IPv6 Security: Back to square one?

After enjoying with a IPv6 "Hello World!" and surfing IPv6 a bit during the IPv6 World Launch I've notice something while reading some IPv6 configuration guides available around for Unix. Let me see... Interface definition, tunnel creation, end-point IP, DNS, etc. Everything seems in order but something is missing: The firewall!
With all that rush to set up our new IPv6 connection and after all that time working behind a NAT connection we didn't pay attention to that important element and some machines are plugged-in wide open.
Are just a couple of poorly configured systems or a epidemic? Let's scan the network "old style". Any sequential IPv6 scan approach is not viable due the size of the IPv6 range (2^128) so I took an IP list from this IPv6 database http://flyr.info/ . From there I've got 16839 unique IPv6 addresses. A good sample to test.
With the nc Linux command, the IP list and a loop we have a low cost IP scanner:

#!/bin/bash while read ip; do     nc -6zv -w 1 $ip $1 done < "list"

Scan result: From 16839 scanned IPs:
6660 machines with Port TCP 22 SSH open
53 machines with Port TCP 5900 VNC open
181 machines with Port TCP 3389 Windows Remote Desktop open
and the list goes on...

I know, some of those machines have those ports open on purpose. But when you see something like these nmap scan results you realise that these are computers without any IP filtering active. And this is not good.

# nmap -6 2001:**:**:**::** Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-08 00:48 CEST Nmap scan report for ****.******.cr (2001:**:**:**::**) Host is up (0.22s latency). Not shown: 972 closed ports PORT     STATE    SERVICE 22/tcp   open     ssh 25/tcp   open     smtp 53/tcp   open     domain 80/tcp   open     http 88/tcp   open     kerberos-sec 143/tcp  open     imap 311/tcp  open     asip-webadmin 389/tcp  open     ldap 443/tcp  open     https 445/tcp  open     microsoft-ds 464/tcp  open     kpasswd5 548/tcp  open     afp 587/tcp  open     submission 625/tcp  open     apple-xsrvr-admin 636/tcp  open     ldapssl 749/tcp  open     kerberos-adm 993/tcp  open     imaps 2000/tcp open     cisco-sccp 5222/tcp open     xmpp-client 5269/tcp open     xmpp-server 5900/tcp open     vnc 8088/tcp open     radan-http 9999/tcp filtered abyss Nmap done: 1 IP address (1 host up) scanned in 27.74 seconds

# nmap -6 2607:**:**:**::** Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-08 09:04 CEST Nmap scan report for ****.******.com (2607:**:**:**::**) Host is up (0.24s latency). Not shown: 973 closed ports PORT      STATE    SERVICE 21/tcp    open     ftp 22/tcp    open     ssh 25/tcp    open     smtp 26/tcp    open     rsftp 53/tcp    open     domain 79/tcp    open     finger 80/tcp    open     http 88/tcp    open     kerberos-sec 110/tcp   open     pop3 143/tcp   open     imap 389/tcp   open     ldap 443/tcp   open     https 515/tcp   open     printer 548/tcp   open     afp 631/tcp   open     ipp 636/tcp   open     ldapssl 993/tcp   open     imaps 995/tcp   open     pop3s 1025/tcp  open     NFS-or-IIS 5900/tcp  open     vnc 10001/tcp open     scp-config Nmap done: 1 IP address (1 host up) scanned in 45.27 seconds

# nmap -6 2a02:**:**:**::** Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-08 08:59 CEST Nmap scan report for 2a02:**:**:**::** Host is up (0.11s latency). Not shown: 981 closed ports PORT      STATE    SERVICE 80/tcp    open     http 135/tcp   open     msrpc 445/tcp   open     microsoft-ds 554/tcp   open     rtsp 1433/tcp  open     ms-sql-s 3389/tcp  open     ms-wbt-server 49152/tcp open     unknown 49153/tcp open     unknown 49154/tcp open     unknown 49155/tcp open     unknown 49156/tcp open     unknown 49157/tcp open     unknown 49158/tcp open     unknown Nmap done: 1 IP address (1 host up) scanned in 15.75 seconds