Re: Hiding IP in E-Mail..

From: Tim Greer (chatmaster_at_charter.net)
Date: 09/02/03

  • Next message: Zachary Mutrux: "RE: automatic update on Mac OS X" 
    To: malxbox@wanadoo.fr
Date: 02 Sep 2003 14:30:16 -0700

    On Tue, 2003-09-02 at 14:20, malxbox@wanadoo.fr wrote:
    > Tim Greer <chatmaster@charter.net> wrote :
    > >
    > >If your IP doesn't show, then SMTP is broken in my opinion. If you want
    > >to get around having your IP show, use a web mail service and a proxy to
    > >send through it, or just use a remailer. IPs (should) are shown in the
    > >header for good reason, you shouldn't try and get around this.
    >
    > But suppose you see in mail headers IP adresses of private ranges like 10.X.X.X, 172.16.X.X or 192.168.X.X
    > For example this one from my ISP : 172.22.135.25
    >
    > Wouldn't it be better that this kind of adresses be hidden or replaced by public IP range adresses ?
    > In my opinion, showing this in mail headers represents a security risk.
    >
    > Have a nice day and thank you very much for all knowledge you share.

    It's only a security risk if your system or network is at risk. If your
    security model is at risk due to someone knowing the IP, you should
    consider not connecting the network to the Internet or implementing some
    type of controls (as well as securing the system(s) and network, of
    course). 

    -- 
Tim Greer <chatmaster@charter.net>
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
  • Next message: Zachary Mutrux: "RE: automatic update on Mac OS X"

    Relevant Pages

    • RE: [Full-Disclosure] Sidewinder G2
      ... If you not current with security software to the last two years your screwed ... A search at Cert for "Secure Computing" and "Sidewinder: ... exploit contains characters outside of the set defined by RFC822 (aka binary ... (do you really need a HTTP host: header length greater than 50 characters?). ...
      (Full-Disclosure)
    • Re: Calling macro function from within a header/footer?
      ... out for security classification levels seems to work just fine for page by ... When you put a field in a header, the header shows the same field ... > Jay Freedman ... So is there anyway possible to access a field via VBA code in the ...
      (microsoft.public.word.vba.general)
    • Re: A tool for crafting ESP packets
      ... A tool for crafting ESP packets ... AH (Authentication Header), ESP ... As all of these headers make up the IP Security ...
      (Pen-Test)
    • Re: Calling macro function from within a header/footer?
      ... We've asked Microsoft about the ability to run VBA code from a field ... code from a field would be a security risk (in the antivirus security ... Basically I have a bunch of code within the header ...
      (microsoft.public.word.vba.general)
    • Re: Please Help me- Creating Custom tokens
      ... you are free to do implement your own security elements in the header ... > But i guess that deals with the client sending a custom token obtained> from a token issuer and using that to encrypt and sign the requests.. ... > But the problem i want to solve is slightly different since I want to> send an encrypted token in the header of the response message. ... The> token created by the server has some user info such as his first name> last name, ...
      (microsoft.public.dotnet.framework.webservices.enhancements)