LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-27-2007, 02:51 AM   #1
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Exclamation Did you know that they know your internal ip?


Well,this is true if you go to http://auditmypc.com with java and java script enabled in your browser and click on internal ip,there you will see your internal ip listed.The good thing is that they tell you they do it with java and java script,but they dont tell you how.If you disable java and java script then you are ok.But I want to browse the internet with java enabled,so I tried to handle this with NAT,but I guess I configured my router wrong because firefox couldnt establish any conection when I configured router to translate for example 192.168.1.47 to 192.168.1.198 where 192.168.1.47 being my internal ip.Also I found a post where a guy with NAT that works claims that they did find out his internal ip.So,if they can do it...?This is with no doubt great security issue and I know that no firewall can help you with that.Anybody have an idea how to handle this,without using a proxy of course,but then again,maybe they can find out even then?
 
Old 12-27-2007, 03:06 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Install NoScript and then only allow Java and JavaScript for trusted sites.
 
Old 12-27-2007, 03:46 AM   #3
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733

Original Poster
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
I already use noscript,but I want to find another way!
With java enabled.
 
Old 12-27-2007, 03:57 AM   #4
rupertwh
Member
 
Registered: Sep 2006
Location: Munich, Germany
Distribution: Debian / Ubuntu
Posts: 297

Rep: Reputation: 49
How is knowing your internal ip a "great security issue"?

Mine is 192.168.30.2. Now hack me.

Browsing untrusted sites with scripting enabled is something you might give a second thought instead.
 
Old 12-27-2007, 05:06 AM   #5
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733

Original Poster
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Please go to the http://auditmypc.com/internal-ip.html and read what they say.
 
Old 12-27-2007, 05:41 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
Knowing a local 192.168.xxx.xxx address is pretty useless because it is a non-routable address that many other people use in their networks. Knowing your current internet address is more important and that is something you can't hide easily unless you go through a tor router.
 
Old 12-27-2007, 07:43 AM   #7
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 5,237

Rep: Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897
Quote:
Please go to the http://auditmypc.com/internal-ip.html and read what they say.
I did, and kept reading from the phrase "Don't panic"
 
Old 12-27-2007, 05:38 PM   #8
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by alan_ri View Post
I already use noscript,but I want to find another way!
With java enabled.
I don't get it. What's the point of having NoScript but not using it? I mean, if the problem is caused by Java (or whatever), then disabling Java for untrusted sites is a quick yet flexible method of protection. If you are running NoScript then you basically had to willingly click the Temporarily allow auditmypc.com thing in order for their checker to work. You *know* the inherent danger of allowing a site to execute code on your box, right? You can't have your cake and eat it too.

Also, I agree with the others in that knowing your private IP isn't in and of itself a security vulnerability, and definitely not a "great security issue" as you've stated in your first post. If you want to maintain Java enabled throughout (really bad idea IMHO), and don't want to filter this at a proxy or whatever, then I guess your next step might be to figure-out *how* their Java thing is determining your IP. You might then be able to attack that by adjusting file permissions or something of that nature, I don't know. This sort of blacklist-based approach is really weird IMHO. Are you also going to track-down every other nugget of information which can be gained by executing Java code on your browser?
 
Old 12-27-2007, 06:01 PM   #9
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by rupertwh View Post
How is knowing your internal ip a "great security issue"?

Mine is 192.168.30.2. Now hack me.
QFT


Mine is 192.168.2.122....see if you can hack me

This is from the link http://auditmypc.com/internal-ip.html ....
Quote:
Don't panic, even if someone has this information, there is not much that can be done with it.
Without my public IP that it's NATing (is that a word?) you can't do much with a private IP....

Last edited by custangro; 12-27-2007 at 06:04 PM.
 
Old 12-27-2007, 06:57 PM   #10
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Guys, please try to fight the urge to post these "hack me" messages. I think most of us agree that knowing your private IP doesn't really give an attacker much of an upper hand (at least not in cases where routers are properly configured, etc). You are essentially preaching to the choir. Considering that he's already been warned about the danger of allowing sites to execute code on his box, and that he knows that preventing said execution would eliminate the ability for this sort of information disclosure to occur, lets try to focus on what is being asked.

