Re: internal IP should be hidden ? Shouldn't it ?

From: Roman Volkov (rvolkov@technoserv.ru)
Date: Wed Feb 02 2005 - 14:39:37 GMT-3

• Next message: Ed Lui: "Re: CCIE #14388"
• Previous message: jcbuelk@bellsouth.net: "CCIE #14388"
• Maybe in reply to: cc ie: "internal IP should be hidden ? Shouldn't it ?"
• Next in thread: cc ie: "Re: internal IP should be hidden ? Shouldn't it ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

With default configuration CE590 set internal ip addr of host who send
HTTP request in X-Forwarded-For variable in HTTP header.
For supress it try to set:

no http append x-forwarded-for-header

or something similar, anyway search string "x-forwarded-for-header" in CLI

_
Roman

>At the IP layer, that's all the world sees is the translated address... But
>digging further down may tell a different story.
>
>How are you running your CE590? As a true proxy or as a web-cache?
>
>Bear in mind, I haven't tried running one as a proxy, so my answer may not
>be accurate here. But a "true" proxy will end one connection and start a
>complete new one. With that, the folks on the web, even at the higher
>layers shouldn't see your address.
>
>If you are a web-cache though, there really is a bit of magic passing back
>and forth as the cache spoofs each end but essentially echo's packets back
>and forth, which means whatever your client originally sent in the
>application payload gets sent back out.
>
>HTH,
>
>
>Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
>#4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist, IP
>Telephony Support Specialist, IP Telephony Design Specialist, CISSP
>CCSI #21903
>swm@emanon.com
>
>
>
>
>-----Original Message-----
>From: cc ie [mailto:davidscottmartin@gmail.com]
>Sent: Wednesday, February 02, 2005 11:32 AM
>To: swm@emanon.com
>Cc: Church, Chuck; ccielab@groupstudy.com
>Subject: Re: internal IP should be hidden ? Shouldn't it ?
>
>Scott,
>
>So would these guys need to push an java app onto my pc before they could
>read my internal IP, is that how they do it ? Or do I just send my internal
>IP out anyway regardless ?
>I'm interesting because I always thought the world only saw my proxied PAT
>address.
>
>http://www.auditmypc.com/freescan/scanoptions.asp
>
>cheers
>dave
>
>On Wed, 2 Feb 2005 10:02:23 -0500, Scott Morris <swm@emanon.com> wrote:
>
>
>>There are many applications that embed the host's IP in the upper
>>layers of the packet. Take a sniffer to your network sometime. :)
>>
>>
>>Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service
>>Provider) #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications
>>Specialist, IP Telephony Support Specialist, IP Telephony Design
>>Specialist, CISSP CCSI #21903 swm@emanon.com
>>
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>Of cc ie
>>Sent: Wednesday, February 02, 2005 9:57 AM
>>To: Church, Chuck
>>Cc: ccielab@groupstudy.com
>>Subject: Re: internal IP should be hidden ? Shouldn't it ?
>>
>>Chuck,
>>
>>I would have thought the only thing in the packet was the external
>>address of my CE590 and a dynamic port number, associated with my
>>session. I had no idea my internal address was also 'hidden' in the
>>
>>
>packet.
>
>
>>scary.
>>dave
>>
>>On Wed, 2 Feb 2005 08:44:35 -0600, Church, Chuck
>><cchurch@netcogov.com>
>>wrote:
>>
>>
>>>Probably a javascript app running locally is telling them. Or your
>>>real address is embedded in the data portion of a packet, that the
>>>NAT process can't change.
>>>
>>>Chuck Church
>>>Lead Design Engineer
>>>CCIE #8776, MCNE, MCSE
>>>Netco Government Services - Design & Implementation Team 1210 N.
>>>Parker Rd.
>>>Greenville, SC 29609
>>>Home office: 864-335-9473
>>>Cell: 703-819-3495
>>>cchurch@netcogov.com
>>>PGP key:
>>>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>>>
>>>-----Original Message-----
>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>Of cc ie
>>>Sent: Wednesday, February 02, 2005 7:55 AM
>>>To: ccielab@groupstudy.com
>>>Subject: internal IP should be hidden ? Shouldn't it ?
>>>
>>>My CE590 sits behind my PIX525 which sits behind my 7204VXR.
>>>
>>>All port 80 traffic gets redirected into the CE590, 1918 addresses
>>>gets PAT at the external interface of the cache engine. After which
>>>is flows through the PIX before it leaves via 7204 out to the ISP.
>>>
>>>Diagram:
>>>INTERNET > 7204VXR > PIX525 > CE590> Switch>LAN> ME :-)
>>>
>>>Can somebody please tell me how these guys at auditmypc can sniff my
>>>internal address ?
>>>http://www.auditmypc.com/freescan/scanoptions.asp
>>>
>>>Dave
>>>
>>>____________________________________________________________________
>>>__ _ Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>______________________________________________________________________
>>_ Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Ed Lui: "Re: CCIE #14388"
• Previous message: jcbuelk@bellsouth.net: "CCIE #14388"
• Maybe in reply to: cc ie: "internal IP should be hidden ? Shouldn't it ?"
• Next in thread: cc ie: "Re: internal IP should be hidden ? Shouldn't it ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:16 GMT-3