Natted IP

Discussion in 'Computer Security' started by Stuart M, Feb 17, 2005.

  1. Stuart M

    Stuart M Guest

    I just did a firewall test at http://www.auditmypc.com and it found out my
    internal ip address. I am behind a Draytek Vigor router and am running XP.
    Can anyone advise me on why this is so and what I can do about it? Here is
    the text from the site:

    Notice!, your natted (or real) IP address is 192.168.1.10. This
    information can be used to track your activities. I should not be able to
    obtain this information if your security is properly configured!


    It does say on another part of the site that disabling Java script stops it
    (it does) but I would think my router could also.

    I am also a bit puzzled by the fact that I have a range of ports forwarded
    to this pc for gaming purposes and both this site and grc.com report them
    stealthed even when the game server is running. Any info on this would be
    interesting.

    Thanks

    Stuart
    Stuart M, Feb 17, 2005
    #1
    1. Advertising

  2. Remember that you accessed their site via your web browser. They may have obtained your
    internal LAN node address from the web browser. Now if they were asked to port-scan your
    WAN address from another location, would they have discerned that internal LAN node address
    ?

    This may be a trick to get you worried to buy some software. Note also that NAT may provide
    a simplistic FireWall capability but it is NOT a full FireWall implementation.

    --
    Dave




    "Stuart M" <> wrote in message news:...
    | I just did a firewall test at http://www.auditmypc.com and it found out my
    | internal ip address. I am behind a Draytek Vigor router and am running XP.
    | Can anyone advise me on why this is so and what I can do about it? Here is
    | the text from the site:
    |
    | Notice!, your natted (or real) IP address is 192.168.1.10. This
    | information can be used to track your activities. I should not be able to
    | obtain this information if your security is properly configured!
    |
    |
    | It does say on another part of the site that disabling Java script stops it
    | (it does) but I would think my router could also.
    |
    | I am also a bit puzzled by the fact that I have a range of ports forwarded
    | to this pc for gaming purposes and both this site and grc.com report them
    | stealthed even when the game server is running. Any info on this would be
    | interesting.
    |
    | Thanks
    |
    | Stuart
    |
    |
    David H. Lipman, Feb 17, 2005
    #2
    1. Advertising

  3. Stuart M

    Steven Wayne Guest

    On Thu, 17 Feb 2005 16:08:21 -0000, Stuart M
    <> wrote:
    > I just did a firewall test at http://www.auditmypc.com and it found out my
    > internal ip address. I am behind a Draytek Vigor router and am running XP.
    > Can anyone advise me on why this is so and what I can do about it? Here is
    > the text from the site:
    >
    > Notice!, your natted (or real) IP address is 192.168.1.10. This
    > information can be used to track your activities. I should not be able to
    > obtain this information if your security is properly configured!
    >


    So using a browser on your own PC, you displayed your own PC's
    IP address.

    Why is this a problem?

    > It does say on another part of the site that disabling Java script stops it
    > (it does) but I would think my router could also.


    How, and why would your router stop you displaying your own PC's IP
    address?

    If you're concerned disable javascript.

    Steven
    --
    .''`.
    : :' :
    `. `'`
    `-
    Steven Wayne, Feb 17, 2005
    #3
  4. I don't trust that site. It's anti malware information is not complete and a couple are
    listed here -- http://www.spywarewarrior.com/rogue_anti-spyware.htm

    --
    Dave




    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:mP3Rd.8708$uc.38@trnddc09...
    | Remember that you accessed their site via your web browser. They may have obtained your
    | internal LAN node address from the web browser. Now if they were asked to port-scan your
    | WAN address from another location, would they have discerned that internal LAN node
    address
    | ?
    |
    | This may be a trick to get you worried to buy some software. Note also that NAT may
    provide
    | a simplistic FireWall capability but it is NOT a full FireWall implementation.
    |
    | --
    | Dave
    |
    |
    |
    |
    | "Stuart M" <> wrote in message news:...
    | | I just did a firewall test at http://www.auditmypc.com and it found out my
    | | internal ip address. I am behind a Draytek Vigor router and am running XP.
    | | Can anyone advise me on why this is so and what I can do about it? Here is
    | | the text from the site:
    | |
    | | Notice!, your natted (or real) IP address is 192.168.1.10. This
    | | information can be used to track your activities. I should not be able to
    | | obtain this information if your security is properly configured!
    | |
    | |
    | | It does say on another part of the site that disabling Java script stops it
    | | (it does) but I would think my router could also.
    | |
    | | I am also a bit puzzled by the fact that I have a range of ports forwarded
    | | to this pc for gaming purposes and both this site and grc.com report them
    | | stealthed even when the game server is running. Any info on this would be
    | | interesting.
    | |
    | | Thanks
    | |
    | | Stuart
    | |
    | |
    |
    |
    David H. Lipman, Feb 17, 2005
    #4
  5. Stuart M

