hello! I built a kind of Honeypot with a real computer running Windows 8.1 to check the functionality of Anonsurf, which is installed on another computer running Parrot OS. both computers are connected to internet through the same hotspot of my Android mobile, they are on the same network, so to speak. I turned on Anonsurf and did a simple scan with nmap. KFSensor and Wireshark installed on the Honeypot immediately detected the real local IP of the Linux machine (192.168.etc.etc): is it normal? can I trust Anonsurf when I am for example doing the same thing outside my network? I tested Anonsurf with Firefox on dnsleaktest.com and it works well, it doesn’t show the IP of my mobile.
***I got the same results using Proxychains instead of Anonsurf (the real local IP was detected by the honeypot while Firefox wasn’t exposing the real IP of my phone).
I am learning to use these tools and how networks work in general.
Sorry for my bad English.
Thanks in advance!
Cheers.
Parrot 5.1 64bit
Kernel Linux 6.0.0-2parrot1-amd64 x86_64
MATE 1.24.1
You need to go and look up how networks communicate, on a local network, yes you have a local IP, but it uses your MAC address to route from device to device on a local LAN
Basically before going to the internet, the user’s computer has an traditional private ip address, most range from 10.0.0.0 172.16.X.X to 172.32.X.X, and 192.168.X.X (normally 192.168.1.0) The user’s public IP address from your ISP/WAN is something outside of this range, (random example 54.173.X.X might be owned by amazon)
If the device is on the same network as the one using nmap to scan for open ports, it will show the local area address because it’s on the same network and does not require an router to hop to the next network. As mentioned by Fred, this is why you are able to see the local IP address of the device.
If a user runs a traceroute to an website a user can see how their internet traffic goes from their local network to WAN of the router. then goes through the hops of your ISP, any other upstream ISPs, and then gets to the loadbalancers or servers of the website the user is trying to access.
To put it in simple terms Anonsurf will protect an user’s public IP address from being found by outside attackers, but not the local ip address within a local network.