[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internal IP Address Detection Through NAT

On Wed, Dec 08, 2004 at 02:17:00AM -0500, William Culler wrote:
>       I know this has been discussed before, but I looked through the
>       list and could not find what I was looking for.  I was browsing
>       a security audit website and not only did it show the external ip
>       address given to me by my isp (this is to be expected), but it also
>       showed the internal ip address of the machine I connected to the
>       site with as well.  I cannot recall if this is to be expected or not,
>       but the site I was looking at did not think so.  The machine I
>       connected with runs Windows 2000 Pro.  Feel free to point me to
>       any discussions on this.
Repeat the test with an OpenBSD box using a browser that doesn't do
JavaScript or Java, like lynx(1). The most likely explanation is that
the client is giving away the information.
If you can reproduce it with that setup, run tcpdump on the NAT box'
external interface and capture all traffic between you and the external
probe and repeat the test.
It might be some game with IP TTL values, but pf should always replace
the internal address with the gateway's. The tcpdump will tell.