|
-
May 17th, 2008, 07:30 PM
#11
Yo neg, it wasn't a typo ;-)
Anyway, by server I mean WEB Server. IIS, Apache, whatever have built in functions that gather tons of data. You know that IP addresses are gathered but all sorts of other data is also captured by default. To get the NAT address one only has to ask. You can use encapsulation (pretty much a pain) or script the request in a session id (easiest)
Firewalls and ad ons like noscript will prevent most of this. But the main thing to remember is that YOU initiated the connection to my server, I didn't. In essence your firewall completely trusts my server 'cause you initiated the connection. Now all I need to do is (put simply) an ARP request.
09:F9:11:02:9D:74:E3:5B  8:41:56:C5:63:56:88:C0
Similar Threads
-
By whatever878787 in forum Web Development
Replies: 2
Last Post: July 28th, 2006, 06:50 PM
-
By Kronos2k4 in forum Web Security
Replies: 5
Last Post: April 9th, 2004, 02:24 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By hot_guy in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: August 2nd, 2003, 02:18 PM
-
By jared_c in forum Microsoft Security Discussions
Replies: 14
Last Post: June 28th, 2002, 09:09 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote