[LINK] technical question: security alert
Kim Holburn
kim at holburn.net
Thu Mar 5 09:53:28 AEDT 2009
On 2009/Mar/04, at 9:23 PM, Scott Howard wrote:
> On Wed, Mar 4, 2009 at 8:56 AM, Kim Holburn <kim.holburn at gmail.com>
> wrote:
>
>> Actually, if you use a ISP with a proxy or it unknown to you has a
>> transparent proxy this probably won't give you your IP.
>
>
> Most ISPs using transparent proxies also do "IP Spoofing" so that the
> packets hitting the website will appear to come from your IP address
> (ie,
> that of your NAT/ADSL link/etc) even though they actually don't.
I really doubt that ISPs that have transparent proxies would do this.
If they did the return packets from the web-site would go straight to
the client and not go through the proxy unless they caught them
somehow. That'd be a complicated setup. Certainly the only ISP I had
that had a transparent proxy did not do anything fancy like this. I
ended up knowing lots about that proxy because developing and updating
websites through a proxy, transparent or no, is a real pain.
> Corporates/etc generally won't do this so the IP addressof the
> connection
> will be that of the proxy itself, or (more likely) your NAT IP as
> that's
> normally after the proxy.
>
> Because it seems to be the day of posting your own IP checkers,
> http://ip.zsdemo.com adds something that most don't, which is that it
> explicitly differentiates between the IP address the request is
> received
> from, and the IP address in the X-forwarded-for header which many
> non-IP-spoofing proxies add in (if one exists). Most other sites will
> display one or the other, and it's often not clear which they are
> using.
>
> Scott.
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list