diff --git a/CHANGELOG b/CHANGELOG
index 94eda62a4..4ef827e4a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
#Nmap Changelog ($Id$); -*-text-*-
+o [ncat][GH#1441] To avoid confusion and to support default proxy ports,
+ option --proxy now requires a literal IPv6 address to be specified using
+ square-bracket notation, such as --proxy [2001:db8::123]:456. [nnposter]
+
o [ncat][GH#1214][GH#1230][GH#1439] New ncat option provides control over
whether proxy destinations are resolved by the remote proxy server or
locally, by Ncat itself. See option --proxy-dns. [nnposter]
diff --git a/ncat/docs/ncat.xml b/ncat/docs/ncat.xml
index 0f6e3b3f7..a4713aaf1 100644
--- a/ncat/docs/ncat.xml
+++ b/ncat/docs/ncat.xml
@@ -429,8 +429,10 @@
using the protocol specified by .
If no port is specified, the proxy protocol's well-known port is used (1080 for
- SOCKS and 3128 for HTTP). However, when specifying an IPv6 HTTP proxy server using
- the IP address rather than the hostname, the port number MUST be specified as well.
+ SOCKS and 3128 for HTTP). When specifying an IPv6 HTTP proxy server
+ using the IP address rather than the hostname, the square-bracket
+ notation (for example [2001:db8::1]:8080) MUST be used to separate
+ the port from the IPv6 address.
If the proxy requires authentication, use .
diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
index d557ccc35..088d7b070 100644
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -164,12 +164,21 @@ static int ncat_listen_mode(void);
static size_t parseproxy(char *str, struct sockaddr_storage *ss,
size_t *sslen, unsigned short *portno)
{
- char *p = strrchr(str, ':');
+ char *p = str;
char *q;
long pno;
int rc;
- if (p != NULL) {
+ if (*p == '[') {
+ p = strchr(p, ']');
+ if (p == NULL)
+ bye("Invalid proxy IPv6 address \"%s\".", str);
+ ++str;
+ *p++ = '\0';
+ }
+
+ p = strchr(p, ':');
+ if (p != NULL && strchr(p + 1, ':') == NULL) {
*p++ = '\0';
pno = strtol(p, &q, 10);
if (pno < 1 || pno > 0xFFFF || *q)