Apple's Internal IP's Leaked By Its Search Bot

Apple's search bots have been leaking Apple's internal IPs, a security researcher has discovered — and it took Apple over 9 months to fix it.

Bleeping Computer reports: "Applebot is the web crawler for Apple. Products like Siri and Spotlight Suggestions use Applebot," according to Apple's knowledgebase. Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple's internal IP addresses.

"Although I've seen a couple of bots that were misconfigured, I was surprised to see Apple's Podcast bot look for updates to my podcast (Deep House Mixes) using a proxy which leaked internal IPs and hostnames from the 'Via' & 'X-Forwarded-For' headers," Coomber continued in his blog post...

When asked for comment concerning these issues, Apple did not provide one to BleepingComputer.

Internal network info means nothing.

[gavron]

"Leaking" "internal" IPs means nothing. You can even "leak" MAC addresses. It means nothing.

None of them have any meaning beyond the internal LAN segment -- all on the INSIDE of the firewall/IPD.

You want a map of the Internal network? I'll give you mine. There's nothing it will help you with.

This isn't news. No wonder Apple didn't rush to fix it -- it means exactly nothing.

Ehud
P.S. Oh yeah, EditorDavid posting stuff he doesn't understand on a weekend. Every weekend. Yikes.

Re:

[BAReFO0t]

Observe the beautiful realty distortion field around this pelicular Articlus Applus Ludditus. Watch how it bewitches its prey, the Ludditus Applus with its joyous courtship dance, called "scaremongering"! It exploits the natural blindness to technology, to provide its evening meal.

Next on Planet Slashdot: Watch how Greedo Gamblus rolls big fads of dung into storyballs called Bitcoin Hax.

Re:

[BAReFO0t]

Oh, of COURSE there's a typo in there that I only see after previewing and submitting!

Let's hope it fills you all with great joy. :)

Re:

[thegreatbob]

Not a major cause for concern if one lives in pubic housing.

Re:

[MrL0G1C]

It has been discovered that apple have been using 192.168.1.1 and 10.0.0.1.

Fellas, set your attacks, we got apples addresses, take 'em down.

Re:

[teg]

It has been discovered that apple have been using 192.168.1.1 and 10.0.0.1.

Fellas, set your attacks, we got apples addresses, take 'em down.

I've heard rumors that 127.0.0.1 might be a juicy target for a DOS attack.

Re:

[MrL0G1C]

I tried that but dammit they have some vicious security, every time I attacked they attacked back instantly and brought my internet connection down.

Re:

[1s44c]

I tried that but dammit they have some vicious security, every time I attacked they attacked back instantly and brought my internet connection down.

Yeah.. But traffic to 127.0.0.1 isn't going though your internet connection.

Re:

[wagnerer]

Woosh

Re:

[Anonymous Coward]

Seems to have a lot of porn on it.

Re:

[drinkypoo]

"Leaking" "internal" IPs means nothing. You can even "leak" MAC addresses. It means nothing.
None of them have any meaning beyond the internal LAN segment -- all on the INSIDE of the firewall/IPD.

Leaking internal IPs makes it that much easier to pick targets for malware once it gets inside of a network. You know nothing.
The IPs have meaning once you manage to get your malware to the INSIDE of the firewall.

You want a map of the Internal network? I'll give you mine. There's nothing it will help you with.

I don't want it, but someone attacking you does. It saves them the effort of having to poison your switch in order to analyze your traffic so they can build that map.

When first you lecture, get your facts right.

[gavron]

I guess it depends on who really knows nothing -- usually not the person who comes along to
say "others know nothing." Certainly knowing how not to be rude is knowing something.

When someone gets inside your network knowing IP addresses is still hardly relevant. They don't
care which servers go Spider on the net. They care about controlling servers inside.

The point at which that internal addressing matters, your whole point is that security through
obscurity is great because "once somebody gets inside your n

Re:

[BerthaSenuu]

Hi((( My man doesn’t fuck me !! ((= I want you, take me! i wait you here >> https://is.gd/profile2854 [is.gd]

Re:

[antdude]

Please show us a map of your network. :)

Re:

[gavron]

> Please show us a map of your network

Sure
{Internet Connection #1, Internet Connection #2}[dynamic IPs with BGP to transit one public /24]--> [Internet Router, multiple dynamic public IPs, 10.0.0.1/18 private IP, gateway set via BGP] --> LAN ports 10.0.0.0/18 with 10.0.0.0/26 reserved for static assignment.

Do you want the MAC address table or the switch forwarding-table?

E

Re:

[antdude]

Everything. :P

Re:

[gavron]

:-)

This whole thread was about sharing private IPs and how Apple theoretically sucks. They don't for that reason...

I've shared my IPs. I can tell you my
gateway 10.0.0.1
switch-mgmt 10.0.0.2
nvr 10.0.0.3
alarm 10.0.0.4
front door (are you fkng kidding me)
fridge (seriously now)
HVAC (now you're making my chest hurt)
DHCP 10.0.0.5-infinity and beyond

Hope that helps. Point here being Apple didn't mess up addressing a NONISSUE for 9 months.
It's a NONissue. MAC addresses to follow. I left switchports out because t

Shh

[backslashdot]

Don't tell Apple, but using my uber lyft elite hacking pwny rwny zero day skillz I've narrowed down their internal machines to having addresses of the format 10.x.x.x, 192.168.x.x, or 172.16.x.x. Now someone get me the hax0r DEFCON golden globulus bug bounty academy Nobel award.

