private network IP 'detected'

bulliver · 08-24-2004, 04:05 AM

Hello all...

I came across this website that does a security scan on your system. I initiated the scan from my workstation which is NATed behind my busybox/firewall. The scan detected my IP as the firewall, and correctly reported the ports I expected to be open. But then at the bottom of the page:

Quote:

Notice!, your natted (or real) IP address is xxx.xxx.xxx.xxx. This information can be used to track your activities. I should not be able to obtain this information if your security is properly configured!

The IP listed is my private network IP address of my workstation...How could it find this out? And better, how can I fix this?

The firewall is running gentoo with the grsecurity-sources (2.4.26-rc9) at a custom but very high security level. The workstation also runs gentoo (among others) with a grsec patched kernel at the default 'low' setting (which I assume is still higher than a 'stock' kernel).

Any ideas would be appreciated...

Capt_Caveman · 08-24-2004, 05:26 AM

I would guess it's something application layer. Try turning off cookies/javascript and re-running the test.

bulliver · 08-24-2004, 07:01 AM

Odd. The warning has disappeared. I didn't turn off javascript or anything. The only difference I can think of is that I had a ssh session open to the firewall the first time. This irks me.

jlangarano · 10-05-2004, 02:07 PM

Hi,

But any time you have a connection to the server it will reveal your LAN ip address?

bulliver · 10-05-2004, 03:03 PM

Yes. It only shows the private LAN address if I have a ssh session open from workstation to server/firewall.