Comment by NewJazz
18 days ago
That's a pretty weird threat model. Like, yeah commands you run on your machine can expose information about that machine.
18 days ago
That's a pretty weird threat model. Like, yeah commands you run on your machine can expose information about that machine.
Only in IPv6 world... in IPv4, it's all safe
Nope, iproute can still show your Mac address. And a curl ipinfo.io can show your public v4 address.
Mac address is absolutely safe in IPv4 world - the only info it gives is the network card manufacturer.
And people don't usually share "curl ipinfo.io" output unless they plan to share their external IP (unlike "ifconfig" output, which is one of the first things you want to share for any sort of networking problems)
1 reply →
Especially as if someone is able to capture ifconfig data, they can probably send a curl request to a malicious web server and expose the NAT IP as well.
Just because you can think of scenarios where the IPv4 setup doesn't make a different doesn't discount that there are scenarios where it does.
Someone being able to observer some state is a different model from someone being able to perform actions on the system and the former has many more realistic scenarios in addition to the ones of the latter.
People post their ifconfig data all the time, example: https://forums.linuxmint.com/viewtopic.php?t=402315
Or if you happened to curl ipinfo
Or if you had a script that did that and put the public v4 address in your taskbar.
> Or if you had a script that did that and put the public v4 address in your taskbar.
do people still do that? Dynamic DNS is offered by so many providers now...