Re:

[bobstreo]

Don't tell Apple, but using my uber lyft elite hacking pwny rwny zero day skillz I've narrowed down their internal machines to having addresses of the format 10.x.x.x, 192.168.x.x, or 172.16.x.x. Now someone get me the hax0r DEFCON golden globulus bug bounty academy Nobel award.

Actually Apple has a class A network 17.0.0.0

Class A networks can support up to about 16 million IP's

Re:

[BAReFO0t]

The what of "16 million IP"? Their literacy? That they clearly stole from you? ;)

Re:

[_merlin]

Traditionally, UK English uses an apostrophe when pluralising an initialism, because the other letters in the final word have been omitted. For example, ATM's, because the letters "achine" between "M" and "s" are missing. US English doesn't use apostrophes like this. "IP's" is correct UK English for a plural or a possessive. It's only incorrect for a plural in US English.

Re:

[kenai_alpenglow]

When I was suffering through English class in US we were told to use the apostrophe as well. Now I see it both ways. Lots of other things to get bothered with...

Re:

[backslashdot]

Their internal network uses routable IPs? Since when?

Re:

[dhammabum]

Why not? Universities with Class B networks have always done this. There have been a lot of /8 networks assigned to companies, see: https://www.iana.org/assignmen... [iana.org] . IBM, HP, Xerox gave theirs up but not Apple. The US Postal Service has 56. Daimler still has 53.

Re:

[bobstreo]

Why not? Universities with Class B networks have always done this. There have been a lot of /8 networks assigned to companies, see: https://www.iana.org/assignmen... [iana.org] . IBM, HP, Xerox gave theirs up but not Apple. The US Postal Service has 56. Daimler still has 53.

It irked me, but every time I tried to get the Internic to give my company an A, they would give me 5 B's

Still my Arin Phonebook around someplace.

Re: Shh

[AlchemyX]

Unroutable IP? Who makes up that stuff. Private or public still routable.

Re:

[drinkypoo]

Should say "unrouted", probably. Nobody is going to carry your packets destined for those addresses. Even if they would, nobody is going to accept your source routing.

Re:

[DarkVader]

Since at least the early 90s, almost certainly earlier, but that's the earliest that I have personal knowledge of. When you've got a class A network you can do that.

It's not really a "leak" when your network has been a publicly known class A for decades.

Re:

[tlhIngan]

Actually Apple has a class A network 17.0.0.0

Class A networks can support up to about 16 million IP's

Just because it's routable doesn't mean it's connectable. You can have routable IPs that are firewalled off. Not generally recommended especially since you can give up those non-routable IPs for money.

It's why IPv6 is no panacea - sure everyone gets a routable IP, but firewalls are a thing and I wouldn't be surprised if all but one is actually let through. Knowing ISPs, they probably will make it prefix::1 c

Surprised eh?

[Rosco P. Coltrane]

Why does everybody always assume Apple is better, or doing things better than anyone else?

Re:

[tsa]

Because they are and they do.

Re:

[BAReFO0t]

No.

(See, if you got no arguments, no arguments are required to invalidate your statement. But thanks for showing us that even a fanboy doesn't actually know why. So in fact you yourself now serve as an argument for them not actually being better.)

Re:

[zenlessyank]

Nobody does. Where you from?

Random guess

[Arnonyrnous Covvard]

They're 17.0.0.0/8, right?

Applebot

[tsa]

"Applebot is the web crawler for Apple. Products like Siri and Spotlight Suggestions use Applebot,"

So Apple doesn’t use Bing anymore?

Internal apostrophe's

[Alistair Riddell]

Did they leak Apple's internal random apostrophe's too? Illiterate fuckwits...

So what? I know all IP addresses

[flyingfsck]

I know all IP addresses. I know all dates, all bank accounts and all SIN numbers also.

Romanus Eunt Domus?

[BAReFO0t]

"The Leaked of the Internal IP of Apple? -- A Story Written by Its Search Bot?"

"People Called Romanes, they go, the house?" ( https://youtu.be/M3gNdGHsEIk [youtu.be] )

I'm A 169.254.x.x Kinda Guy

[zenlessyank]

NikeNet. 100% Uptime.

i heard...

[AlexHilbertRyan]

I heard apple uses email and the space bar internally.

Internal means?

[muffen]

Network location should not be an indicator of trust. The idea that a company is able to protect a made up barrier through which people and systems are constantly moving is ridiculous. It is possible to implement zero trust and that's the direction everyone should be heading in.

Why?

[nospam007]

Why would they forward any referrer data is beyond me since it's of no use for them whatsoever.
I'm not a bot but I strip that information as well when surfing.

Re:

[Anonymous Coward]

No externally routable IP addresses. IPv6 has proven not only useless and confusing, but an anti-security measure.

You're contradicting yourself. IPv6 is security through confusion!
Repeat after me, NAT is NOT a firewall.

Alarming

[Pammy0516]

This causes worry, but I would like to learn more of the technical terms to fully understand the effect of this. https://pamsbizstartuppixie.wo... [wordpress.com]