We help IT Professionals succeed at work.

private IPs

414 Views
Last Modified: 2013-11-19
Is there any way possible that my un-natted private IP address can go out and get past the first ISP gateway that I hit?  My laptop has a private address 192.168.1.22 and my friend who has a web site claims that he could see my 192.168.1.22 when I attempt to access it.
As a test, I turned off natting in my router so that my 192.168.1.22 did not nat to the router public IP as it usually did.  And though his server (linux) did not respond to my private IP, as expected, he did say that his tcpdump did see my 192.168.1.22
Is that even possible???  That violates everything I thought about the private RFC 1918 address.
I could imagine that my packets sourced from 192.168.1.22 might exit my router and hit my ISPs gateway, but after that???
Does anyone have any thoughts or knowledge on this?
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Ted

Author

Commented:
That's what I always believed.  But when he said he has a tcpdump with my private IP at the exact time I was accessing it, it got me to thinking...  The internet for the most part does its routing based on the destination addresses in the packets.  So I thought maybe it was possible that the particular internet routers in the path between us just "blindly" forwarded the packets from me to him based on his destination address.  Then when it got to him, the packets were obviouly dropped because he wouldn't be able to respond to 192.168.1.22, the return path would die because now the destination is a private address.
I know how this is supposed to work, but I'm wondering if there is any way that the internet let my packets thru??  

Now I have also heard that there are some pc audit sites that can look at what your PC connection to them is and tell what your internal IP is.
gsmartinManager of IT
CERTIFIED EXPERT

Commented:
Routers will route traffic based on the public destination IP, but as soon as it has to respond and send traffic back based on a private source IP the packets will get dropped.  On my external Internet routers I have ACLs in place specifically dropping private IP addresses from entering or going out.
Ted

Author

Commented:
Yes, I figured that all internet routers would have ACLs to block private IPs both as sources and destinations, that has always been my understanding.  But what are the chances that a public connection between myself and my partner's web site would allow my source private IP 192.168.1.22 (un-natted) to make it all the way there before he drops the packet?  I'm perplexed.

And it appears my second question is a separate issue, that one and only of my two laptops that are behind the same firewall has its private IP displayed when I browse to pc audit site....  -Why is that?  It makes me wonder what else my laptop is spewing out for the world to see.
gsmartinManager of IT
CERTIFIED EXPERT

Commented:
Internet routers by default don't have ACLs to block private IPs.  This is up to the network admin to block such traffic.

As far as your second question/issue, depending on your environment, the source IP address in a IP packet header are usually modified by a network device or device(s) that proxy or NAT traffic; normally when connected to the Internet, but traffic can also be NAT'd between private networks as well.  The type of devices that typically modify packet headers are Proxy servers, content filters, Firewalls (Software or Hardware), and/or router(s) configured to NAT traffic.  Therefore, when packets are NAT'd the source IP Address is replaced appropriately.

Note properly configured firewalls implicitly block all outound traffic and then selectively allow ports/services and/or applications (depending on the firewall) out to the Internet; as with inbound traffic.  Old school and consumer stateful firewalls generally allow all traffic from higher security level interface(s), without configuration, to transverse to lower security interfaces; this goes against current security practices.
Ted

Author

Commented:
1.  I can understand that it is the responsibility of the internet network admins to block the private IP traffic (for both source and destinations).  I just find it incredible that according to someone's logs, they received my un-natted private IP.  In my understanding that is impossible in today's internet.  So I was curious if that really has happened or is he hallucinating.

2.  And for the second issue, I had two laptops going to the same pc audit web site, on the internet, and that web site could see the private IP of one laptop and not the other.  Both were behind the same firewall which was doing the natting.  This was done in a home network, residential internet service.  So I had to conclude it had something to do with the laptop itself.  Don't you agree?

Commented:
My thoughts:

1. Yes, usually private IPs are dropped in internet network routers. How many hops do you have between you and your friend (traceroute)? Do you have any VPN to his network?

2. There are several layers of communication involved. The IP layer has the private IP replaced because of NATing. However you could be reporting your private IP through higher levels of communication.
See for example http://ipaddr.es/what-is-my-private-ip.php and http://ipinfo.info/html/privacy-check.php - I would guess that one of these shows your private IP on computer one but not on computer two.
gsmartinManager of IT
CERTIFIED EXPERT

Commented:
Question 1: Here's an excerpt from RFC 1918 that basically stipulates it's up to the individual Internet Service Providers to prevent private IP traffic from routing; otherwise traffic will route.