I think it basically boils down to something like: Does anyone know how one could prevent a *running* Java applet from observing the IP of the machine it is running on?

Last edited by win32sux; 12-27-2007 at 07:07 PM.
 
Old 12-27-2007, 09:53 PM   #11
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733

Original Poster
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
There are no answers,only choices!
Thank you anyway!
-from auditmypc;"A malicious website owner could use a similar method to grab a lot more than your internal IP address, and you wouldn't even know it!"
-credit cards,private info etc.,if that is not a "great security issue" what is?
Do you ever really know what you giving away?-internal ip may be the answer.And is not about me doing the hack,its about web site exploiting you!
 
Old 12-27-2007, 10:37 PM   #12
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
-from auditmypc;"A malicious website owner could use a similar method to grab a lot more than your internal IP address, and you wouldn't even know it!"
Ummm, yes. Stuff like that is *expected* when you let sites execute code on your box. Were you seriously not aware of this until you went to the auditmypc.com website?

Quote:
-credit cards,private info etc.,if that is not a "great security issue" what is?
The main "security issue" that I see here is your unwillingness to disable Java/JavaScript for untrusted websites even though you know how dangerous it is. Look, when you go around the big bad Internet letting any site execute code on your box you are taking a HUGE risk. It's just the nature of executable code.

Quote:
Do you ever really know what you giving away?-internal ip may be the answer.And is not about me doing the hack,its about web site exploiting you!
I don't have Java installed - and I use NoScript to disable everything else unless I need it - precisely for these sort of reasons. I don't get it. It sounds like you are freaking-out because you just got your first glimpse of the possibilities which are created when you let complete strangers execute code on your box.

Last edited by win32sux; 12-27-2007 at 10:41 PM.
 
Old 12-28-2007, 09:33 AM   #13
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733

Original Poster
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Wink

Win32sux,I aggre with you on allmost everything you were saying,I just wanna find out if there is another way to disable them,or anybody else to find out what I dont want them to find out whit java & java scrip enabled.
P.S. Im not freaking-out.
 
Old 12-28-2007, 10:15 AM   #14
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
If you want 100% security...then unplug you ethernet cable. Nothing is 100%...as long as you are a network (including the internet) then you are vulnerable.
 
Old 12-29-2007, 06:13 AM   #15
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
I took a look at the source code from their site and the only javascript I could find was for displaying google ads. If you could find documentation on how it is done, you may get an answer on defending against it.

One technique that I have read being tried is to run every webpage through some kind of a html tidy program. This technique is too fragil however.

There is another technique that a website could use where every other picture displayed on a page references a local address. The web site will then time how long the failed request takes. If it takes a longer amount of time to request the next picture on the site, the IP from the previous href isn't present on the local network. ( These pictures might be 1x1 pixels so you don't notice ). This technique doesn't use scripting at all.


Maybe an IP randomization technique where you use a random IP within your subnet might help make any IP info they get useless. If this was a part of the dhcpd client startup, it might work without causing collisions. This would be a lot of work for little benefit.

One thing you could do is keep track of which web applications (and sites that use them) have had cross site scripting issues (because they don't validate user input) in the past and avoid sites that use that software. On episode 86 of security now, Steve Gibson read some of the Cross Site scripting vulnerabilities discovered for the month of March.
http://www.grc.com/sn/SN-086.pdf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Internal DNS? carlosinfl Linux - Networking 1 05-07-2007 05:41 PM
All internal IP's are taken? kuplo Linux - Newbie 3 12-04-2005 06:29 PM
internal webserver Sern Linux - Networking 4 06-11-2005 12:26 PM
Internal wireless on/off help jdrietz Slackware 1 05-21-2005 08:03 PM
Installation of internal HP DAT 40i DDS internal tape drive netkepala Linux - Hardware 3 11-08-2004 12:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration