I went to this website auditmypc.com/free-spyware-removal.asp and it was able to tell me my private internal ip address (192.168.2.3). If I'm hidden behind a router with a public routable ip on its outside interface, how was it able to see my private non-routable ip? Is this something I should be concerned with security-wise?
Re: How is private non-routable ip address visible on site scan?
13 years 1 month ago #13098
I did visit auditmypc.com and as you have mentioned it displayed my private ip address.
I was curious to see how auditmypc.com is able to get the private IP address. This is what I've found.
When you visit the website and click on the link free-spyware-removal.asp, this is what is happening.
It is installing ActiveX programs also known as drive-by installations that is automatically downloaded to your computer, often without your knowledge or consent. Unlike a pop-up download, which asks for assent, a drive-by download is carried out invisibly: it can be initiated by simply visiting a Web site or viewing an HTML e-mail message.
To cure this, I added auditmypc.com into Restricted Zone and what it did was to change the security settings to high and also most importantly disabled downloading of signed, unsigned active x controls and also active x scripting.
Then I went back to auditmypc.com and clicked on the free-spyware-removal.asp link and boom NO MORE DISPLAY of Private IP Address.
The one thing I hated the most is whoever is running auditmypc.com does not even have the decency to let the user have a knowledge that they are indeed installing active x scripts. I wish they would atleast ask for the user consent.