Scanme.nmap.org moved to new server (now with IPv6!)

[Fyodor <fyodor () insecure org>]

Hi folks.  Linode.com finally started offering native IPv6 for their
virtual private servers (albeit with some major limitations), and that
finally compelled me to move Scanme from one of our colocated systems
to one of our Linodes.  And of course I enabled the new IPv6 feature.
I also started a public chat server on chat.nmap.org.  The Scanme
machine is on the same IP as the public echo and chat servers (for
IPv4), so you get to see those running when you scan it.

Here is an IPv4 scan of the new scanme:

# ./nmap -A scanme.nmap.org

Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-04 02:06 PDT
Nmap scan report for scanme.nmap.org (74.207.244.221)
Host is up (0.015s latency).
rDNS record for 74.207.244.221: li86-221.members.linode.com
Not shown: 992 closed ports
PORT      STATE    SERVICE       VERSION
22/tcp    open     ssh           OpenSSH 5.3p1 Debian 3ubuntu6 (protocol 2.0)
| ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
80/tcp    open     http          Apache httpd 2.2.14 ((Ubuntu))
|_http-title: Go ahead and ScanMe!
|_http-favicon: 
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
1720/tcp  filtered H.323/Q.931
9929/tcp  open     nping-echo    Nping echo
31337/tcp open     ssl/ncat-chat Ncat chat (users: nobody)
Device type: general purpose|WAP|firewall|phone|media device|router
Running (JUST GUESSING): Linux 2.6.X|2.4.X (96%), Netgear embedded (93%), Linksys embedded (91%), Check Point embedded 
(90%), ZyXEL Linux 2.6.X (89%), Toshiba embedded (89%)
Aggressive OS guesses: Linux 2.6.24 - 2.6.35 (96%), Linux 2.6.17 - 2.6.35 (93%), Linux 2.6.19 - 2.6.35 (93%), Linux 
2.6.9 - 2.6.30 (93%), Netgear DG834G WAP (93%), Linux 2.6.19 - 2.6.36 (92%), Linux 2.6.31 (92%), OpenWrt (Linux 2.4.32) 
(91%), Linux 2.6.18 (Slackware 11.0) (91%), Linksys WRV54G WAP (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 13 hops
Service Info: OS: Linux

[Traceroute output cut]

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 39.76 seconds

I'm glad our version detection can detect both Ncat chat (even over
SSL) and Nping echo!  I suppose we should fix the bug in http-favicon
which is causing the blank results.

And here is an IPv6 scan:

$ ./nmap -A -6 scanme.nmap.org

Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-04 02:08 PDT
Nmap scan report for scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19)
Host is up (0.032s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu6 (protocol 2.0)
| ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
80/tcp open  http    Apache httpd 2.2.14 ((Ubuntu))
|_http-title: Go ahead and ScanMe!
|_http-favicon: 
Service Info: OS: Linux

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.19 seconds

Note that Ncat and Nping aren't found in the IPv6 scan.  Ncat might
work if I ran it a second time with -6, but then the -6 folks would be
in a separate channel than IPv4.  Ncat and Nping should probably be
changed to bind to all IPv4 *and* IPv6 interfaces in server modes.

If you want to try the new, ssl-encrypted, public chat server, run:

$ ncat -v --ssl chat.nmap.org
Ncat: Version 5.51SVN ( http://nmap.org/ncat )
Ncat: SSL connection to 74.207.244.221:31337.
Ncat: SHA-1 fingerprint: C61F B9F7 7DF0 E9B5 DD07 8E5E AB22 9ECE 2683 7B10
<announce> 64.13.134.4 is connected as <user5>.
<announce> already connected: nobody.
Hello, world!
^C

It doesn't quite have all the features of IRC, but it has its charms
:).  Don't forget the --ssl.  If you forget that, the server closes
the connection abruptly as soon as you start typing and you might not
realize what went wrong.

If you are using a tool such as a web browser that chooses IPv4
addresses by default for a name over IPv6, and you want to connect
over IPv6, use scanmev6.nmap.org.  You might assume it won't work if
you haven't explicitly set up IPv6, but you might be surprised.  Many
modern systems will automatically set up an IPv6 tunnel on the fly.
For example, my Fedora Linux desktop system can visit
http://scanmev6.nmap.org/ right out of the box.  The nmap -6 command
worked out of the box too.  Those autoconfigured tunnels have all
sorts of scary security implications, but that is a whole different
issue.

The change in scanme may confuse people reading the book and seeing
different output in some of the examples, but that just means I need
to make Nmap Network Scanning Second Edition a higher priority!

Enjoy the new system!  I hope it inspires more people to start playing
with IPv6.

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/