RE: Win7 - tool to display network requests

I couldn't reply to that thread https://www.wilderssecurity.com/showthread.php?&t=283679

I'm wondering if besides the registry hacks, if Sully's method in post #9 would be the more efficient way (the one I followed as well)... Or, is there some other way that I'm not aware of?

 

I guess I have to ask: why do want to remove ipv6? It's harmless as is and will come in handy whenever it's needed, sooner or later (probably later), but that's beside the point. It's not posing a security risk.

 

Well... I follow the approach if you don't need it now, lose it. And, to be honest, sometime ago when going through Event Viewer, I saw an allowed inbound from Microsoft related to Teredo. That was the main reason I disabled IPv6 back then.

I was just wondering what other ways would there be to disable it, that's all.

When it's time to allow IPv6, it will be when it's already fully supported, and not via tunneling.

 

By the way, oddly enough ... perhaps not... all those listening connections for IPv6 never really went away.

I'm wondering if I missed something? Or disabling IPv6 won't make them go away?

 

No, I think it's virtually impossible to eliminate them.

 

In older versions of Windows, such as XP, there was a separate kernel mode protocol driver to support ipv6 (tcpip6.sys) but the user mode components were exposed by running netsh interface ipv6 install. In later versions of Windows, such as Vista, 2008, 7, the functionality from tcpip6.sys was incorporated in to tcpip.sys to provide true dual mode stack.

As far as I'm aware, even after removing all user mode functionality through the use of various netsh/local-group policy/registry commands, tcp6 and udp6 port status will persist. The only way I know of removing this is to disable the service related to that port, which of course will also disable the port on ipv4. However, if, for what ever reason, you've disabled ipv6, you shouldn't be visible on the ipv6 Internet, as you no longer present an ipv6 endpoint. Likewise, you cannot make a connection to the ipv6 Internet because you no longer have an ipv6 address, with the exception of the default route , loopback :1) and multicast (ff00::/10).

Unfortunately, you can't check for ipv6 port vulnerabilities without having the ability to connect to the ipv6 Internet, either natively or via a transitional technology. If you have this, you can use a port scanner, such as that offered by:

http://www.vikingscan.org/home
http://ipv6.chappell-family.com/ipv6tcptest/index.php
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php

Alternatively, leave ipv6 as it is (it's necessary if you use Windows 7 homegroups) and use a firewall/router combination that supports ipv4/6 and create the appropriate rules.

 

What would be the best suggested tool/method to find if ip6 ports are open/closed or existing? I haven't focused on networking/ports in awhile now, so have not or forgotten whether my ip6 ports are on/off/whatever. I don't recall reading that they would always be open even if you tweaked/configured them not to be, and now I am interested to see

Any tips?

Sul.

 

You won't be able to check for port availability specifically through ipv6 online, unless you have a valid ipv6 address. In which case you can use one of the links I posted above. You could, however, use nmap -6 locally against the ipv6 link local address.

 

After another go-round with all sorts of network tools, I have not found anything comparable to Macs "Little Snitch". Packet filters are too much, port monitoring and the like are not enough, specialized applications can work, but often don't blend the pros/cons very well together (like netlimiter).

I have installed Outpost Pro v7 and am content with it. I turn everything off and allow all comms. I don't have it auto-start but rather do it manually. Resource useage is higher than what I want, but at roughly 30-40mb of ram being used an a few cpu cycles, it is acceptable.

I have been using it as a research/monitoring tool. I like how it shows what is or has happened. I can start the firewall up, start my application in question, then review what happened and decide to make router rules or other actions based upon what I find.

I have a couple weeks left with the trial, and may purchase it. It is a shame to have to resort to a firewall for such purposes, but I just don't see any other options that are as well suited, seeing as how I have turned it into a glorified network monitor rather than a firewall.

Sul.

 

Doesn't the free version do what you want (log/monitor)? I never tried it, but since now it's called a suite...

 

No, it doesn't allow you to view the "advanced" area, which is where I get to see what is going on.

In the latest version, I was able to, during install, opt out of a couple resident type portions (malware or something). Then after install, I found it easy to turn all that "suite" stuff off and get just the firewall to work, albeit with no rules in place at all.

For me, it shows me what I want after I configure it, and it is light enough so far. I might buy it, depending. I wish the free version showed those screens, as it is all I really need.

After trying so many other ways to do the same thing, this makes it enjoyable again rather than a 20 step process.

Sul.