1

So I'm playing with WebRTC and I've found that you can get public IP and local IP of other computer.

Here is my code that show IP https://codepen.io/jcubic/pen/yvMeRg?editors=1010 (the code is used to transfer the files between computers but it also show the IP of other party).

Can I with this information some how send a packet to the other party? Or the route the packet travel is something that is decided by routers and protocols.

Can anyone do something with this information to harm the person behind the NAT?

jcubic
  • 209
  • 2
  • 11
  • It depends if you want to check this from an internal or external perspective. – Overmind Oct 10 '19 at 10:42
  • 1
    You have asked three *very* different questions. "Can I send a packet?" is a purely networking question and not a security question. You can safely remove that question. "Are IPs sensitive information?" In many cases, yes, and different privacy regulations define that. "Can IP info be used to harm?" Requires a definition of "harm". – schroeder Oct 10 '19 at 10:53
  • The packet one does fall in this category. Think 'TearDrop' (DoS) attack. Knowing the ip address of a target machine allowed the sender to craft a damaging packet. Not all 'sends' are good ones. – Jeff Clayton Oct 10 '19 at 12:25
  • Possible duplicate of [How bad is the leaking of Internal IP addresses ...](https://security.stackexchange.com/questions/4824/how-bad-is-the-leaking-of-internal-ip-addresses-through-external-dns) – Steffen Ullrich Oct 10 '19 at 12:53
  • @schroeder I'm not asking about GDPR or privacy here, my concerns are about someone getting to the machine if he know public and internal IP address, I assume that he can't do that directly because of NAT, but was thinking that someone can craft TCP/IP packet that is send somehow to target computer even if it's behind NAT. So my question is if I have a router that no one can access (assuming it's secured), can he do something to my computer if he know the public and private IP from outside . – jcubic Oct 10 '19 at 13:21
  • @SteffenUllrich is this really duplicate and answer will be the same? – jcubic Oct 10 '19 at 13:24
  • There are numerous question here which ask how sensitive exposing the public IP is. As for the local IP (which is the main point of your question) the other question shows that can be done with it. It does not matter at all how the potential attacker got knowledge of the local IP, i.e. if through DNS (as in the other question) or through WebRTC (as in your). – Steffen Ullrich Oct 10 '19 at 13:38
  • Knowing an IP does not mean that one suddenly can access the machine just as knowing your house address does not allow someone access to your house. It's just an address. – schroeder Oct 10 '19 at 13:44

0 Answers0