    Mike Guest

    Stuart M wrote:
    > I just did a firewall test at http://www.auditmypc.com and it found out my
    > internal ip address. I am behind a Draytek Vigor router and am running XP.
    > Can anyone advise me on why this is so and what I can do about it? Here is
    > the text from the site:
    >
    > Notice!, your natted (or real) IP address is 192.168.1.10. This
    > information can be used to track your activities. I should not be

    able to
    > obtain this information if your security is properly configured!



    I just tried that site using Firefox and it said nothing about my
    internal IP. However, using that well known browser called Internet
    Explorer, it displayed my internal IP.

    So what has that got to do with firewalls? Nothing.

    Smoke and mirrors trying to confuse you into buying something no doubt.

    > It does say on another part of the site that disabling Java script stops it

    There you go

    > (it does) but I would think my router could also.

    Why?

    > I am also a bit puzzled by the fact that I have a range of ports forwarded
    > to this pc for gaming purposes and both this site and grc.com report them
    > stealthed even when the game server is running. Any info on this would be
    > interesting.


    Not if the games were not running at the time. Open port but nothing
    listening so no response.

    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.
    Mike, Feb 17, 2005
    #5
  6. Stuart M

    Bit Twister Guest

    On Thu, 17 Feb 2005 17:21:50 +0000, Mike wrote:
    >
    > I just tried that site using Firefox and it said nothing about my
    > internal IP.


    try here
    http://gemal.dk/browserspy/
    Bit Twister, Feb 17, 2005
    #6
  7. Stuart M

    Stuart M Guest


    >
    >> I am also a bit puzzled by the fact that I have a range of ports
    >> forwarded to this pc for gaming purposes and both this site and grc.com
    >> report them stealthed even when the game server is running. Any info on
    >> this would be interesting.

    >
    > Not if the games were not running at the time. Open port but nothing
    > listening so no response.
    >
    > --

    Thanks Mike for the help. It seems I am concerned about nothing. I suppose
    when this site told me that "this is bad", I assumed that if its bad then
    that expensive box should be stopping it. As you can see I have a very
    limited understanding of firewalls!

    With regard to the game server, I was talking about when the game is
    actually running as a server with ports forwarded too.
    Stuart M, Feb 17, 2005
    #7
  8. Stuart M

    Stuart M Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:mP3Rd.8708$uc.38@trnddc09...
    > Remember that you accessed their site via your web browser. They may have
    > obtained your
    > internal LAN node address from the web browser. Now if they were asked
    > to port-scan your
    > WAN address from another location, would they have discerned that internal
    > LAN node address
    > ?
    >
    > This may be a trick to get you worried to buy some software. Note also
    > that NAT may provide
    > a simplistic FireWall capability but it is NOT a full FireWall
    > implementation.


    So, it is normal then for your browser to pass this information? The site
    makes you think its unheard of. I guess it spooked me because I have never
    seen this before.
    Thanks David for your help.

    regards,

    Stuart
    Stuart M, Feb 17, 2005
    #8
  9. Stuart M

    Stuart M Guest

    "Steven Wayne" <> wrote in message
    news:...
    > On Thu, 17 Feb 2005 16:08:21 -0000, Stuart M
    > <> wrote:
    >> I just did a firewall test at http://www.auditmypc.com and it found out
    >> my
    >> internal ip address. I am behind a Draytek Vigor router and am running
    >> XP.
    >> Can anyone advise me on why this is so and what I can do about it? Here
    >> is
    >> the text from the site:
    >>
    >> Notice!, your natted (or real) IP address is 192.168.1.10. This
    >> information can be used to track your activities. I should not be able
    >> to
    >> obtain this information if your security is properly configured!
    >>

    >
    > So using a browser on your own PC, you displayed your own PC's
    > IP address.
    >
    > Why is this a problem?



