[Dshield] little experiment

Henry Hertz Hobbit hhhobbit at comcast.net
Wed Mar 2 18:28:52 GMT 2005

On Tue, 2005-03-01 at 22:40, Abuse wrote:
> ** Reply to message from "Johannes B. Ullrich" <jullrich at euclidian.com> on Tue,
> 01 Mar 2005 17:42:54 -0500
> > > How do you get the "behind firewall address"?? 
> > 
> > its a little bit of javacode I found. Essentially, it tells your browser 
> > to reload the page, but adds the IP address of your system to the end
> > (you will see 'IP=' at the end of the URL).
> Strange.  I have JAVA enabled but my internal IP was not given, I am using
> Mozilla v1.7.
> > There are a couple of tricks to just display it locally with javascript. 
> > But so far, I have only seen java code that was able to actually send it 
> > to the server.
> > 
> > As others have commented, many e-mail clients (e.g. mine) add it to the 
> > header, or mail servers add them if they are inside the natted network.
> > 
> > If someone knows how to tell thunderbird not to send the IP as part of 
> > the 'helo', let me know ;-)
> I don't know how Thunderbird works but here is what I did for my email client. 
> Polarbar gets the IP of the machine it is running on and does a DNS lookup, if
> it does not resolve it uses the IP for the HELO.  If it does resolve it uses
> the resolved domain name for the HELO.  I added my machines IP to the HOSTS
> file and put the domain name I wanted to use externally there.  Since this is a
> laptop using DHCP at home I always get the same IP and when I travel, who knows
> what IP comes up, I really don't care if the IP is used but if I did I could
> change the HOSTS file.

I am the one that first said that your IP shows up in the email header
in the thread.

Your method does NOT work on Linux, OpenBSD or most other versions of
Unix (not tested on all of them).  Further, it doesn't matter whether or
not you are using Thunderbird, Evolution, or some other MUA.  In answer
to the next question I see forthcoming, YES, my nsswitch.conf file has
ALWAYS had files first (on Unix it goes to each in order as specified). 
I currently use:

hosts:      files dns

I am not using nis, nisplus, or db on this machine.  So if you were
counting on this tip to work, it is some sort of anomaly that only works
with Windows.  I am trying to think if there is some reason it needs to
be there from the transport layer network perspective, and don't have an
answer right now.  By that I mean, if you have multiple machines on an
internal NAT'd subnet all talking to the same external SMTP server, is
it needed to avoid collisions?  I would say no, since each connection IS
a dedicated TCP connection.  For some reason there is this nagging
thought in the back of my mind that the sending IP is required by some
RFC for email.

Key Name:  "Henry Hertz Hobbit"
Key fingerprint = 924E BE61 1ACF B87A DCA9 009E E74C 183D 0164 F7D5

More information about the list mailing list