RFC 1918        Address Allocation for Private Internets   February 1996

  "Because private addresses have no global meaning, routing information
   about private networks shall not be propagated on inter-enterprise
   links, and packets with private source or destination addresses
   should not be forwarded across such links. Routers in networks not
   using private address space, especially those of Internet service
   providers, are expected to be configured to reject (filter out)
   routing information about private networks. If such a router receives
   such information the rejection shall not be treated as a routing
   protocol error.

   Indirect references to such addresses should be contained within the
   enterprise. Prominent examples of such references are DNS Resource
   Records and other information referring to internal private
   addresses. In particular, Internet service providers should take
   measures to prevent such leakage.
"

As you can see, there is no mandate or mechanism that specifically filters/drops private IP packets from routing; other than a guideline.

Question 2:  This issue may likely come down to a firewall, application or some other configuration causing one system to act differently than the other; without doing some troubleshooting it's hard to tell.  You can use a free Network Analyzer utility like WireShark to inspect the IP packet headers; as well as some SysInternal tools to further investigate the problem.
Ted

Author

Commented:
Very interesting comments.
1.  I need to see my cohorts tcpdump before I can truly see whether or not my private 192.168.1.22 is getting all the way through.  In answer to your question, he is on a separate ISP than me.  So if one ISP is incorrectly letting forwarding a private IP source, boy the chances of multiple ISPs doing the same thing in the same path would be highly improbable.
Any chance that REALLY actually happening?  My guess is no and I should double check his tcpdump, there may be something else embedded in a higher application that is giving up that IP.  Do you agree?

2.  Interesting that depending on OS and explorer and other softwares, there are several things about one's laptop that become known when they go on the internet.  Is there any whitepaper or other study about the various laptop configurations that can tell diffferent things about it?  And measures on how to keep that private?

Thanks!

Commented:
> My guess is no and I should double check his tcpdump,
> there may be something else embedded in a higher
> application that is giving up that IP.  Do you agree?

Please note also that IF the network routers did allow this traffic through, this would be strictly one way communication - you would not receive any return traffic. In point 2 we are discussing exactly this - higher levels of communication.

> Is there any whitepaper or other study about the various laptop configurations

There can be some references to what is possible (I specified two options already - java applet and HTTP headers) but certainly there can't be a whitepaper covering all possible combinations and what comes through. There are infinite number of combinations of OS (type, version + installed pathes + installed software), firewall, proxy settings and installed browser (type, version, settings).
Ted

Author

Commented:
1.  Good point.  In my case here, his router (linux server) at the other end dropped those packets because now my 192.168.1.22 became the destination,  so those internet routers would never see it anyway.

2. Yeah, that would be a lot of ground to cover in one study.  Would be interesting though if someone had the time and energy to do thru all the iterations of configurations and the mitigations (lots of "tions", this could be song ;-).

Thanks again.

Commented:
You didn't post back - did you see your private IP on (at least one) test site from one PC and on the not from other
http://ipaddr.es/what-is-my-private-ip.php 
http://ipinfo.info/html/privacy-check.php

PS:
I you feel your question is answered you should close the question.
Ted

Author

Commented:
Yes, I meant to ask you about that.  When I went to  http://ipaddr.es/what-is-my-private-ip.php  I received the message that my IE blocked this site from installing an ActiveX control on my computer... then I was given the option to install this Add-on for all users of this computer.  My paranoia made me decline it.   Was it that ActiveX control that would have caused my browser give up the private IP address to the web site?
gsmartinManager of IT
CERTIFIED EXPERT

Commented:
Yes, it's trying to grab your IP info.

Commented:
Actually ActiveX should have nothing to do with it.

The page should use a java applet that is trying to get your IP... I don't know why are you getting a promt for installing an ActiveX component (I don't - even when tried in IE).
gsmartinManager of IT
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Ted

Author

Commented:
Thanks guys.  The back and forth actually helped me understand the issue better.
Ted

Author

Commented:
Thank you.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.