    I dont know. Hence the original post. It was them wot said it, not me. Seems
    you cant trust anyone these days. I bet they just wanted to scare me.


    >
    >> It does say on another part of the site that disabling Java script stops
    >> it
    >> (it does) but I would think my router could also.

    >
    > How, and why would your router stop you displaying your own PC's IP
    > address?


    Ok I'll have a go at this one although I'm obviously wrong. Perhaps you can
    tell me where I've gone wrong:

    I thought the browser sent a request to the router asking for a webpage,
    telling the router to send the data back to 192.168.1.10. The router then
    contacts the website and asks for the data, telling the site to send data
    back to my external ip . The router then routes the traffic back to the
    browser on 192.168.1.10. I thought that the router hides the internal ip
    from the WAN.
    I dont see why the browser would send out the internal ip to the WAN anyway.

    I hope thats not too babbled. Tell me if it is and I'll try again.

    >
    > If you're concerned disable javascript.


    But should I be? Apparently not. Thank you Steven.

    Regards,

    Stuart
    Stuart M, Feb 17, 2005
    #9
  10. Stuart M

    lee Guest

    Stuart M wrote:
    > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > news:mP3Rd.8708$uc.38@trnddc09...
    >
    >>Remember that you accessed their site via your web browser. They may have
    >>obtained your
    >>internal LAN node address from the web browser. Now if they were asked
    >>to port-scan your
    >>WAN address from another location, would they have discerned that internal
    >>LAN node address
    >>?
    >>
    >>This may be a trick to get you worried to buy some software. Note also
    >>that NAT may provide
    >>a simplistic FireWall capability but it is NOT a full FireWall
    >>implementation.

    >
    >
    > So, it is normal then for your browser to pass this information? The site
    > makes you think its unheard of. I guess it spooked me because I have never
    > seen this before.
    > Thanks David for your help.
    >
    > regards,
    >
    > Stuart
    >
    >

    Since you clicked on a link allowing them to have access to this
    information, in that sense, it's normal. The real question you should
    ask yourself is why you'd be spooked that someone knows your IP address.
    So what?
    lee, Feb 17, 2005
    #10
  11. Stuart M

    Leythos Guest

    On Thu, 17 Feb 2005 14:26:13 -0600, lee wrote:
    >
    > Since you clicked on a link allowing them to have access to this
    > information, in that sense, it's normal. The real question you should
    > ask yourself is why you'd be spooked that someone knows your IP address.
    > So what?


    Actually, he should be more worried about using a unsecured browser as
    it's an indication that he computer could be compromised by his
    non-secured browsing around on the web.

    --

    remove 999 in order to email me
    Leythos, Feb 17, 2005
    #11
  12. Stuart M

    Mike Guest

    Bit Twister wrote:

    > On Thu, 17 Feb 2005 17:21:50 +0000, Mike wrote:
    >
    >>I just tried that site using Firefox and it said nothing about my
    >>internal IP.

    >
    >
    > try here
    > http://gemal.dk/browserspy/


    Nope. Nothing. Try again.


    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.
    Mike, Feb 17, 2005
    #12
  13. Stuart M

    Bill Unruh Guest

    "Stuart M" <> writes:

    >I just did a firewall test at http://www.auditmypc.com and it found out my
    >internal ip address. I am behind a Draytek Vigor router and am running XP.
    >Can anyone advise me on why this is so and what I can do about it? Here is
    >the text from the site:


    Your own computer surely knows its own IP. Your browser runs on your
    computer. Why should it not be able to display its own IP address?


    > Notice!, your natted (or real) IP address is 192.168.1.10. This
    >information can be used to track your activities. I should not be able to
    >obtain this information if your security is properly configured!


    Who says they have the info?


    >It does say on another part of the site that disabling Java script stops it
    >(it does) but I would think my router could also.


