmap -6 2>&1 $V6ADDR"

What sorts of additional options would you like to see?
Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #11 on: August 09, 2009, 07:19:20 AM »

Quote
What sorts of additional options would you like to see?

Type of test, proto (TCP/UDP/other?), range of ports to test (where applicable)...
 (added on 08/28/09 -> Scan options, including -PN (don't ping).

I'm not an "nmap -6" command line artist, someone else may want to chime in.

Did you give a look at the Viking's page <http://miniscan6.vikingscan.org/MiniScan-0.2/miniscan/create> ?
He has a load of options available already. Don't forget to click the plus sign along
"Advanced options - optional"
« Last Edit: August 28, 2009, 05:44:29 AM by Ninho »
Logged

jrowens

  • Newbie
  • *
  • Posts: 13
Re: Any v6 Open Ports tests ?
« Reply #12 on: August 20, 2009, 02:38:34 AM »

Just a minor suggestion, some linewrap on the output.  When I get the line
Code: [Select]
Interesting ports on jrowens-1-pt.tunnel.tserv3.fmt2.ipv6.he.net (2001:470:1f04:9b2::2):
it goes clear across and overlays the "Services" sidebar box. (At least, I think it's on top; hard to be sure.)
Logged

Ninho

  • Full Member
  • ***
  • Posts: 138
Re: Any v6 Open Ports tests ?
« Reply #13 on: October 08, 2009, 07:49:20 AM »

Back to this request, which sadly hasn't progressed

Right now it's just "nmap -6 2>&1 $V6ADDR"

What sorts of additional options would you like to see?

Please let us specify our own list of options ! There shouldn't be security problems, since you let us test our own tunneled IP6 addresses only. I take it  you can and will want to log or monitor the tests and take appropriate action in case of abuse.

At the very least, please let use do the probes without pinging ( nmap -P N).
User specified ports. UDP !

With due regards,
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 414
Re: Any v6 Open Ports tests ?
« Reply #14 on: October 08, 2009, 11:57:45 AM »

I've added the -PN option.
Logged
Pages: [1] 2