Filtering email headers generated from internal network (Sensible?)
From: Bipin Gautam (visitbipin_at_hotmail.com)
Date: 05/09/05
- Previous message: Demetrio Carrión: "Re: Fingerprinting Firewall"
- Next in thread: anyluser: "RE: Filtering email headers generated from internal network (Sensible?)"
- Maybe reply: anyluser: "RE: Filtering email headers generated from internal network (Sensible?)"
- Reply: Eyal Udassin: "RE: Filtering email headers generated from internal network (Sensible?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 9 May 2005 15:36:06 -0000 To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is)
Is it sensible to filter extra email headers in the gateway generated from your internal network before it leaves your server, so that Information like... User-Agent:, X-Virus-Scanned:, and those EXTRA hopps of Received from: (headers........) won't leak out, which could be a valuable information for a potential intruder. Moreover the trouble multiplies if a software exploit is realesed before patch. It is kinda Security by obscurity. But if it buys you some extra time to act isn't is sensible to impliment or just too paranoid?
drop your views,
Bipin Gautam
http://bipin.sosvulnerable.net/
- Previous message: Demetrio Carrión: "Re: Fingerprinting Firewall"
- Next in thread: anyluser: "RE: Filtering email headers generated from internal network (Sensible?)"
- Maybe reply: anyluser: "RE: Filtering email headers generated from internal network (Sensible?)"
- Reply: Eyal Udassin: "RE: Filtering email headers generated from internal network (Sensible?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