    IF your system sends out info from your machine in an http request, then
    why should your router stop it? It is just data in a packet, unless you
    want to cut off all http communications.



    >I am also a bit puzzled by the fact that I have a range of ports forwarded
    >to this pc for gaming purposes and both this site and grc.com report them
    >stealthed even when the game server is running. Any info on this would be
    >interesting.
    Bill Unruh, Feb 17, 2005
    #13
  14. Stuart M

    Vanguard Guest

    "Stuart M" <> wrote in message
    news:...
    >I just did a firewall test at http://www.auditmypc.com and it found out
    >my internal ip address. I am behind a Draytek Vigor router and am
    >running XP.
    > Can anyone advise me on why this is so and what I can do about it?
    > Here is the text from the site:
    >
    > Notice!, your natted (or real) IP address is 192.168.1.10. This
    > information can be used to track your activities. I should not be
    > able to obtain this information if your security is properly
    > configured!
    >
    >
    > It does say on another part of the site that disabling Java script
    > stops it (it does) but I would think my router could also.
    >
    > I am also a bit puzzled by the fact that I have a range of ports
    > forwarded to this pc for gaming purposes and both this site and
    > grc.com report them stealthed even when the game server is running.
    > Any info on this would be interesting.



    They use Javascript to get your local IP address. They lie in
    pretending they got it from an external scan when instead they got it by
    running a script in the web page that you downloaded to your host where
    the script runs locally. It is a very misleading statement they make.
    Any browser that permits Javascript to execute can divulge your host's
    IP address where you run that browser. So are you going to disable
    Javascript because of their scare tactic?

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
    Vanguard, Feb 17, 2005
    #14
  15. Stuart M

    Jim Watt Guest

    On Thu, 17 Feb 2005 18:53:36 -0000, "Stuart M" <>
    wrote:

    >I dont see why the browser would send out the internal ip to the WAN anyway.


    The website loads an Iframe which in turn loads a Java applet which
    reads the IP address of the machine and returns it to the web server;

    Oh wow it knows your machines internal IP address. Not a great deal
    of use really. The javascript is 'encoded' to make reading it harder;

    <iframe src="/adt.asp"
    width="200"
    height="80"
    marginwidth="1"
    marginheight="1"
    align="top"
    scrolling="no"
    frameborder="0">
    </iframe>

    Iframe content;

    <script type="text/javascript">
    document.write('<applet width="1" height="1" code="auditmypc.class">
    </applet>')</script>

    Details of the Java applet can be found at

    http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=111&actionargs[]=34

    As the man says, not in itself a problem, but it shows something to
    think about in relation to security.

    You get good protection with NAT providing you change the default
    password to the router or ensure that its control interface is not
    available on the WAN side.

    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Feb 17, 2005
    #15
  16. Stuart M

    Bill Unruh Guest

    "Stuart M" <> writes:


    >"Steven Wayne" <> wrote in message
    >news:...
    >> On Thu, 17 Feb 2005 16:08:21 -0000, Stuart M
    >> <> wrote:

    >I thought the browser sent a request to the router asking for a webpage,


    The browser sends out a packet with a to and from address and port. The
    router with NAT, replaces the from address and port with its own address
    and some high port number-- having assigned your machine some range of port
    numbers.
    >telling the router to send the data back to 192.168.1.10. The router then
    >contacts the website and asks for the data, telling the site to send data
    >back to my external ip . The router then routes the traffic back to the


    That packet, whatever its contents is sent to the far site. That site
    responds to the From: address in the packet. When your router receives that
    packet it looks at the port, realises it is for your machine, and
    translates the To address and port for your machine, and sends it to you.

    >browser on 192.168.1.10. I thought that the router hides the internal ip
    >from the WAN.


    It does.

    >I dont see why the browser would send out the internal ip to the WAN anyway.


