[Dshield] How do I determine NAT address

Stephane Grobety security at admin.fulgan.com
Fri Mar 18 08:31:03 GMT 2005

Hello Chris,

Let's answer straight: you cannot do that at the IP level, you need
something in the application layer.

Johannes has already put something like that in place: using java and
javascript to reload a web page, placing the workstation's local IP
address in the HTTP request parameters. The trouble is: it won't
always work. It didn't work on my machine and didn't work on other
machines I've tried (although it would probably work better if is was
digitally signed by a root that is installed on my machine ;)).

It sounds like you're trying to build a user authetication and
license management system: is that what you're doing ? Because, if
that's what you're doing, then I think you aren't going in the correct
direction (i.e. it won't work that way with any kind of reliability).

Good luck,

Thursday, March 17, 2005, 4:51:53 PM, you wrote:

CM> I have a need to determine a local IP address when a user logs in to a
CM> secured portion of my web site.  The external IP is showed in the logs but I
CM> need to know if I can determine the local address behind the firewall.  Can
CM> someone point me in the right direction or offer me a solution?  I need to
CM> determine which workstations are logging in and that user names are not
CM> being shared from the same WAN link.  The site is on a Win 2K3 box.

More information about the list mailing list