579
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − + Line 5:
Line 5: − + Line 19:
Line 19: − Line 51:
Line 50: − + Line 83:
Line 82: − +
→Tim's IPv6 Firewall Tester (ICMPv6, IPv6 TCP and UDP Port Scanner)
==Tim's IPv6 Firewall Tester (ICMPv6, IPv6 TCP and UDP Port Scanner)==
==The IPscan IPv6 Firewall Tester (ICMPv6, IPv6 TCP and UDP Port Scanner)==
IPscan offers much of the functionality you might hope to find in an IPv6 version of [https://www.grc.com/ GRC's ShieldsUp®] utility.
IPscan offers much of the functionality you might hope to find in an IPv6 version of [https://www.grc.com/ GRC's ShieldsUp®] utility.
=== Introduction ===
=== Introduction ===
Recent web-browsers request IPv6 DNS lookups in preference to IPv4 if they are running on a host with IPv6 enabled. My domain (ipv6.chappell-family.com) has DNS entries for both IPv4 and IPv6 addresses, but defaults to IPv4. This makes it safe for IPv4-only hosts, which make up most of the current web traffic, including search engines, to use the same URL. Browsers running on IPv4-only hosts will not request an IPv6 address and will therefore access the website entirely using IPv4. The landing page, as linked below, attempts to determine whether your machine has a valid globally routable IPv6 address (2000::/3) and whether it is behind an HTTP proxy, by looking for well known HTTP header variables which indicate that this may be the case. Only if the hosts' IP address is determined to be globally routable unicast IPv6 and there are no tell-tale HTTP proxy variables will the landing page offer links to initiate the scan, as shown in the figure below.
Recent web-browsers request IPv6 DNS lookups in preference to IPv4 if they are running on a host with IPv6 enabled. My domain (ipv6.chappell-family.com) has DNS entries for both IPv4 and IPv6 addresses. This makes it safe for IPv4-only hosts, which make up most of the current web traffic, including search engines, to use the same URL. Browsers running on IPv4-only hosts will not request an IPv6 address and will therefore access the website entirely using IPv4. The landing page, as linked below, attempts to determine whether your machine has a valid globally routable IPv6 address (2000::/3) and whether it is behind an HTTP proxy, by looking for well known HTTP header variables which indicate that this may be the case. Only if the hosts' IP address is determined to be globally-routable unicast IPv6 and there are no tell-tale HTTP proxy variables will the landing page offer links to initiate the scan, as shown in the figure below.
=== The Test ===
=== The Test ===
The tester allows a user to choose whether to include a commonly used set of '''TCP [[IPv6_Ports]]''' in their scan, as well as the ability to specify a number of their own specifically interesting TCP ports (this is intended to cover setups where you run services on non IANA-assigned ports, or just run less-common services). If you would like to see the list of commonly used ports expanded, or just changed, then please contact me.
The tester allows a user to choose whether to include a commonly used set of '''TCP [[IPv6_Ports]]''' in their scan, as well as the ability to specify a number of their own specifically interesting TCP ports (this is intended to cover setups where you run services on non IANA-assigned ports, or just run less-common services). If you would like to see the list of commonly used ports expanded, or just changed, then please contact me.
Tests performed from my www64.chappell-family.co.uk host will be sourced from IPv6 address: '''2001:470:971f:6::4'''.
Tests performed from my www64.chappell-family.co.uk host will be sourced from IPv6 address: '''2001:470:971f:6::4'''.
Note: during periods of planned server maintenance, a reduced service supporting only TCP testing will be offered, which will be sourced from an IPv6 address in the following range: '''2001:8d8:100f::/48'''.
Note: during periods of planned server maintenance, a reduced service supporting only TCP testing may be offered, which will be sourced from an IPv6 address in the following range: '''2001:8d8:100f::/48'''.
=== Raspberry Pi Powered IPv6 Firewall Tester ===
=== Raspberry Pi Powered IPv6 Firewall Tester ===
=== Automation ===
=== Automation ===
If you'd like to automate IPv6 firewall testing, or run the same test a number of times on different hosts then please see my '''[[ScanAutomation]]''' section and HTML '''[[ResultScraping]]''' section.
If you'd like to automate IPv6 firewall testing, or run the same test a number of times on different hosts then please see the '''[[ScanAutomation]]''' and HTML '''[[ResultScraping]]''' sections.