Den mån 3 feb. 2020 kl 07:18 skrev Frank Beuth <secli...@boxdan.com>:
> Otherwise it would be possible for an attacker to, for example, hack > your webapp to have it phone home to some external server controlled by > the attacker. ..and in the request logs see where the request comes from so this information is available here, combined with the ip used for the actual hack. But the existence of "ifconfig" means nothing to this scenario, you can blindly send a icmp, udp or tcp packet to packet-collectors-R-us.com and see the ip there. There is exactly zero need to first figure out the local ip and only then send out blind packets to your collector. > The attacker would thereby be able to find your IP > address. > By the time your opponent is running code on your server, this piece of information is probably the least interesting part of the whole puzzle. -- May the most significant bit of your life be positive.
