IP addresses, Are firewalls suppose to hide them?

Maybe this is a stupid question, but I thought my Nortons firewall hid my IP address when surfing. I went to this stupid site called AuditMypc and they told me my IP address and said they got it because through Java applets. However I already deleted Microsoft Java and installed Sun Java. I am wondering if it is even important to have your IP address (internal) hid, or is that necessary and normal on all computers? Thanks

 

No, a firewall won't hide your IP address when surfing.

 

Thunder:

Thank you, i did not know that, I have not attained true greek status ,,,, yet....

 

I'll offer a slightly different take on that question -- Thunder's answer may be a bit of an oversimplification.

If your firewall or router does address translation, your internal IP address is not normally visible to someone outside your firewall. But the internal IP address can be obtained if you are allowing Java (or javaScript?) to run while you're surfing. (I leave Java disabled unless I need it for a site I trust -- Opera makes it very easy to do that.)

If your firewall isn't doing address translation, your internal and external IP addresses will be the same. Your external address has to be visible -- how would a remote Web server send you anything if it didn't have your external IP address?

It may be more important to be sure that your system can't be seen by a passing port scanner. An IP address that does not respond is pretty hard to tell from a non-existent IP address. Pay a visit to GRC's Shields Up site and find out whether your system is visible from outside your firewall.

 

Rob:

Thanks, very insighful, and yes I will try that site, appreciate it.

The thing I dont get is this, My Nortons firewall lists my internal IP adress - for trusted sites, thus what they are saying is any time i click to any site, any one can have my Ip address right? You have to have an ip address to surf the web then? And what is the reason for any Java Product , like java from sun systems, is it necessary?

 

Hi --

I mentioned address translation -- sometimes referred to as NAT. The Webopedia's definition might throw a bit more light on the subject. So will this page.

Normally, only your external IP address is visible to the outside world. That's the IP address assigned to you by your ISP. Without it, how would a remote Web server know where to send what you asked for when you clicked on a link? How would e-mail reach you?

With NAT, your internal IP address is not visible to the outside world, short of clever tricks with Java that make your macine spill the beans.

You could think of it this way: your external IP address identifies your firewall and the LAN it protects. That LAN could be one machine, or many. Your internal IP address identifies the specific machine on that LAN. A firewall/router using NAT keeps track of which machine on the LAN requested which web page, and translates external IP addresses to internal IP addresses as needed so that a requested web page will reach the right machine on the LAN.

I'm not familiar with Norton's firewall capabilities. Maybe Thunder can tell us whether it uses NAT. If it's any good, it should.

Java? No, it's not essential. But there are quite a few web pages out there that use it. Some webmeisters will provide an alternate page for those visitors that aren't using Java -- and some don't. For those sites, the page does not deliver what it's supposed to, and may not warn the visitor why nothing is happening.

Try this page. Without JavaScript, you won't get a schedule. (Note the statement that reads "PLEASE NOTE: JAVASCRIPT MUST BE ENABLED TO VIEW SCHEDULES". Many sites don't warn you that JavaScript or Java is needed.) With JavaScript enabled, you get the requested schedule.

Like ActiveX in Internet Explorer, Java allows a remote server to run an executable of its choice on your machine -- within limits. Java has better controls than ActiveX, but it is still possible for a hostile website to do things to your machine that it shouldn't. That's why I normally surf with Java and JavaScript disabled. Opera lets me enable and disable either with a single keystroke/mouse click (match that, IE!) and does not use the less-secure ActiveX controls.

 

It sounds like Rob M. is talking about a web proxy more than a firewall.

To answer the original question, you can't conceal your IP (or your web proxy's IP) to web sites your browse to for an obvious reason: the site will have no idea where to send the page you're requesting! If you consider that a security risk, restrict your browsing to sites you trust, or do not browse the web.

 

da chicken, you are quite right -- you can't conceal your external IP address without cutting yourself off from all communication with the 'net. That's what I said in the second paragraph of my previous post.

And I expect that a proxy server also does NAT, and that you are quite correct in suggesting that a proxy server does a better job of hiding internal IP addresses from outside inspection than a router/firewall.

But I think we need to be more careful with terminology here. There is a huge difference between internal and external IP addresses.

I don't use a proxy server. I'm running a LAN behind the firewall in my router, which handles NAT quite nicely. The router assigns internal IP addresses in the block 192.168.0.xxx to each machine on my LAN. Those addresses are not normally visible to the outside world.

My browser reports my external IP address to any server it requests data from -- currently, it is 154.20.xxx.xxx. (No, I'm not going to post the full address in a public place -- there's already enough there to identify my ISP!). All machines on my LAN have that IP address as their external IP address -- actually, it is the IP address for my LAN's router. That's the address a remote server will use to send me a web page.

A remote server does not use the internal addresses to send a requested web page to any machine on my LAN. In fact, the internal addresses are no good to a remote server. Those addresses are in a block reserved for network use behind a router or firewall, with the result that they are not unique. For example, there could be millions of machines that have the (internal) IP address 192.168.0.100.

Only the external IP address is unique. The remote server must send its data to the external IP address, and leave the receiving router/firewall/proxy server to translate the external IP address to the internal address when the packet comes in.

 

I'm nowhere near you guys in rank or experience, but reading between the lines, yks4ti1 didn't want to have his IP known.

If I guess right, you could subscribe to anonymizer, which I use if I want to go dark and which issues a random IP out from their secure servers when you browse, with a secure connection between you and their servers. You could also try one of the proxy extensions in Firefox, which allow you to route your surfing through a free proxy, masking your ISP to the end site you visit.

Non of this may prevent the FBI finding out who you are, but it should stop the casual farming of your IP.

You may also want to consider blocking the referrer header, which tells sites where you arrived from. Again there's extensions in FF that do this (I have no idea about IE, as I use it only when absolutely necessary, which is usually only getting Windows updates).