Website detects internal IP address through router & firewall

Discussion in 'other firewalls' started by R2D2, Feb 7, 2006.

Thread Status:
Not open for further replies.
  1. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    This seems a good PC auditing website: http://www.auditmypc.com/
    It tests your firewall, spyware check/removal, internet speed and software audit.

    But, when I tested with its Software Audit, it was able to detect my internal IP address behind both my Linksys router and ZA firewall which are properly configured :eek: It uses Java to pass along your private information to its server.
    I didn't know this was possible. Therefore, I guess a hacker can easily attack your PC or network using Java to get through both hardware and software firewalls. Can this happeno_O How about using something like NoScript for Firefox to block JavaScript to prevent this possible attack?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    When I tried the test it only detected my Linksys ip addy. Even my ip provider says they cant see my comps. IP behind my router. I even had to disconnect the router so the ip provider could see my new cable modem to register it.
     
  3. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    You're Lucky!
    Are you using some kind of Java script blocker?

    I wonder if there's a setting for the Linksys that I've missed?
     
    Last edited: Feb 7, 2006
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi bigc,

    I thought the common hookup of a cable modem and router was that the cable modem faced the Internet followed by the router, not the other way around such as you have describe, and that the cable modem had the IP addy from the ISP.

    So, which is the most common way to hook them up? Does your way provide greater security? It seems so from what you have described, but I do not know - can you or someone elaborate?

    -- Tom
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    The only special setting I have is a redirect to stealth port 113. I have the latest firmware and that is it.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    The IP claimed that the router was masking the modems info even though the modem is in front of the router. Something to do with the way the router works. I just have to take their word for it. All I know is that I had to disconnect the router to register the new modem so it must have some effect on it.
     
  7. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Is this firmware by chance available from the Linksys website?
    I could try that with the Software Audit test.
     
  8. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    This comes up about once a month due to Java applications (not javascript in this case)... here's a good thread on the matter,
    http://www.dslreports.com/forum/remark,13624450

    "...and that's where the java applet is. Javascript has no methods to get your LAN ip address. You can certainly get your WAN IP address with a lot of scripting languages by getting the REMOTE_ADDR CGI variable, but you need the java function getLocalHost() - possibly others too - to get the LAN IP. Now, of course you can send that LAN IP address back to the server for whatever purpose but if you are behind a router that wouldn't make you any more vulnerable."

    Just limit Java and javascript to a whitelist - like noscript or some firewalls (like Kerio) have the ability to do.
     
  9. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    in the help section in the router is the link to firmware updates
     

    Attached Files:

  10. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Thanks Mem for that link and info, interesting.

    Thanks bigc73542! I'll give it a try.
     
  11. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    A minor detail I noticed on the Software Audit at http://www.auditmypc.com/

    If you enable NoScript on Firefox (that is, forbid JavaScript Globally), your internal IP address won't be detected at the site. I noticed if you carefully click on the web bug (tiny red square at far left), a prompt will come up as shown below. I guess this is a Java applet that won't function unless you allow JavaScript:
     

    Attached Files:

  12. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Is the router address the 192 .xxx deal ? I thought it was but , that is never detected . It is usually the ISP ( I think ) . Starting with somethin like 65 . xxx.xxx . So which do you want detected ? I thought you would want the 192 . xxx . Am I wrong ?
     
  13. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Hollywood pc, this website tries to use "scare" techniques to make people believe that they are unprotected since their internal ip is revealed. In reality, revealing the internal ip does nothing at all. There are millions of pcs with an ip address starting with 192.168.xxx.xxx. It is just a javascript trick that can be avoided with NoScript or the proxomitron. It doens't comprosmise security, here's a big thread on it over at castlecops: http://www.castlecops.com/postlite120840-auditmypc.html

    Alphalutra1
     
  14. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Oh yes . I know this . But thank you .
    I was just curious as to which SHOULD be seen by the outside world . The 192 or the 65 ?
    Alphalutra1 . I am glad you wrote what you did thjough because many are tricked this way . I have javascript blocked anyway .
    Many thanks:)
     
  15. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    The 65.xxx.xxx.xxx SHOULD be seen. That is the computer's public address that is needed in order to connect to the internet. The persons ISP provides them with an IP address, in this case being 65.xxx.xxx.xxx, and then they are able to communicate with other computers to surf the internet, download files, IM, e-mail, etc. with this address. By using a router, a person is able to use their one public IP address to allow multiple pcs to use the internet simultaneously. The multiple pcs then have theire own PRIVATE address for use between themselves, so if I want to share a printer or files in my network, I would use the private IP addresses to communicate between my own pcs and set up the sharing.

    Alphalutra1
     
  16. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    That is what I thought . I just saw where the " internal " address was being seen so , I was unsure what they were speaking of . I guess " internal " is the router address . I just got confused here .
    You have been VERY helpful . Thank you AGAIN !
    :)
     
  17. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I could confuse you even more with the following statements :p :

    A router has 2 ip addresses :eek: . The first is seen by the world, and is the public address. If you go to www.grc.com and get your firewall checked at a certain ip address that the website will tell you, for stealthed/closed/open ports, you are checking your ROUTER at your public ip address. To the outside world, only one pc (your router) is connected to the internet.However, internally(on your private network), your router has a private ip address that is called a Gateway address. A router is the gateway to the internet, but it needs to hand out private ip addresses to your network so they can use the gateway. So my router's private address is 192.168.2.1. This is the address my pcs contact to get a private address for themselves. The pc I am on right now "talked" to my router located at 192.168.2.1 and got a private ip address of 192.168.2.101. After getting this address, I can contact other pcs on my network, surf the web, etc. If I want to ping my router to see if I am connected to it, I don't type in my public address. Instead, I type in the router's private address, or 192.168.2.1 in my case.

    The "internal" address the website is figuring out is the private ip of the computer you are currently on, not the private ip of the router.

    Hopefully this doesn't confuse you

    Alphalutra1
     
  18. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Um . Huh ?
    lol !:D :D
    When I go to GRC , I do get something different . Basically 3 numbers and the name of my provider . That is good enough for me .
     
  19. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Scroll further down after clicking on the shields up! and you will see an ip address in bold. Sorry for the confusion :p . In summary, an ISP provides one public ip address every time a user uses the internet. A router allows a person to share this one public ip address with multiple computers on their network. The router is the one computer and that the ISP thinks it is providing the public ip address for. Each computer inside the users personal network gets a private ip address in order to facilitate identification, file sharing, etc. inside the network. The router in addition to being identified by the outside world by its public ip address, has a private ip address that is used for the users networked computers to be able to communicate with inside the network.

    All clear :D

    Alphalutra1
     
  20. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    No no . My fault . I was just joking . I knew what you were saying . Sorry . Did not mean to come across so serious . But , your info is very informative and I believe many will benefit from it .
    Thank you kindly for everything;)
     
  21. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    no problem, it is always good to refresh my memory :D have a good day

    Alphalutra1
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Tried this.
    The tests could not do anything.
    No supercookie, no clipboard text, no this, no that blah blah...
    Passed everything... using FF with noscript (blocking extra plugin too).
    Mrk
     
  23. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    This is because the little "scare" tactic used by the website is used by javaSCRIPT The noscript in FF is what has stopped it from working

    Alphalutra1
     
Loading...
Thread Status:
Not open for further replies.