Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: anonymous posting

  1. May 17th, 2008, 01:15 AM #11
    Negative
    Negative is offline
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Dino,

    I don't get it...

    JPnyc is correct BUT (don't you always hate the butts)
    OK... that's not what I don't get... it's just a funny typo


    If the hothead ran the physical server all bets are off. You connect to one of my servers and I know your internal IP even if you use NAT, your browser, your screen resolution hell If I wanted I could tell how much disk space you have. I'm guessing that the hothead posted A session cookie trying to look cool
    I'm not sure why it matters whether or not Mr. Hothead is running the server or not. How, when I'm using NAT, would you be able to see my internal IP (other than by using a cookie - not sure how that would even work)? If you can, I would like you to explain that. And if so, I would like you to explain how it matters whether or not you're running the server (and I really mean that... the more days go by, the more I realize I don't understand this stuff...).
    Reply With Quote Reply With Quote
  2. May 17th, 2008, 03:16 PM #12
    JPnyc
    JPnyc is offline
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Quote Originally Posted by tripstone
    Why couldn't an ip be stored in a cookie? A script that could write a cookie would most likely be coded by someone who also knew how to do, at the very least, a check for the ip of the requesting computer.
    I didn't say it couldn't, just that I doubted it would be. What's the purpose of it? If the guy he's concerned about is the admin of the forum, he sure doesn't need to put the IP into a cookie to know what it is.
    Reply With Quote Reply With Quote
  3. May 17th, 2008, 07:30 PM #13
    dinowuff
    dinowuff is offline
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Yo neg, it wasn't a typo ;-)

    Anyway, by server I mean WEB Server. IIS, Apache, whatever have built in functions that gather tons of data. You know that IP addresses are gathered but all sorts of other data is also captured by default. To get the NAT address one only has to ask. You can use encapsulation (pretty much a pain) or script the request in a session id (easiest)

    Firewalls and ad ons like noscript will prevent most of this. But the main thing to remember is that YOU initiated the connection to my server, I didn't. In essence your firewall completely trusts my server 'cause you initiated the connection. Now all I need to do is (put simply) an ARP request.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. help explain this bulletproof ftp server log
    By whatever878787 in forum Web Development
    Replies: 2
    Last Post: July 28th, 2006, 06:50 PM
  2. Distributed Computing - Anonymous Proxy Idea
    By Kronos2k4 in forum Web Security
    Replies: 5
    Last Post: April 9th, 2004, 02:24 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. the anonymity tutorial
    By hot_guy in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: August 2nd, 2003, 02:18 PM
  5. Weird FTP Attempts Log File
    By jared_c in forum Microsoft Security Discussions
    Replies: 14
    Last Post: June 28th, 2002, 09:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules