[Dshield] little experiment

Abuse abuse at what4now.com
Wed Mar 2 05:40:28 GMT 2005

** Reply to message from "Johannes B. Ullrich" <jullrich at euclidian.com> on Tue,
01 Mar 2005 17:42:54 -0500

> > How do you get the "behind firewall address"?? 
> its a little bit of javacode I found. Essentially, it tells your browser 
> to reload the page, but adds the IP address of your system to the end
> (you will see 'IP=' at the end of the URL).

Strange.  I have JAVA enabled but my internal IP was not given, I am using
Mozilla v1.7.

> There are a couple of tricks to just display it locally with javascript. 
> But so far, I have only seen java code that was able to actually send it 
> to the server.
> As others have commented, many e-mail clients (e.g. mine) add it to the 
> header, or mail servers add them if they are inside the natted network.
> If someone knows how to tell thunderbird not to send the IP as part of 
> the 'helo', let me know ;-)

I don't know how Thunderbird works but here is what I did for my email client. 
Polarbar gets the IP of the machine it is running on and does a DNS lookup, if
it does not resolve it uses the IP for the HELO.  If it does resolve it uses
the resolved domain name for the HELO.  I added my machines IP to the HOSTS
file and put the domain name I wanted to use externally there.  Since this is a
laptop using DHCP at home I always get the same IP and when I travel, who knows
what IP comes up, I really don't care if the IP is used but if I did I could
change the HOSTS file.

More information about the list mailing list