From: Ellen K. 

Looks like another case of "You get what you pay for." ?

On Wed, 9 Mar 2005 11:27:38 -0500, "Rich Gauszka"
 wrote in message :

>I have Java on all three PCs I tested yet only the laptop was exposed. I
>switched the laptop from ZoneAlarmFree to ZoneAlarmPro and tested again with
>no exposure.
>
>
>"Paul Ranson"  wrote in message
>news:422f20a5$1{at}w3.nls.net...
>> It uses a Java applet to determine your local IP address. No Java, no
>> address.
>>
>> The applet posts the local address back to the server, so now they know
>> too.
>>
>> I don't see how exposing a local, but unreachable, IP address is a
>> vulnerability. I also don't see any need for Java. Problem solved.
>>
>> Paul
>>
>> "Robert Comer" 
wrote in message
>> news:422f0de9{at}w3.nls.net...
>>> It doesn't show my internal IP address, it just shows my router's
>>> external IP address.
>>>
>>> - Bob Comer
>>>
>>> "Gregg N"  wrote in message
>>> news:Xns9614AF6BC6B6gregginvalidinvalid{at}216.144.1.254...
>>>> Could someone behind a NAT firewall visit this site and see if it
>>>> reveals
>>>> your private (192.168.x.x) IP address? It shows mine (both
IE and FF),
>>>> but
>>>> I haven't investigated to see if it is actually revealing a security
>>>> vulnerability. I suspect the address is being generated
and displayed
>>>> locally by whatever script is running on the page.
>>>>
>>>> http://www.auditmypc.com/whats-my-ip.asp
>>>>
>>>> Gregg
>>>
>>>
>>
>>
>

--- BBBS/NT v4.01 Flag-5