LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-24-2004, 04:05 AM   #1
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
private network IP 'detected'


Hello all...

I came across this website that does a security scan on your system. I initiated the scan from my workstation which is NATed behind my busybox/firewall. The scan detected my IP as the firewall, and correctly reported the ports I expected to be open. But then at the bottom of the page:

Quote:
Notice!, your natted (or real) IP address is xxx.xxx.xxx.xxx. This information can be used to track your activities. I should not be able to obtain this information if your security is properly configured!
The IP listed is my private network IP address of my workstation...How could it find this out? And better, how can I fix this?

The firewall is running gentoo with the grsecurity-sources (2.4.26-rc9) at a custom but very high security level. The workstation also runs gentoo (among others) with a grsec patched kernel at the default 'low' setting (which I assume is still higher than a 'stock' kernel).

Any ideas would be appreciated...
 
Old 08-24-2004, 05:26 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I would guess it's something application layer. Try turning off cookies/javascript and re-running the test.
 
Old 08-24-2004, 07:01 AM   #3
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760

Original Poster
Blog Entries: 4

Rep: Reputation: 78
Odd. The warning has disappeared. I didn't turn off javascript or anything. The only difference I can think of is that I had a ssh session open to the firewall the first time. This irks me.
 
Old 10-05-2004, 02:07 PM   #4
jlangarano
LQ Newbie
 
Registered: Oct 2004
Posts: 1

Rep: Reputation: 0
Hi,

But any time you have a connection to the server it will reveal your LAN ip address?
 
Old 10-05-2004, 03:03 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760

Original Poster
Blog Entries: 4

Rep: Reputation: 78
Yes. It only shows the private LAN address if I have a ssh session open from workstation to server/firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Private/Local Network whohasit Linux - Networking 5 07-20-2005 01:18 PM
how to setup a sub-network in a private netwok charankhv Linux - Networking 0 04-26-2005 12:52 AM
subdomain on private network dtra Linux - General 2 04-03-2005 07:27 PM
Virtual Private Network Setup? gentoo_newbie Linux - Software 3 12-31-2004 12:21 AM
Virtual private network citrus Linux - Networking 1 05-24-2004 08:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration