Date: Wed, 15 May 2002 10:50:07 -0500 From: Mike Meyer <mwm-dated-1021909808.3c4236@mired.org> To: anderson@centtech.com Cc: Drew Raines <drew-dated-1022685887.50e0d6@rain3s.net>, freebsd-chat@freebsd.org Subject: Re: internal hosts in email Message-ID: <15586.33711.748924.641222@guru.mired.org> In-Reply-To: <3CE2811F.9325CAA7@centtech.com> References: <3CE2702A.A67642FE@centtech.com> <20020515150303.GU16671@williams.mc.vanderbilt.edu> <3CE27B5F.EB6D7F4F@centtech.com> <20020515152446.GW16671@williams.mc.vanderbilt.edu> <3CE2811F.9325CAA7@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In <3CE2811F.9325CAA7@centtech.com>, Eric Anderson <anderson@centtech.com> typed: > Drew Raines wrote: > > > True, it alone is not security, and I'm not betting the ranch on it > > > (nor would I ever). On the other hand, less information is a good > > > thing when it comes to your internal nets. > > No, you're betting the ranch on your firewall. Someone would gain > > intimate knowledge of your internal network anyway should they > > compromise it. > How is that? Security is something that takes place throughout the network, not > just on the firewall (firewalls in my case). Are you saying it's perfectly safe > to bleed internal host information out to the world? What about simply removing > the IP addresses, and leaving the hostnames in? What difference does it make? If they break into a host that can contact an internal host by name, they have that capability. If your goat is running a firewall itself, they can ask it for a list of machines that it will accept messages from. If it's not running a firewall - well, that's not a good thing. If this system is some kind of DNS server, they can ask your DNS server for names, or possibly check the config files. Worst comes to worst, they can always go back to IP address scanning. It's clearly possible to strip the headers, as anonymous remailers do that regularly. I'd suggest looking into one or more of them, to see if they can be configured to do what you want to do. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15586.33711.748924.641222>