Skip to main content

Can an external source detect a natted ip address?

More
19 years 5 months ago #6199 by Greenice
Can an external source detect a natted ip address? was created by Greenice
Hi,

How would it be possible for an external source to detect an internal natted ip address? I recently conducted an online security test at www.auditmypc.com and was informed that my internal natted ip address was somehow exposed. Sure enough, my internal ip address was quoted back to me on the web page. How is this possible?

Cheers,
Greenice.
More
19 years 5 months ago #6202 by Greenice
Replied by Greenice on topic Re: Can an external source detect a natted ip address?
After writing my earlier message, I discovered some threads on the net that deal with the question that I raised. It seems that www.auditmypc.com uses a java or javascript function to obtain the address. I'm using FireFox 1.0 and if I disable java or javascript, then my internal ip address is no longer 'discovered' by the web site. Having sniffed the TCP traffic, I discovered a HTTP GET call which includes my internal IP address. See below, where xxx is the address. I'm guessing that this is how the internal address is passed to the web server.

GET /audit.asp?a=xxx.xxx.xxx.xxx HTTP/1.1
More
19 years 5 months ago #6203 by sLz
Replied by sLz on topic Re: Can an external source detect a natted ip address?
I guess that is possible as all Web clients hold information which any web-server may grab such as Browser details.

However using server side functions using languages such as PHP and ASP it is possible to obtain your IP that way. Websites such as www.whatismyip.com uses a function and if there's a Transparent Proxy between you and the destination, usually in place by your ISP, to which I know NTL do this, then it shows the Proxy IP. The PHP command:

[code:1]$ip = $_SERVER['REMOTE_ADDR'];[/code:1]

This will place the IP of your system into the variable $ip for printing/echoing - your REAL IP and not any Proxy address.

Hope this gives a little more insight into your question. Thanks.
More
19 years 5 months ago #6213 by sahirh
Replied by sahirh on topic Re: Can an external source detect a natted ip address?
Alot of proxy servers will also pass an X-forwarded for header that includes your IP address in the HTTP request. Since you use firefox (good choice !), You can get the extension called 'Live HTTP headers', and see what is being sent by your system.. unfortunately this wouldn't show you what a proxy adds on as that would be upstream of your connection. If you want to do that, find a site that has printenv.pl .. do a google for

inurl:printenv.pl

and it will dump all the values that your HTTP request is passing to the server.

Yes these websites will tell you a lot of stuff using javascript and similar HTTP nonsense...


Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.135 seconds