Any chances of ShieldsUp! to support IPv6?

[trparky]

The subject says it all.

 

[DanR]

Probably not.

Steve is quite busy with SpinRite, now and for some time to come. But, after that?

 

[PHolder]

In order for it to support IPv6, GRC would need to have an IPv6 link into it's servers, I'd presume. I'm sure @Steve would love to have time to play with IPv6. Perhaps he can put it on his future projects list.

 

[Philip]

If you sign up for IPv6 you don't just get one IP address but probably a minimum of 65,536! So there'd be not just be 65,536 ports to scan, but 65,5536 prorts to scan on each IP address! If you're wanting to scan your Internet-facing router there's no knowing which IP addresses the ISP might leave open to use to contact the router itself for management or updates. So in short, it's complicated.

 

[PHolder]

but probably a minimum of 65,536

Well that would be a cheezy ISP indeed. You should get a /64 ... meaning 2^64 IP addresses. From https://en.wikipedia.org/wiki/IPv6#Larger_address_space "The standard size of a subnet in IPv6 is 2^64 addresses, about four billion times the size of the entire IPv4 address space."

In any case, you would only scan the device making the request (still a single IP.)

 

[Dave]

Well that would be a cheezy ISP indeed. You should get a /64 ... meaning 2^64 IP addresses. From https://en.wikipedia.org/wiki/IPv6#Larger_address_space "The standard size of a subnet in IPv6 is 2^64 addresses, about four billion times the size of the entire IPv4 address space."

In any case, you would only scan the device making the request (still a single IP.)

So, rather than "he could write it but then he'd have to kill you", it's more like: he could write it but you'd be dead before it finished running.

 

[MichaelRSorg]

I would vote for UDP support.

 

[rfrazier]

If you sign up for IPv6 you don't just get one IP address but probably a minimum of 65,536! So there'd be not just be 65,536 ports to scan, but 65,5536 prorts to scan on each IP address! If you're wanting to scan your Internet-facing router there's no knowing which IP addresses the ISP might leave open to use to contact the router itself for management or updates. So in short, it's complicated.

And THAT'S why I'm avoiding IPv6 as a home user like the plague.

May your bits be stable and your interfaces be fast. Ron

 

[danlock]

And THAT'S why I'm avoiding IPv6 as a home user like the plague.

Just block all inbound traffic from all sources except for connections responding directly to outbound connections initiated by local processes and allowed by you (the human).

i.e. "Block outbound connections that do not match a firewall rule you have created. Inbound packets are allowed over allowed connections that have been initiated locally and when using specified protocols/ports/interface types. Block all others."

 

[Steve]

The subject says it all.

PHolder's right... I'd LOVE to play with IPv6. And I really want to scan all 65,536 TCP ports by default, rather than just the first 1024. I once limited it to the service ports due to server bandwidth constraints back when I was on the other side of a pair of T3 lines. But I've had ample bandwidth ever since I moved to Level3.

But I'll need to get SpinRite and Beyond Recall into their initially finished condition before I can make time for that. And Michael's request for UDP would be great to support as well.

 

[TimC108]

The subject says it all.

For what it’s worth I’ve been running an online IPv6 port scanner since 2011. It is similar in operation to ShieldsUp and supports scans of a limited number of UDP ports, as well as common and user-defined TCP ports. The scanner is open source and available at:

Online IPv6 Port Scanner and Firewall Tester

IPscan, the online IPv6 port scanner, or firewall tester, which checks responses to an ICMPv6 ping and multiple user-selectable TCP and UDP ports.

ipv6.chappell-family.com

All (constructive) feedback and suggestions welcome.