[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  uffe <uffe at northpole dot se>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Grabbing internal ip address
 Date:  Wed, 17 Nov 2004 19:54:12 +0100
On 17.11.2004 19:02 +0100, uffe wrote:

> When surfing (IE6) to
> http://www.auditmypc.com/freescan/scanoptions.asp using this PC on
> LAN they can detect the internal adress to 192.168.100.20

Yeah, but that's not because of m0n0wall. It works using Java - a
Java applet is run on your machine, obtains the local IP address and
sends it to the server. Not a security risk per-se (what would they
do with your LAN IP address anyway?), but if you were really
security-consicous, you'd have disabled Java(Script), ActiveX and all
that stuff anyway.

This is the code they use (http://www.auditmypc.com/auditmypc.class):

---
public class auditmypc extends Applet
{

    public auditmypc()
    {
    }

    public void start()
    {
        String s = "unknown";
        String s1 = getDocumentBase().getHost();
        byte byte0 = 80;
        showStatus("1) Visit http://www.auditmypc.com ");
        try
        {
            String s2 = (new Socket(s1,
byte0)).getLocalAddress().getHostAddress();
            if(!s2.equals("255.255.255.255"))
                s = s2;
        }
        catch(Exception exception)
        {
            showStatus("2) Visit http://www.auditmypc.com ");
        }
        try
        {
            URL url = new URL(getDocumentBase(), "audit.asp?a=" + s);
            getAppletContext().showDocument(url, "_self");
        }
        catch(Exception exception1)
        {
            showStatus("3) Visit http://www.auditmypc.com ");
        }
    }

    String Ip;
}
---

Greets,

Manuel