From: David Prall (dcp@dcptech.com)
Date: Wed Feb 02 2005 - 16:24:07 GMT-3
If you read the website, it details how it is running a java script to
determine your address. Going a step further, they could run a java script
that does evil things.
-- David C Prall dcp@dcptech.com http://dcp.dcptech.com> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > Behalf Of cc ie > Sent: Wednesday, February 02, 2005 1:50 PM > To: Roman Volkov; Scott Morris > Cc: ccielab@groupstudy.com > Subject: Re: internal IP should be hidden ? Shouldn't it ? > > Scott, > > Just brilliant, from now on I'll endeavour to provide more detail. Yes > Its just a cache engine, pushing its URL filtering through websense. > > Roman, mate I will try your setting shortly, considering its after > hours I dont anybody would mind. I let you know how it goes. > > Thankyou both. > > > > On Wed, 02 Feb 2005 20:39:37 +0300, Roman Volkov > <rvolkov@technoserv.ru> wrote: > > With default configuration CE590 set internal ip addr of > host who send > > HTTP request in X-Forwarded-For variable in HTTP header. > > For supress it try to set: > > > > no http append x-forwarded-for-header > > > > or something similar, anyway search string > "x-forwarded-for-header" in CLI > > > > _ > > Roman > > > > >At the IP layer, that's all the world sees is the > translated address... But > > >digging further down may tell a different story. > > > > > >How are you running your CE590? As a true proxy or as a web-cache? > > > > > >Bear in mind, I haven't tried running one as a proxy, so > my answer may not > > >be accurate here. But a "true" proxy will end one > connection and start a > > >complete new one. With that, the folks on the web, even > at the higher > > >layers shouldn't see your address. > > > > > >If you are a web-cache though, there really is a bit of > magic passing back > > >and forth as the cache spoofs each end but essentially > echo's packets back > > >and forth, which means whatever your client originally sent in the > > >application payload gets sent back out. > > > > > >HTH, > > > > > > > > >Scott Morris, MCSE, CCDP, CCIE4 > (R&S/ISP-Dial/Security/Service Provider) > > >#4713, JNCIP, CCNA-WAN Switching, CCSP, Cable > Communications Specialist, IP > > >Telephony Support Specialist, IP Telephony Design Specialist, CISSP > > >CCSI #21903 > > >swm@emanon.com > > > > > > > > > > > > > > >-----Original Message----- > > >From: cc ie [mailto:davidscottmartin@gmail.com] > > >Sent: Wednesday, February 02, 2005 11:32 AM > > >To: swm@emanon.com > > >Cc: Church, Chuck; ccielab@groupstudy.com > > >Subject: Re: internal IP should be hidden ? Shouldn't it ? > > > > > >Scott, > > > > > >So would these guys need to push an java app onto my pc > before they could > > >read my internal IP, is that how they do it ? Or do I just > send my internal > > >IP out anyway regardless ? > > >I'm interesting because I always thought the world only > saw my proxied PAT > > >address. > > > > > >http://www.auditmypc.com/freescan/scanoptions.asp > > > > > >cheers > > >dave > > > > > >On Wed, 2 Feb 2005 10:02:23 -0500, Scott Morris > <swm@emanon.com> wrote: > > > > > > > > >>There are many applications that embed the host's IP in the upper > > >>layers of the packet. Take a sniffer to your network > sometime. :) > > >> > > >> > > >>Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service > > >>Provider) #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable > Communications > > >>Specialist, IP Telephony Support Specialist, IP Telephony Design > > >>Specialist, CISSP CCSI #21903 swm@emanon.com > > >> > > >> > > >>-----Original Message----- > > >>From: nobody@groupstudy.com > [mailto:nobody@groupstudy.com] On Behalf > > >>Of cc ie > > >>Sent: Wednesday, February 02, 2005 9:57 AM > > >>To: Church, Chuck > > >>Cc: ccielab@groupstudy.com > > >>Subject: Re: internal IP should be hidden ? Shouldn't it ? > > >> > > >>Chuck, > > >> > > >>I would have thought the only thing in the packet was the external > > >>address of my CE590 and a dynamic port number, associated with my > > >>session. I had no idea my internal address was also > 'hidden' in the > > >> > > >> > > >packet. > > > > > > > > >>scary. > > >>dave > > >> > > >>On Wed, 2 Feb 2005 08:44:35 -0600, Church, Chuck > > >><cchurch@netcogov.com> > > >>wrote: > > >> > > >> > > >>>Probably a javascript app running locally is telling > them. Or your > > >>>real address is embedded in the data portion of a > packet, that the > > >>>NAT process can't change. > > >>> > > >>>Chuck Church > > >>>Lead Design Engineer > > >>>CCIE #8776, MCNE, MCSE > > >>>Netco Government Services - Design & Implementation Team 1210 N. > > >>>Parker Rd. > > >>>Greenville, SC 29609 > > >>>Home office: 864-335-9473 > > >>>Cell: 703-819-3495 > > >>>cchurch@netcogov.com > > >>>PGP key: > > >>>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D > > >>> > > >>>-----Original Message----- > > >>>From: nobody@groupstudy.com > [mailto:nobody@groupstudy.com] On Behalf > > >>>Of cc ie > > >>>Sent: Wednesday, February 02, 2005 7:55 AM > > >>>To: ccielab@groupstudy.com > > >>>Subject: internal IP should be hidden ? Shouldn't it ? > > >>> > > >>>My CE590 sits behind my PIX525 which sits behind my 7204VXR. > > >>> > > >>>All port 80 traffic gets redirected into the CE590, 1918 > addresses > > >>>gets PAT at the external interface of the cache engine. > After which > > >>>is flows through the PIX before it leaves via 7204 out > to the ISP. > > >>> > > >>>Diagram: > > >>>INTERNET > 7204VXR > PIX525 > CE590> Switch>LAN> ME :-) > > >>> > > >>>Can somebody please tell me how these guys at auditmypc > can sniff my > > >>>internal address ? > > >>>http://www.auditmypc.com/freescan/scanoptions.asp > > >>> > > >>>Dave > > >>> > > > >>>___________________________________________________________ > _________ > > >>>__ _ Subscription information may be found at: > > >>>http://www.groupstudy.com/list/CCIELab.html > > >>> > > >>> > > > >>____________________________________________________________ > __________ > > >>_ Subscription information may be found at: > > >>http://www.groupstudy.com/list/CCIELab.html > > >> > > >> > > > > > > >_____________________________________________________________ > __________ > > >Subscription information may be found at: > > >http://www.groupstudy.com/list/CCIELab.html > > ______________________________________________________________ > _________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:16 GMT-3