Website detects internal IP address through router & firewall

This seems a good PC auditing website: http://www.auditmypc.com/
It tests your firewall, spyware check/removal, internet speed and software audit.

But, when I tested with its Software Audit, it was able to detect my internal IP address behind both my Linksys router and ZA firewall which are properly configured It uses Java to pass along your private information to its server.
I didn't know this was possible. Therefore, I guess a hacker can easily attack your PC or network using Java to get through both hardware and software firewalls. Can this happen How about using something like NoScript for Firefox to block JavaScript to prevent this possible attack?

 

When I tried the test it only detected my Linksys ip addy. Even my ip provider says they cant see my comps. IP behind my router. I even had to disconnect the router so the ip provider could see my new cable modem to register it.

 

You're Lucky!
Are you using some kind of Java script blocker?

I wonder if there's a setting for the Linksys that I've missed?

 

Hi bigc,

I thought the common hookup of a cable modem and router was that the cable modem faced the Internet followed by the router, not the other way around such as you have describe, and that the cable modem had the IP addy from the ISP.

So, which is the most common way to hook them up? Does your way provide greater security? It seems so from what you have described, but I do not know - can you or someone elaborate?

-- Tom

 

The only special setting I have is a redirect to stealth port 113. I have the latest firmware and that is it.

 

The IP claimed that the router was masking the modems info even though the modem is in front of the router. Something to do with the way the router works. I just have to take their word for it. All I know is that I had to disconnect the router to register the new modem so it must have some effect on it.

 

Is this firmware by chance available from the Linksys website?
I could try that with the Software Audit test.

 

This comes up about once a month due to Java applications (not javascript in this case)... here's a good thread on the matter,
http://www.dslreports.com/forum/remark,13624450

"...and that's where the java applet is. Javascript has no methods to get your LAN ip address. You can certainly get your WAN IP address with a lot of scripting languages by getting the REMOTE_ADDR CGI variable, but you need the java function getLocalHost() - possibly others too - to get the LAN IP. Now, of course you can send that LAN IP address back to the server for whatever purpose but if you are behind a router that wouldn't make you any more vulnerable."

Just limit Java and javascript to a whitelist - like noscript or some firewalls (like Kerio) have the ability to do.

 

in the help section in the router is the link to firmware updates

 

Thanks Mem for that link and info, interesting.

Thanks bigc73542! I'll give it a try.

 

A minor detail I noticed on the Software Audit at http://www.auditmypc.com/

If you enable NoScript on Firefox (that is, forbid JavaScript Globally), your internal IP address won't be detected at the site. I noticed if you carefully click on the web bug (tiny red square at far left), a prompt will come up as shown below. I guess this is a Java applet that won't function unless you allow JavaScript:

 

Is the router address the 192 .xxx deal ? I thought it was but , that is never detected . It is usually the ISP ( I think ) . Starting with somethin like 65 . xxx.xxx . So which do you want detected ? I thought you would want the 192 . xxx . Am I wrong ?

 

Hollywood pc, this website tries to use "scare" techniques to make people believe that they are unprotected since their internal ip is revealed. In reality, revealing the internal ip does nothing at all. There are millions of pcs with an ip address starting with 192.168.xxx.xxx. It is just a javascript trick that can be avoided with NoScript or the proxomitron. It doens't comprosmise security, here's a big thread on it over at castlecops: http://www.castlecops.com/postlite120840-auditmypc.html

Alphalutra1

 

Oh yes . I know this . But thank you .
I was just curious as to which SHOULD be seen by the outside world . The 192 or the 65 ?
Alphalutra1 . I am glad you wrote what you did thjough because many are tricked this way . I have javascript blocked anyway .
Many thanks

 

The 65.xxx.xxx.xxx SHOULD be seen. That is the computer's public address that is needed in order to connect to the internet. The persons ISP provides them with an IP address, in this case being 65.xxx.xxx.xxx, and then they are able to communicate with other computers to surf the internet, download files, IM, e-mail, etc. with this address. By using a router, a person is able to use their one public IP address to allow multiple pcs to use the internet simultaneously. The multiple pcs then have theire own PRIVATE address for use between themselves, so if I want to share a printer or files in my network, I would use the private IP addresses to communicate between my own pcs and set up the sharing.

Alphalutra1

 

That is what I thought . I just saw where the " internal " address was being seen so , I was unsure what they were speaking of . I guess " internal " is the router address . I just got confused here .
You have been VERY helpful . Thank you AGAIN !

 

I could confuse you even more with the following statements :

A router has 2 ip addresses . The first is seen by the world, and is the public address. If you go to www.grc.com and get your firewall checked at a certain ip address that the website will tell you, for stealthed/closed/open ports, you are checking your ROUTER at your public ip address. To the outside world, only one pc (your router) is connected to the internet.However, internally(on your private network), your router has a private ip address that is called a Gateway address. A router is the gateway to the internet, but it needs to hand out private ip addresses to your network so they can use the gateway. So my router's private address is 192.168.2.1. This is the address my pcs contact to get a private address for themselves. The pc I am on right now "talked" to my router located at 192.168.2.1 and got a private ip address of 192.168.2.101. After getting this address, I can contact other pcs on my network, surf the web, etc. If I want to ping my router to see if I am connected to it, I don't type in my public address. Instead, I type in the router's private address, or 192.168.2.1 in my case.

The "internal" address the website is figuring out is the private ip of the computer you are currently on, not the private ip of the router.

Hopefully this doesn't confuse you

Alphalutra1

 

Um . Huh ?
lol !
When I go to GRC , I do get something different . Basically 3 numbers and the name of my provider . That is good enough for me .

 

Scroll further down after clicking on the shields up! and you will see an ip address in bold. Sorry for the confusion . In summary, an ISP provides one public ip address every time a user uses the internet. A router allows a person to share this one public ip address with multiple computers on their network. The router is the one computer and that the ISP thinks it is providing the public ip address for. Each computer inside the users personal network gets a private ip address in order to facilitate identification, file sharing, etc. inside the network. The router in addition to being identified by the outside world by its public ip address, has a private ip address that is used for the users networked computers to be able to communicate with inside the network.

All clear

Alphalutra1

 

No no . My fault . I was just joking . I knew what you were saying . Sorry . Did not mean to come across so serious . But , your info is very informative and I believe many will benefit from it .
Thank you kindly for everything

 

no problem, it is always good to refresh my memory have a good day

Alphalutra1

 

Hi,
Tried this.
The tests could not do anything.
No supercookie, no clipboard text, no this, no that blah blah...
Passed everything... using FF with noscript (blocking extra plugin too).
Mrk

 

This is because the little "scare" tactic used by the website is used by javaSCRIPT The noscript in FF is what has stopped it from working

Alphalutra1