From: "Robert Comer" 

> It uses a Java applet to determine your local IP address. No Java, no
> address.

I have Java, so that's definitely not what it did here.

> I don't see how exposing a local, but unreachable, IP address is a
> vulnerability. I also don't see any need for Java. Problem solved.

For the most part it's safe to know the internal IP address, it's only a
problem if someone cracks your gateway, but then your network is his anyway
if that's the case. 

As for Java, I use sever things that are Java only, so I don't have a
choice. (nor am I afraid of using it...)

- Bob Comer


"Paul Ranson"  wrote in message
news:422f20a5$1{at}w3.nls.net...
> It uses a Java applet to determine your local IP address. No Java, no
> address.
>
> The applet posts the local address back to the server, so now they know
> too.
>
> I don't see how exposing a local, but unreachable, IP address is a
> vulnerability. I also don't see any need for Java. Problem solved.
>
> Paul
>
> "Robert Comer" 
wrote in message
> news:422f0de9{at}w3.nls.net...
>> It doesn't show my internal IP address, it just shows my router's
>> external IP address.
>>
>> - Bob Comer
>>
>> "Gregg N"  wrote in message
>> news:Xns9614AF6BC6B6gregginvalidinvalid{at}216.144.1.254...
>>> Could someone behind a NAT firewall visit this site and see if it
>>> reveals
>>> your private (192.168.x.x) IP address? It shows mine (both IE and FF),
>>> but
>>> I haven't investigated to see if it is actually revealing a security
>>> vulnerability. I suspect the address is being generated and displayed
>>> locally by whatever script is running on the page.
>>>
>>> http://www.auditmypc.com/whats-my-ip.asp
>>>
>>> Gregg
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5