Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - What is My IP Again? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What is My IP Again?

Published: 2017-11-09
Last Updated: 2017-11-09 14:44:04 UTC
by Rob VandenBrink (Version: 1)
15 comment(s)

Until we all fully embrace IPv6, we're living in a NAT world.  And the folks who build security for that world often need to work around NAT that they didn't build.

Probably at least once per day, I need my current public IP address -  usually to allow myself admin access to something for a few minutes by adding my IP to an access list, sometimes to set myself up as a temporary (as in a few minutes) server to receive an exfiltrated file - it's always something.  Often I'm behind someone else's NAT gateway, so just looking isn't practical.  And even if it is a gateway I built, looking up stored configs or connecting to that firewall to check takes more time than it should.  How can we make getting this information simple and safe?

Back in the day, we used to use www.whatismyip.com or www.ipchicken.com.  However, the way the internet has gone, these sites seem more about making me look at ads than giving me the information that I really need.  And given the malvertising that we see being served up in ad services these days, I'd as soon just not go there anymore (literally).

OK, www.arin.net still gives me my public IP, with no ads.  But then I need to cut/paste it, or re-key it.  Me, I'd as soon have my computer do that.

It also used to be that ip.blindhog.net had a telnet auto-responder that gave you this info (which would also of course work with netcat), but they went offline, maybe about the time mirai gave telnet a black eye last year (??) **

So, what's left?  icanhazip.com and dyndns.org still have decent services.  You can scrape these using:

wget -O - -q icanhazip.com

or

curl -s checkip.dyndns.org | sed -e "s/.*Current IP Address: //" | sed -e "s/<.*$//"

If you want them in your clipboard, pipe them into clip or xclip (depending on your OS).

So for instance, I have a simple cmd file "getip.cmd" with either of these in it.  To get the address into my clipboard:
getip | clip

Me, I put both approaches in my "getip" script, with one commented out - you never know when a service you use every day will change or go offline.

Is there a cleaner way to get your current public IP, or a niftier scripting approach?  I have to admit, when I got to "it works" in 2 different ways, I stopped looking - if you have a better way to collect this info, by all means share in our comment section!

======
** for some telnet fun, try a telnet session to towel.blinkenlights.nl

 

===============
Rob VandenBrink
Compugen

Keywords:
15 comment(s)
Diary Archives