[Standards] NEW: XEP-0279 (Server IP Check)

Kurt Zeilenga Kurt.Zeilenga at Isode.com
Sat Mar 6 21:02:20 UTC 2010


As noted in the XEP, the server actually returns what it perceives to be the client's IP address.

What the security considerations miss is that doing so may unintentionally cause disclose information about the network information the server operates in.

Server operators likely don't want to enable this if their server sits behind a reverse NAT (or some sort of ALG/proxy) as it would disclose the inside IP address of that reverse NAT.  Even if that isn't a security consider for the server operator, that IP address is likely not what the client wanted.

-- Kurt

On Mar 5, 2010, at 10:53 AM, XMPP Extensions Editor wrote:

> Version 0.1 of XEP-0279 (Server IP Check) has been released.
> 
> Abstract: This specification defines a simple XMPP extension that enables a client to discover its external IP address.
> 
> Changelog: Initial published version. (psa)
> 
> Diff: N/A
> 
> URL: http://xmpp.org/extensions/xep-0279.html
> 




More information about the Standards mailing list