579
edits
Changes
Jump to navigation
Jump to search
Line 5:
Line 5: − + Line 14:
Line 14: − + − Line 40:
Line 39: − + − − '''If you wish to test your host now then please point your browser towards [https://ipv6.chappell-family.com/ipv6tcptest/ my IPv6 portscanner.]''' + − + Line 54:
Line 52: − + − Line 77:
Line 74: − + −
Update IPv6 addresses.
=== Introduction ===
=== Introduction ===
Recent web-browsers request IPv6 DNS lookups in preference to IPv4 if they are running on a host with IPv6 enabled. My domain (ipv6.chappell-family.com) has DNS entries for both IPv4 and IPv6 addresses. This makes it safe for IPv4-only hosts, which make up most of the current web traffic, including search engines, to use the same URL. Browsers running on IPv4-only hosts will not request an IPv6 address and will therefore access the website entirely using IPv4. The landing page, as linked below, attempts to determine whether your machine has a valid globally routable IPv6 address (2000::/3) and whether it is behind an HTTP proxy, by looking for well known HTTP header variables which indicate that this may be the case. Only if the hosts' IP address is determined to be globally-routable unicast IPv6 and there are no tell-tale HTTP proxy variables will the landing page offer links to initiate the scan, as shown in the figure below.
Recent web-browsers request IPv6 DNS lookups in preference to IPv4 if they are running on a host with IPv6 enabled. The ipv6.chappell-family.com domain has DNS entries for both IPv4 and IPv6 addresses. This makes it possible for IPv4-only hosts, which make up most of the current web traffic, including search engines, to use the same URL. Browsers running on IPv4-only hosts will not request an IPv6 address and will therefore access the website entirely using IPv4. The landing page, as linked below, attempts to determine whether your machine has a valid globally routable IPv6 address (2000::/3) and whether it is behind an HTTP proxy, by looking for well known HTTP header variables which indicate that this may be the case. Only if the hosts' IP address is determined to be globally-routable unicast IPv6 and there are no tell-tale HTTP proxy variables will the landing page offer links to initiate the scan, as shown in the figure below.
Please do NOT attempt to test hosts which are located behind HTTP proxies. Such proxies are very common in both corporate environments and on commercially-operated free wifi networks. The landing page for IPscan attempts to detect the common headers which such proxies insert, but it cannot detect truly transparent proxies. An HTTP Proxy is typically used by corporate networks to ensure employees are using their PCs in line with corporate computer-use policies. If you are interested in deploying your own HTTP proxy then [http://www.squid-cache.org/ Squid] is highly recommended as a proxy able to perform not only the usual access control and content-caching tasks but also offering IPv4 and IPv6 inter-working between single and dual-stack clients and web-sites. For further details please read my [https://ipv6.chappell-family.com/docs/IPv6_Squid_v01.pdf IPv6 Squid Proxy article.]
Please do NOT attempt to test hosts which are located behind HTTP proxies. Such proxies are very common in both corporate environments and on commercially-operated free wifi networks. The landing page for IPscan attempts to detect the common headers which such proxies insert, but it cannot detect truly transparent proxies. An HTTP Proxy is typically used by corporate networks to ensure employees are using their PCs in line with corporate computer-use policies. If you are interested in deploying your own HTTP proxy then [http://www.squid-cache.org/ Squid] is highly recommended as a proxy able to perform not only the usual access control and content-caching tasks but also offering IPv4 and IPv6 inter-working between single and dual-stack clients and web-sites. For further details please read the [https://ipv6.chappell-family.com/docs/IPv6_Squid_v01.pdf IPv6 Squid Proxy article.]
=== The Test ===
=== The Test ===
<font color="red">'''IMPORTANT:''' this scanner will direct IPv6 TCP, UDP and ICMPv6 traffic towards the IP address that my webserver determines the request originates from. Please do NOT attempt to test machines that are operating behind transparent HTTP proxies, unless you also administer the proxy and specifically intend that machine to be tested.</font>
<font color="red">'''IMPORTANT:''' this scanner will direct IPv6 TCP, UDP and ICMPv6 traffic towards the IP address that the webserver determines the request originates from. Please do NOT attempt to test machines that are operating behind transparent HTTP proxies, unless you also administer the proxy and specifically intend that machine to be tested.</font>
'''If you wish to test your host now then please point your browser towards [https://ipv6.chappell-family.com/ipv6tcptest/ the IPv6 portscanner.]'''
=== Test Server Source IPv6 Addresses ===
=== Test Server Source IPv6 Addresses ===
Tests performed from my www64.chappell-family.co.uk host will be sourced from IPv6 address: '''2001:470:971f:6::4'''.
Tests performed from the www66.chappell-family.co.uk host will be sourced from IPv6 address: '''2001:470:971f:99::6'''.
Note: during periods of planned server maintenance, a reduced service supporting only TCP testing may be offered, which will be sourced from an IPv6 address in the following range: '''2001:8d8:100f::/48'''.
Note: during periods of planned server maintenance, a reduced service supporting only TCP testing may be offered, which will be sourced from an IPv6 address in the following range: '''2001:8d8:100f::/48'''.
=== Raspberry Pi Powered IPv6 Firewall Tester ===
=== Raspberry Pi Powered IPv6 Firewall Tester ===
Outline details of my Raspberry Pi Powered IPv6 firewall tester can be found here [[Raspberry_Pi_IPv6_firewall_tester]], along with more complete [[Raspberry_Pi_IPv6_firewall_tester_installation]] details.
Outline details of the Raspberry Pi Powered IPv6 firewall tester can be found here [[Raspberry_Pi_IPv6_firewall_tester]], along with more complete [[Raspberry_Pi_IPv6_firewall_tester_installation]] details.
All tests performed during non-maintenance periods are now handled by a Raspberry Pi powered host.
All tests performed during non-maintenance periods are now handled by a Raspberry Pi powered host.
=== Issues - Debugging ===
=== Issues - Debugging ===
=== Source code ===
=== Source code ===
If you would like to view or download the IPv6 firewall scanner source code then please visit my '''[https://github.com/timsgit/ipscan github]''' page. If you deploy the scanner on an internet facing machine then ''please'' ensure that you protect users' privacy by following the instructions given in point 10 of the embedded [https://github.com/timsgit/ipscan/blob/master/README README] file.
If you would like to view or download the IPv6 firewall scanner source code then please visit the '''[https://github.com/timsgit/ipscan github]''' page. If you deploy the scanner on an internet facing machine then ''please'' ensure that you protect users' privacy by following the instructions given in point 10 of the embedded [https://github.com/timsgit/ipscan/blob/master/README README] file.
=== Automation ===
=== Automation ===