    It doesn't. The return packet from the far system is an http packet which
    tells your browser "Display the following text" "Display the IP address of
    the machine this sentence is being interpreted on" That is your machine. It
    is your machine displaying its own IP address. The remote system did not
    send your IP, it sent a command to your machine to display its own address.
    That is why shutting off activeX or javascript will mean your own machine
    cannot run commands like "display IP address"


    >I hope thats not too babbled. Tell me if it is and I'll try again.
    Bill Unruh, Feb 17, 2005
    #16
  17. Stuart M

    Bill Unruh Guest

    "Stuart M" <> writes:



    >So, it is normal then for your browser to pass this information? The site


    AGain, the probability is high that your browser did NOT pass that
    information. It simply printed it to your screen. The remote computer did
    not send text containing that information. The remote computer sent a
    command (javascript) which told you computer to display that info on your
    screen. YOu believe too much that if you see it on your screen it must have
    come from the remote machine.
    Bill Unruh, Feb 17, 2005
    #17
  18. Stuart M

    donnie Guest

    On Thu, 17 Feb 2005 17:32:13 -0600, "Vanguard"
    <> wrote:

    >They use Javascript to get your local IP address. They lie in
    >pretending they got it from an external scan when instead they got it by
    >running a script in the web page that you downloaded to your host where
    >the script runs locally. It is a very misleading statement they make.
    >Any browser that permits Javascript to execute can divulge your host's
    >IP address where you run that browser. So are you going to disable
    >Javascript because of their scare tactic?

    #########################
    I have had javascript disabled for years and will leave it that way.
    Actually, I have the browser prompt me. Popups are a thing of the
    past.
    donnie.
    donnie, Feb 18, 2005
    #18
  19. Stuart M

    winged Guest

    Bill Unruh wrote:
    > "Stuart M" <> writes:
    >
    >
    >
    >
    >>So, it is normal then for your browser to pass this information? The site

    >
    >
    > AGain, the probability is high that your browser did NOT pass that
    > information. It simply printed it to your screen. The remote computer did
    > not send text containing that information. The remote computer sent a
    > command (javascript) which told you computer to display that info on your
    > screen. YOu believe too much that if you see it on your screen it must have
    > come from the remote machine.
    >
    >
    >

    Just out of curiosity I ran the site, using firefox with natted
    firewall, it did not provide the internal IP and JS is on. I was not
    able to reproduce what Stuart M reported, with no luck. It was too much
    of a pain for me to utilize IE normally due to restrictions on my local
    machine, it is locked down to one site.

    I agree with Mr. Lipman, I would place no trust in recommendations on
    site especially the anti-spyware pages.

    Winged
    winged, Feb 18, 2005
    #19
  20. Stuart M

    winged Guest

    Jim Watt wrote:
    > On Thu, 17 Feb 2005 18:53:36 -0000, "Stuart M" <>
    > wrote:
    >
    >
    >>I dont see why the browser would send out the internal ip to the WAN anyway.

    >
    >
    > The website loads an Iframe which in turn loads a Java applet which
    > reads the IP address of the machine and returns it to the web server;
    >
    > Oh wow it knows your machines internal IP address. Not a great deal
    > of use really. The javascript is 'encoded' to make reading it harder;
    >
    > <iframe src="/adt.asp"
    > width="200"
    > height="80"
    > marginwidth="1"
    > marginheight="1"
    > align="top"
    > scrolling="no"
    > frameborder="0">
    > </iframe>
    >
    > Iframe content;
    >
    > <script type="text/javascript">
    > document.write('<applet width="1" height="1" code="auditmypc.class">
    > </applet>')</script>
    >
    > Details of the Java applet can be found at
    >
    > http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=111&actionargs[]=34
    >
    > As the man says, not in itself a problem, but it shows something to
    > think about in relation to security.
    >
    > You get good protection with NAT providing you change the default
    > password to the router or ensure that its control interface is not
    > available on the WAN side.
    >
    > --
    > Jim Watt
    > http://www.gibnet.com

    Still trying to figure out why I couldn't reproduce report.
    winged, Feb 18, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Helmut Wollmersdorfer.at
    Replies:
    1
    Views:
    994
  2. Replies:
    5
    Views:
    2,770
  3. zizebra
    Replies:
    0
    Views:
    906
    zizebra
    Sep 21, 2007
  4. jbroom
    Replies:
    0
    Views:
    389
    jbroom
    Dec 14, 2007
Loading...

Share This Page