[Dshield] IP addresses from little experiment....
Johannes B. Ullrich
jullrich at euclidian.com
Thu Mar 3 13:58:06 GMT 2005
Richard Golodner wrote:
> I think what people are wondering is how does the NMap scan cull the
> ip address from hosts behind the firewall. For example host address is
> 192.168.1.70 behind Pix 6.3 or something like that. I am wondering anyway.
> Richard Golodner
>
Not sure if I already responded to this...
nmap didn't play a role in getting your "behind the firewall IP".
The IP was extracted using a small Java applet. Essentially, the java
applet instructed your system to reload the page, and add the local ip
address to the URL. If you look closely, you may see that first you hit
http://www.amihacked.com/index.html
then the page will reload and the url will change to
http://www.amihacked.com/index.html?IP=10.10.10.10
I am not sure if this is even considered a bug in Java. I could probably
extract more about your system using that method. For example some OS
details, or like another reader pointed out, information about other
java programs running on your system.
However, I should not be able to access any files, unless you permit the
applet to do so. But past java bugs allowed applets to "break out" of
the java virtual machine and bypass these restrictions.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20050303/ce5b4669/signature.bin
More information about the list
mailing list