RE: internal IP should be hidden ? Shouldn't it ?

From: Scott Morris (swm@emanon.com)
Date: Wed Feb 02 2005 - 13:39:21 GMT-3

• Next message: Dave Mumford: "RE: RSH and RCMD"
• Previous message: cc ie: "Re: How to learn VPN's and IPSEC"
• Maybe in reply to: cc ie: "internal IP should be hidden ? Shouldn't it ?"
• Next in thread: Roman Volkov: "Re: internal IP should be hidden ? Shouldn't it ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

At the IP layer, that's all the world sees is the translated address... But
digging further down may tell a different story.

How are you running your CE590? As a true proxy or as a web-cache?

Bear in mind, I haven't tried running one as a proxy, so my answer may not
be accurate here. But a "true" proxy will end one connection and start a
complete new one. With that, the folks on the web, even at the higher
layers shouldn't see your address.

If you are a web-cache though, there really is a bit of magic passing back
and forth as the cache spoofs each end but essentially echo's packets back
and forth, which means whatever your client originally sent in the
application payload gets sent back out.

HTH,

 
Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
#4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist, IP
Telephony Support Specialist, IP Telephony Design Specialist, CISSP
CCSI #21903
swm@emanon.com
 
 
 

-----Original Message-----
From: cc ie [mailto:davidscottmartin@gmail.com]
Sent: Wednesday, February 02, 2005 11:32 AM
To: swm@emanon.com
Cc: Church, Chuck; ccielab@groupstudy.com
Subject: Re: internal IP should be hidden ? Shouldn't it ?

Scott,

So would these guys need to push an java app onto my pc before they could
read my internal IP, is that how they do it ? Or do I just send my internal
IP out anyway regardless ?
I'm interesting because I always thought the world only saw my proxied PAT
address.

http://www.auditmypc.com/freescan/scanoptions.asp

cheers
dave

On Wed, 2 Feb 2005 10:02:23 -0500, Scott Morris <swm@emanon.com> wrote:
> There are many applications that embed the host's IP in the upper
> layers of the packet. Take a sniffer to your network sometime. :)
>
>
> Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service
> Provider) #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications
> Specialist, IP Telephony Support Specialist, IP Telephony Design
> Specialist, CISSP CCSI #21903 swm@emanon.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of cc ie
> Sent: Wednesday, February 02, 2005 9:57 AM
> To: Church, Chuck
> Cc: ccielab@groupstudy.com
> Subject: Re: internal IP should be hidden ? Shouldn't it ?
>
> Chuck,
>
> I would have thought the only thing in the packet was the external
> address of my CE590 and a dynamic port number, associated with my
> session. I had no idea my internal address was also 'hidden' in the
packet.
>
> scary.
> dave
>
> On Wed, 2 Feb 2005 08:44:35 -0600, Church, Chuck
> <cchurch@netcogov.com>
> wrote:
> > Probably a javascript app running locally is telling them. Or your
> > real address is embedded in the data portion of a packet, that the
> > NAT process can't change.
> >
> > Chuck Church
> > Lead Design Engineer
> > CCIE #8776, MCNE, MCSE
> > Netco Government Services - Design & Implementation Team 1210 N.
> > Parker Rd.
> > Greenville, SC 29609
> > Home office: 864-335-9473
> > Cell: 703-819-3495
> > cchurch@netcogov.com
> > PGP key:
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of cc ie
> > Sent: Wednesday, February 02, 2005 7:55 AM
> > To: ccielab@groupstudy.com
> > Subject: internal IP should be hidden ? Shouldn't it ?
> >
> > My CE590 sits behind my PIX525 which sits behind my 7204VXR.
> >
> > All port 80 traffic gets redirected into the CE590, 1918 addresses
> > gets PAT at the external interface of the cache engine. After which
> > is flows through the PIX before it leaves via 7204 out to the ISP.
> >
> > Diagram:
> > INTERNET > 7204VXR > PIX525 > CE590> Switch>LAN> ME :-)
> >
> > Can somebody please tell me how these guys at auditmypc can sniff my
> > internal address ?
> > http://www.auditmypc.com/freescan/scanoptions.asp
> >
> > Dave
> >
> > ____________________________________________________________________
> > __ _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Dave Mumford: "RE: RSH and RCMD"
• Previous message: cc ie: "Re: How to learn VPN's and IPSEC"
• Maybe in reply to: cc ie: "internal IP should be hidden ? Shouldn't it ?"
• Next in thread: Roman Volkov: "Re: internal IP should be hidden ? Shouldn't it ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:16 GMT-3