Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Can an external source detect a natted ip address?

Can an external source detect a natted ip address? 11 years 9 months ago #6199

  • Greenice
  • Greenice's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
Hi,

How would it be possible for an external source to detect an internal natted ip address? I recently conducted an online security test at www.auditmypc.com and was informed that my internal natted ip address was somehow exposed. Sure enough, my internal ip address was quoted back to me on the web page. How is this possible?

Cheers,
Greenice.
The administrator has disabled public write access.

Re: Can an external source detect a natted ip address? 11 years 9 months ago #6202

  • Greenice
  • Greenice's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
After writing my earlier message, I discovered some threads on the net that deal with the question that I raised. It seems that www.auditmypc.com uses a java or javascript function to obtain the address. I'm using FireFox 1.0 and if I disable java or javascript, then my internal ip address is no longer 'discovered' by the web site. Having sniffed the TCP traffic, I discovered a HTTP GET call which includes my internal IP address. See below, where xxx is the address. I'm guessing that this is how the internal address is passed to the web server.

GET /audit.asp?a=xxx.xxx.xxx.xxx HTTP/1.1
The administrator has disabled public write access.

Re: Can an external source detect a natted ip address? 11 years 9 months ago #6203

  • sLz
  • sLz's Avatar
  • Offline
  • Frequent Member
  • Posts: 38
  • Karma: 0
I guess that is possible as all Web clients hold information which any web-server may grab such as Browser details.

However using server side functions using languages such as PHP and ASP it is possible to obtain your IP that way. Websites such as www.whatismyip.com uses a function and if there's a Transparent Proxy between you and the destination, usually in place by your ISP, to which I know NTL do this, then it shows the Proxy IP. The PHP command:

[code:1]$ip = $_SERVER['REMOTE_ADDR'];[/code:1]

This will place the IP of your system into the variable $ip for printing/echoing - your REAL IP and not any Proxy address.

Hope this gives a little more insight into your question. Thanks.
The administrator has disabled public write access.

Re: Can an external source detect a natted ip address? 11 years 9 months ago #6213

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Alot of proxy servers will also pass an X-forwarded for header that includes your IP address in the HTTP request. Since you use firefox (good choice !), You can get the extension called 'Live HTTP headers', and see what is being sent by your system.. unfortunately this wouldn't show you what a proxy adds on as that would be upstream of your connection. If you want to do that, find a site that has printenv.pl .. do a google for

inurl:printenv.pl

and it will dump all the values that your HTTP request is passing to the server.

Yes these websites will tell you a lot of stuff using javascript and similar HTTP nonsense...


Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup