The purpose of this page is to demonstrate that programs can bypass your firewall, no matter how good they are when browsers like Firefox or Internet Explorer are incorrectly configured. In this example we attempt to find your your Internal IP address (NAT addresses, Private IP, natted addy, etc) and explain how we obtained it in the first place.
How Do I Find My Internal IP Address?
If you want to do it yourself, simply open a command prompt (select Start, Run, type in CMD
into the Open: prompt. Then at the command prompt, simply type this command: ipconfig /all
If you haven’t done so already, see if your internal IP can be exposed by visiting our Digital Footprint test, then come back to this page. Also, don’t forget to use our free firewall test to make sure your computer’s security is working as it should!
Your external IP address ( 174.252.116.142 ) is always exposed to the internet, if it wasn’t, you wouldn’t be able to visit sites. On the other hand, your internal IP address, mac address and other information should be protected and not obtainable by websites.
Internal IP
This does not necessarily mean your firewall is malfunctioning or improperly configured. The method we used will bypass most firewalls. Why? Because we use Java to grab the information and then pass it on to the server (Notice how everything ran without prompting you?)
Private IP – Why you’re Vulnerable
When we use the term ‘vulnerable’ we refer to your computer executing a program hosted on another server without any interaction from you. We used your internal IP for this demonstration because it’s harmless (for the most part). Java passes this information to the server were it can be collected. Many claim this is not possible and that only you can see this information, so to prove the point, we included the last 14 internal IP addresses that this server has seen.
Last 14 Internal IP Addresses
| Internal IP | External IP |
|---|---|
| 192.168.0.100 | *.*.147.36 |
| 172.27.0.39 | *.*.238.136 |
| 192.168.1.5 | *.*.51.45 |
| 192.168.1.5 | *.*.51.45 |
| 192.168.1.5 | *.*.51.45 |
| 192.168.1.5 | *.*.51.45 |
| 192.168.1.5 | *.*.51.45 |
| 10.0.1.9 | *.*.165.152 |
| 192.168.1.5 | *.*.51.45 |
| 10.200.2.20 | *.*.34.120 |
| 10.200.1.254 | *.*.37.17 |
| 10.200.21.3 | *.*.34.239 |
| 10.200.21.7 | *.*.42.217 |
| 10.200.21.11 | *.*.42.23 |
To verify this information, simply look for (or tell a friend to look for) yourPrivate IP plus the last two octets of your IP, which are *.*.116.142. If they don’t appear, then you’re good to go! If they do and you’re concerned about privacy, you’ll want to use a proxy server of some type to surf anonymously.
What is a Private or Natted IP?
A natted IP address (network address translation, network masquerading, IP masquerading) is a simply a method in which the source and/or destination addresses of IP packets are rewritten as they pass through a router or firewall. A private IP addresses is usually what is rewriting and range from:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
IP Privacy
A hypothetical example of using your internal IP address to track your activities is an internet service provider. Some cable companies charge you for each computer connected to your cable modem. By tracking your internal IP address, the cable company could see that you’re running multiple computers on one router and bill you accordingly.
The whole point of this demonstration is to make you aware that there is more to security than just a firewall. It also helps prove that YOUR INTERNAL IP CAN BE OBTAINED AND STORED (many claim this is not possible) – kind of makes you wonder what else can be used to profile you? A malicious website owner could use a similar method to grab a lot more than your internal IP address, and you wouldn’t even know it!
I see my Private IP – What can I do?
Don’t panic, even if someone has this information, there is not much that can be done with it. I provided an example above of what can be done with this knowledge, but another example would be an employee hiding behind a company firewall, or a person using a proxy server, trying to use a stolen credit card.
The ‘deviant’ thinks she is safe behind the company firewall because the technology department is not tracking her internet activities. She makes the purchase from a online store; the store soon discovers the fraud and using the same method we used to find your internal IP, they discover the real IP address behind the company firewall. The store simply contacts the company’s technology department and provides them with the real IP address (which may or may not be a non-routable addy) which in turn discovers the employee that made the purchase.
The point is, you should be concerned that a Java applet ran without your knowledge, found some information and passed it back to the server.
It was cross site leaking of java that gathered this information made possible by passing variables back from the applet and constructing a url in java to a web page using an iframe that contains the data to be collected. The server can then read this information, store and process the internal ip address as needed.
The only way to prevent this that we are aware of, is to disable active scripting in the browser.
credit : auditmypc
0 chat:
Post a Comment