how secure am i, if homepage shows that infos about me?

Qubax

first of all have a look at http://www.leader.ru/secure/who.html
because this homepage shows me:
os
browser
proxy
external ip
internal ip (!!, my eth0)
date (my ~)
time (my local ~)

everything as it really is

i'm running the iptables-firewall script from http://projectfiles.com/firewall and have squid as a proxy (the homepage also shows me the version) with adzapper
can someone explain to me, how they can get my internal-ip(!!) and my time/date and all the other things (ok, maybe they are guessing from nearest something ..., but my time is that from my handclock and not from some server so it differs about one minute, as shown in the homepage)
till now i felt rather secure
can i block some of this information with iptables?

on other pages (like shieldsup) all my ports etc are blocked/stealthed ... , scan.sygate.com won't even start - so i think this part of the iptables-script is working correctly

please tell me that i'm not the only one having this lack of security

To · Posted: Wed Jul 09, 2003 10:59 am Post subject:

If you like pre-made firewalls you can try:

niki · n00b Joined: 25 May 2003 Posts: 19 Location: Switzerland

Hi

"COLLECTED INFORMATION"
Most of these infos are sent by your browser. When you request a page you browser sends a http request. In this request there fields like "User agent" or "OS". This page only reads this info and prints it out.

"ADDITIONAL INFORMATION"
The time is printed out with a JavaScript which is executed on you pc. With JavaScript you can read the time, Screen resolution, plugins .....

Normaly all of these infos aren't important.
These infos haven't anything to do with you Firewall script!!
If you feel paranoid you can disble JavaScript, Java.
I never Used squid but probably you can change the http request.

cu
niki

Genone · Posted: Wed Jul 09, 2003 1:15 pm Post subject:

Firewalls won't bring you much here as most or all these informations are provided by the browser, it's easy to get them from the HTTP headers or via javascript. Some of them are necessary, some are useful and some are nice to have, but none is IMO security sensitive.

Qubax · Posted: Wed Jul 09, 2003 2:30 pm Post subject:

and how do they get my internal ip? as mentioned above, by disabling javascript i can get rid of the additional infos, but i'm interested how much information can be gattered from my internal network, cause i thought, the firewall would keep informations from my network out of sight from the internet

69link · n00b Joined: 18 Apr 2003 Posts: 53 Location: Sweden

It seems SQUID does this as default:
# TAG: forwarded_for on|off
# If set, Squid will include your system's IP address or name
# in the HTTP requests it forwards. By default it looks like
# this:
#
# X-Forwarded-For: 192.1.2.3
#
# If you disable this, it will appear as
#
# X-Forwarded-For: unknown
#
#Default:
# forwarded_for on

Set this to off:
forwarded_for off

Qubax · Posted: Wed Jul 09, 2003 3:22 pm Post subject:

thx, a little point in the configs, that can be overseeen easily

paranode · l33t Joined: 06 Mar 2003 Posts: 679 Location: Texas

Some browsers can turn this "feature" off if you want them to. In Konqueror, you go to Settings -> Configure Konqueror -> Browser Identification and you can change what it sends or doesn't send in its requests.
_________________
Meh.

Crg · Guru Joined: 29 May 2002 Posts: 345 Location: London

amne · Posted: Wed Jul 09, 2003 5:15 pm Post subject:

my analysis: