From: "Robert Comer" 

> I have Java, so that's definitely not what it did here.

Ahh, it does do that I now see, but apparently I'm not vulnerable.

- Bob Comer


"Robert Comer"  wrote in
message news:422f229a$1{at}w3.nls.net...
>> It uses a Java applet to determine your local IP address. No Java, no
>> address.
>
> I have Java, so that's definitely not what it did here.
>
>> I don't see how exposing a local, but unreachable, IP address is a
>> vulnerability. I also don't see any need for Java. Problem solved.
>
> For the most part it's safe to know the internal IP address, it's only a
> problem if someone cracks your gateway, but then your network is his
> anyway if that's the case. 
>
> As for Java, I use sever things that are Java only, so I don't have a
> choice. (nor am I afraid of using it...)
>
> - Bob Comer
>
>
> "Paul Ranson"  wrote in message
> news:422f20a5$1{at}w3.nls.net...
>> It uses a Java applet to determine your local IP address. No Java, no
>> address.
>>
>> The applet posts the local address back to the server, so now they know
>> too.
>>
>> I don't see how exposing a local, but unreachable, IP address is a
>> vulnerability. I also don't see any need for Java. Problem solved.
>>
>> Paul
>>
>> "Robert Comer" 
wrote in message
>> news:422f0de9{at}w3.nls.net...
>>> It doesn't show my internal IP address, it just shows my router's
>>> external IP address.
>>>
>>> - Bob Comer
>>>
>>> "Gregg N"  wrote in message
>>> news:Xns9614AF6BC6B6gregginvalidinvalid{at}216.144.1.254...
>>>> Could someone behind a NAT firewall visit this site and see if it
>>>> reveals
>>>> your private (192.168.x.x) IP address? It shows mine (both
IE and FF),
>>>> but
>>>> I haven't investigated to see if it is actually revealing a security
>>>> vulnerability. I suspect the address is being generated
and displayed
>>>> locally by whatever script is running on the page.
>>>>
>>>> http://www.auditmypc.com/whats-my-ip.asp
>>>>
>>>> Gregg
>>>
>>>
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5