[echeese]

Flash has been able to do this for years: https://tools.ietf.org/html/draft-thornburgh-rtmfp-flash-02#...

The "setPeerInfo" command is sent by the client to the server over the NetConnection control flow to inform the server of candidate socket addresses through which the client might be reachable. This list SHOULD include all directly connected interface addresses and proxy addresses except as provided below. The list MAY be empty. The list need not include the address of the server, even if the server is to act as an introducer for the client. The list SHOULD NOT include link-local or loopback addresses.

[marquis]

Flash can be blocked, or not installed. If you are running a modern Chrome or Firefox, there is no way to stop this from running. (edit: apparently you can now block WebRTC entirely in Firefox, but Chrome has to be recompiled)

[tracker1]

I wish chrome had an advanced configuration interface similar to firefox's for this kind of thing... I'm actually surprised WebRTC doesn't at least prompt for access, similar to location, camera and similar requests.