[ipv6hackers] Scanning for IPv6 addresses embedding TCP/UDP service ports
Fabian Wenk
fabian at wenks.ch
Tue Mar 26 13:59:23 CET 2013
Hello Jim
On 17.03.2013 23:34, Jim Small wrote:
>> On 17.03.2013 21:44, Jim Small wrote:
> Sorry, I should have been more specific. Assuming Samba is
> emulating Windows (which was the original idea), I can confirm
> that TCP/445 is direct hosting of SMB/CIFS over TCP. It
> doesn't use NetBIOS. To use NetBIOS you use the session
> service which runs over TCP/139.
> So I'm curious if it's possible to do an SMB connection via
> TCP/139 over IPv6. If it doesn't work you could see if you
> could get it to work with a static entry in an lmhosts files.
> In Windows this is %windir%\system32\drivers\etc\lmhosts where
> %windir% is often C:\Windows. For Samba lmhosts is in the
> config directory - depends on the setup. See lmhosts(5) man
> page.
According to the lmhosts(5) manpage it requires "IP Address - in
dotted decimal format.", and also the examples are only with
IPv4. I did test anyway, but it failed:
fabian at superman:~ $ cat /usr/local/etc/samba/lmhosts
2001:8a8:1005:1::3 SIXTEST
fabian at superman:~ $ smbclient //SIXTEST/download -U fabian
Enter fabian's password:
Connection to SIXTEST failed (Error NT_STATUS_BAD_NETWORK_NAME)
fabian at superman:~ $
I do not have any useful Windows system available, so I can not
do any further testing against Samba.
> However, the fact that Samba listens on both v4/v6 for TCP/139
> could be a vulnerability since NetBIOS is not designed to work
> over IPv6. That said, what are the odds of someone making an
> address with the NetBIOS session service (TCP/139) embedded in
> the address?
It would probably be the best, to just firewall the TCP/139 on
IPv6. Even the smb.conf(5) manpage is quite low on information
regarding IPv6, I see only this two parts, all other examples an
options just mention IPv4 addresses:
%I
the IP address of the client machine.
Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
now it only contains IPv4 or IPv6 addresses.
%i
the local IP address to which a client connected.
Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
now it only contains IPv4 or IPv6 addresses.
bye
Fabian
More information about the Ipv6hackers
mailing list