With filte transfer requests it's possible to determine user IP.
vulners.com/securityvulns/securityvulns:doc:5440