Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internal IP Visible on Website

Status
Not open for further replies.
jebenson

jebenson

Technical User
Feb 4, 2002
2,956
US
Hello all,

I had something rather disturbing happen this morning. In searching for information on the web, I went to a site ([URL unfurl="true"]http://www.auditmypc.com/whats-my-ip.asp[/url]

and about halfway down the page it says:

" Notice! Your Private IP is xxx.xxx.xxx.xxx and unlike your
external IP of yyy.yyy.yyy.yyy, this should be hidden!
Patch software found here & see our Internal IP page."

The disturbing thing is that the Private IP it listed is correct. I am running behind a SonicWall Pro 200 in stealth mode, with NAT enabled. I did not think a website would be able to get my internal IP address.

So, I went to the "Internal IP" link on the left side of the page ([URL unfurl="true"]http://www.auditmypc.com/internal-ip.html[/url]) and read "...we use Java to grab the information and then pass it on to the server (Notice how everything ran without prompting you?)"

I am running Mozilla 1.7.6, so I tested this with IE - same result. I tested on a few other PCs and a server (all running Windows 2000, fully patched), using IE, Mozilla and FireFox, and some of the PCs show their internal IP and some don't. I cannot see any real difference in the configurations of these computers.

Does anybody have any information on this, like how I can make ALL of my computers not show their internal IP?

Also, I thought Java wasn't supposed to be able to do this without the user's permission.

What gives?

Thanks,
JEB

I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson
 
Sort by date Sort by votes
They're probably using Javascript, not Java to do this.
It's not a bad idea to turn Javascript off in the browser, but doing so will probably mean that 80% of the web (and intranet apps) will no longer work.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
 
Upvote 0 Downvote
I got.
Notice! Your Private IP is and unlike your
external IP of 80.168.175.180, this should be hidden!
Patch software found here & see our Internal IP page.
Click to expand...

Notice - no private IP address.

I go through a router firewall that blocks all netbios traffic.

After visiting I checked the router log and saw

Wed, 2006-03-08 09:24:51 - UDP Packet - Source:xxx.xxx.xxx.xxx,137 Destination:198.65.111.254,137 - [NetBios rule match - BLOCKED]

(I have x'd out my private IP address!

So this seems to be how they are doing it as 198.65.111.254 is the IP address of that website.

On the subject of ie settings.

I have heavily customised my internet explorer settings. I don't seem to have any problems with good websites. But I can't say which of my setting may be stopping that site getting my private IP address.

If anyone knows a way of extracting the settings in a way I can post them and thinks that could be useful, please post the solution here.
 
Upvote 0 Downvote
Yes I would be very interested myself in learning this. As this stuff is what im about to start school for lol. I know a tiny little bit concerning it. So whoever post how to do this that doesnt require a proxy server as I dont know jack about them ill be thankful.
 
Upvote 0 Downvote
I had a bit of time to investigate further. It's all down to having the correct microsoft patches installed & they are trying to sell you a patch manager.

You can read up on how they get your private IP address here.

If you still leak info then all scripting has to be turned off apparently. As explained at the end of that page.
 
Upvote 0 Downvote
I don't get what the problem with having a private ip address being the 1 shown? after all it's not like any addresses in the private IP ranges
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

will get to your computer.. or am I missing something?
 
Upvote 0 Downvote
I suppose it reveals whether you are behind a router, or directly connected to the internet. I'm not sure you can do much with that information though, because as infinity306 suggests, packets destined for private IP address's are not routed on the internet. So yes, please, someone, what's the issue here?
 
Upvote 0 Downvote
Not really an issue for me, I just like learning more on this matter lol. Seen this post as an oppurtunity.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
I'll make it plainer.

Is there any issue in actually revealing your internal IP address anyway? i.e.- does it matter if you are?
 
Upvote 0 Downvote
The 1 I would be more concerned with blocking is the public IP.. even if behind a firewall it is a route in.. but to have the external ip blocked and still have the internet work is more difficult..Although I am an Admin at a forum and obviously it is possible since I have seen Private ip's listed for a few users.. most from people that also post from their work..
 
Upvote 0 Downvote
There is no way to block your external (actual) IP address and have the internet function.

You can use a service, such as anonymizer, that hides your IP address from the 'rest of the world'. But not, of course, from anonymizer itself.
 
Upvote 0 Downvote
I thought so too, I know that most international ip's at the forum Im admin at are spoofed since it is for a local Radio Talk Show, but there are some moderators that have posted from work and the IP it has had on their Ip addresses shown by the posts from their work is a private address, like the 1 on 1 of their posts today was 192.168.38.130 not quite sure how it is done, but most likely something the business is doing as the user is not that tech-saavy...and not going through any proxy websites..
 
Upvote 0 Downvote
Doesn't seem like this would be a good thing. Isn't a NAT supposed to keep you private IP private? And a script running and sending your private IP back to the server?!?! What else can it send back? I guess I need to learn more how the NAT works. wikipedia here i come.
 
Upvote 0 Downvote
Verizon uses a weird forwarding method -- basically all incoming email goes into one host, gets forwarded through their internal network (192.168.x.x), and then an outbound mail server sends the email.

so showing such an IP is nothing to be concerned about.
 
Upvote 0 Downvote
Nat allows for you to split up 1 allocated IP address... Private IP's are just that private.. you will never get to someone else's computer using a private IP(unless you happen to be on the same LAN).

 
Upvote 0 Downvote
[navy]Infinity306[/navy] I agree with you. So why is it considered a security leak that needed fixing? Indeed, it is fixed if you are up to date with Microsoft patches.

It makes me ask - what else was leaking that the IP address is just one of the issues?

Which patch fixed it?
 
Upvote 0 Downvote
I think it is because the people claiminh it was a security leak were trying to sucker you into buying their software, which wouldn't change a thing except maybe add something to your computer so that the popup changed or didn't show up anymore.. if they were that bright.. people who try to market by deception like that(or popups) seldom get my business. I still stay clear of X10 products due to their aggressive popups in the past..
 
Upvote 0 Downvote
The only way i could see it as a problem is if someone had both your public and private ip, managed to hack your firewall/router (public ip) and then was on the inside of your network and knew your private IP already.

The likelyhood of this happening in an everyday situation though is rare.

The reason people like Verizon can get away with using private ips in the inside of there network is because routing only cares about next hop (so when a website sends traffic back it'll get to verizons border, then core, then there lan with private IP's). Its actually a good way of conserving IPV4 address space :)

I wish someone would just call me Sir, without adding 'Your making a scene'.

Rob
 
Upvote 0 Downvote
I had just done the same test you've done and discovered my internal IP address was being shown. One of the reasons you do not want your internet IP addresses being show is because it gives hackers that much more information to your internal structure. The more information they have the easier it is for them to hack in or social engineer their way in. I'm currently seeing what patch I have to apply to stop this, as not allowing java isn't a option. Also in case anyone is interested I found a great way to stop at least 50% of the SPAM at my work by blocking the rest of the worlds IP addresses at the firewall. This works only if you do work with US companies and visit only US web sites.
Eric
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
763
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
902
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
329
Russtoleum
Russtoleum
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
378
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top