internal IP address revealed despite firewalls!

  • Thread starter Thread starter Mark
  • Start date Start date
M

Mark

I recently enabled the ICF behind my ADSL
modem/router/firewall - please see previous posting
starting at 4.40am on 14th July.

However, I was surprised to see that despite having two
layers of firewall a site such as www.auditmypc.com could
still see my internal IP address (i.e. not the external
IP address of my router but the address assigned to the
NIC connecting my PC to the router)!

I have two questions:
1. Is this a problem? I'm guessing such information could
be used to start an attack; and

2. How do I stop this from happening?

Thanks for any help...
 
"Mark" said:
I recently enabled the ICF behind my ADSL
modem/router/firewall - please see previous posting
starting at 4.40am on 14th July.

However, I was surprised to see that despite having two
layers of firewall a site such as www.auditmypc.com could
still see my internal IP address (i.e. not the external
IP address of my router but the address assigned to the
NIC connecting my PC to the router)!

I have two questions:
1. Is this a problem? I'm guessing such information could
be used to start an attack; and

2. How do I stop this from happening?

Thanks for any help...

Very interesting, Mark!

First, I don't think that there's any danger. Even if it knows your
private IP address, a web site can't attack it. Internet routers
don't have routes to private IP addresses, so they discard packets
sent to them. There could be any number of computers with the same
private IP address that your computer has.

Second, I've done a little testing (at the suggestion of MVP Walter
Clayton), and the key seems to be Java. Running a web browser with
Java enabled, the "Firewall" test displays my private IP address.
When I disable Java, it doesn't display my private IP address.

It's possible that there's a Java applet that causes the browser to
display the IP address without ever sending the IP address to the web
site.

I'll do some more research and let you know if I find out anything.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
"Steve said:
Very interesting, Mark!

First, I don't think that there's any danger. Even if it knows your
private IP address, a web site can't attack it. Internet routers
don't have routes to private IP addresses, so they discard packets
sent to them. There could be any number of computers with the same
private IP address that your computer has.

Second, I've done a little testing (at the suggestion of MVP Walter
Clayton), and the key seems to be Java. Running a web browser with
Java enabled, the "Firewall" test displays my private IP address.
When I disable Java, it doesn't display my private IP address.

It's possible that there's a Java applet that causes the browser to
display the IP address without ever sending the IP address to the web
site.

I'll do some more research and let you know if I find out anything.

Here's what appears to be the answer, Mark, thanks to MVP Manny
Carvalho. When he ran the "Firewall" test, his firewall showed an
outgoing reference to this web site:

http://www.auditmypc.com/freescan/uinfo.asp?a=192.168.254.1

If you click that link, it will say that your computer's IP address is
192.168.254.1.

So, it appears that a Java applet is detecting the internal IP address
and executing a web page access that includes the address as a
parameter.

I think it's a clever trick, but not a dangerous one. It has nothing
to do with whether your Internet connection is firewalled.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Steve,

Many thanks for all of your help with this (and thanks to
the others who also contributed) and thanks for putting my
mind at rest...

-----Original Message-----
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top