From: cc ie (davidscottmartin@gmail.com)
Date: Wed Feb 02 2005 - 15:50:23 GMT-3
Scott,
Just brilliant, from now on I'll endeavour to provide more detail. Yes
Its just a cache engine, pushing its URL filtering through websense.
Roman, mate I will try your setting shortly, considering its after
hours I dont anybody would mind. I let you know how it goes.
Thankyou both.
On Wed, 02 Feb 2005 20:39:37 +0300, Roman Volkov <rvolkov@technoserv.ru> wrote:
> With default configuration CE590 set internal ip addr of host who send
> HTTP request in X-Forwarded-For variable in HTTP header.
> For supress it try to set:
>
> no http append x-forwarded-for-header
>
> or something similar, anyway search string "x-forwarded-for-header" in CLI
>
> _
> Roman
>
> >At the IP layer, that's all the world sees is the translated address... But
> >digging further down may tell a different story.
> >
> >How are you running your CE590? As a true proxy or as a web-cache?
> >
> >Bear in mind, I haven't tried running one as a proxy, so my answer may not
> >be accurate here. But a "true" proxy will end one connection and start a
> >complete new one. With that, the folks on the web, even at the higher
> >layers shouldn't see your address.
> >
> >If you are a web-cache though, there really is a bit of magic passing back
> >and forth as the cache spoofs each end but essentially echo's packets back
> >and forth, which means whatever your client originally sent in the
> >application payload gets sent back out.
> >
> >HTH,
> >
> >
> >Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
> >#4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist, IP
> >Telephony Support Specialist, IP Telephony Design Specialist, CISSP
> >CCSI #21903
> >swm@emanon.com
> >
> >
> >
> >
> >-----Original Message-----
> >From: cc ie [mailto:davidscottmartin@gmail.com]
> >Sent: Wednesday, February 02, 2005 11:32 AM
> >To: swm@emanon.com
> >Cc: Church, Chuck; ccielab@groupstudy.com
> >Subject: Re: internal IP should be hidden ? Shouldn't it ?
> >
> >Scott,
> >
> >So would these guys need to push an java app onto my pc before they could
> >read my internal IP, is that how they do it ? Or do I just send my internal
> >IP out anyway regardless ?
> >I'm interesting because I always thought the world only saw my proxied PAT
> >address.
> >
> >http://www.auditmypc.com/freescan/scanoptions.asp
> >
> >cheers
> >dave
> >
> >On Wed, 2 Feb 2005 10:02:23 -0500, Scott Morris <swm@emanon.com> wrote:
> >
> >
> >>There are many applications that embed the host's IP in the upper
> >>layers of the packet. Take a sniffer to your network sometime. :)
> >>
> >>
> >>Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service
> >>Provider) #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications
> >>Specialist, IP Telephony Support Specialist, IP Telephony Design
> >>Specialist, CISSP CCSI #21903 swm@emanon.com
> >>
> >>
> >>-----Original Message-----
> >>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> >>Of cc ie
> >>Sent: Wednesday, February 02, 2005 9:57 AM
> >>To: Church, Chuck
> >>Cc: ccielab@groupstudy.com
> >>Subject: Re: internal IP should be hidden ? Shouldn't it ?
> >>
> >>Chuck,
> >>
> >>I would have thought the only thing in the packet was the external
> >>address of my CE590 and a dynamic port number, associated with my
> >>session. I had no idea my internal address was also 'hidden' in the
> >>
> >>
> >packet.
> >
> >
> >>scary.
> >>dave
> >>
> >>On Wed, 2 Feb 2005 08:44:35 -0600, Church, Chuck
> >><cchurch@netcogov.com>
> >>wrote:
> >>
> >>
> >>>Probably a javascript app running locally is telling them. Or your
> >>>real address is embedded in the data portion of a packet, that the
> >>>NAT process can't change.
> >>>
> >>>Chuck Church
> >>>Lead Design Engineer
> >>>CCIE #8776, MCNE, MCSE
> >>>Netco Government Services - Design & Implementation Team 1210 N.
> >>>Parker Rd.
> >>>Greenville, SC 29609
> >>>Home office: 864-335-9473
> >>>Cell: 703-819-3495
> >>>cchurch@netcogov.com
> >>>PGP key:
> >>>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
> >>>
> >>>-----Original Message-----
> >>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> >>>Of cc ie
> >>>Sent: Wednesday, February 02, 2005 7:55 AM
> >>>To: ccielab@groupstudy.com
> >>>Subject: internal IP should be hidden ? Shouldn't it ?
> >>>
> >>>My CE590 sits behind my PIX525 which sits behind my 7204VXR.
> >>>
> >>>All port 80 traffic gets redirected into the CE590, 1918 addresses
> >>>gets PAT at the external interface of the cache engine. After which
> >>>is flows through the PIX before it leaves via 7204 out to the ISP.
> >>>
> >>>Diagram:
> >>>INTERNET > 7204VXR > PIX525 > CE590> Switch>LAN> ME :-)
> >>>
> >>>Can somebody please tell me how these guys at auditmypc can sniff my
> >>>internal address ?
> >>>http://www.auditmypc.com/freescan/scanoptions.asp
> >>>
> >>>Dave
> >>>
> >>>____________________________________________________________________
> >>>__ _ Subscription information may be found at:
> >>>http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>______________________________________________________________________
> >>_ Subscription information may be found at:
> >>http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:16 GMT-3