RE: Am I over reacting?

• Previous message: Joe Luna: "RE: Source of hack attempts"
• Maybe in reply to: Michael Horn: "Am I over reacting?"
• Next in thread: Leo: "Re: Am I over reacting?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 12 Mar 2004 05:46:33 -0800 (PST)
To: James.Fields@bcbsfl.com, security-basics@securityfocus.com

Thanks for the info guys. It was defiantly showing
our NAT address. I forget we have this lovely thing
called a firewall that so far can't be exploited; yet.

Michael
--- James.Fields@bcbsfl.com wrote:
> I wouldn't worry too much about it, for these
> reasons:
>
> 1) IP addresses have to be revealed all the time in
> order for network
> communications to work. DNS servers hand them out
> all the time. Having
> them displayed on the screen isn't much of a
> giveaway - they can be seen
> in arp tables, using sniffers, and plenty of other
> tools.
>
> 2) There is a better than even chance that the IP
> address you are seeing
> is not the actual address of the computer being
> used. Most corporate
> AND home customers these days are using RFC1918
> addressing and using
> Network Address Translation to make use of a smaller
> number of available
> IP addresses.
>
>
> -----Original Message-----
> From: Michael Horn [mailto:z28fun@yahoo.com]
> Sent: Wednesday, March 10, 2004 2:20 PM
> To: security-basics@securityfocus.com
> Subject: Am I over reacting?
>
> I'm not sure if I'm over reacting on this or not
> since
> I'm new to the security scene. This morning during
> an
> on-line seminar that one of our customers was
> holding;
> the presenter had his desktop shared out (so you
> could
> see everything). One thing I noticed about the web
> meeting software was that it was showing everybody's
> IP. I've used other web meeting companies and none
> of
> them showed the IP's. From my understanding if you
> have the IP your halfway to getting into their
> system.
> If I was a bad boy I could run a port scan to see
> what they where running and then exploit it. Is my
> thinking correct or am I off base and over reacting?
>
> Thank you for your input,
>
> Michael Horn
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you're looking for faster
> http://search.yahoo.com
>
>
------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545
> off
> any course! All of our class sizes are guaranteed to
> be 10 students or
> less
> to facilitate one-on-one interaction with one of our
> expert instructors.
>
> Attend a course taught by an expert instructor with
> years of
> in-the-field
> pen testing experience in our state of the art
> hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security
> of your organization.
>
> Visit us at:
>
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
------------------------------------------------------------------------
> ----
>
>
>
>
>
> Blue Cross Blue Shield of Florida, Inc., and its
> subsidiary and affiliate companies are not
> responsible for errors or omissions in this e-mail
> message. Any personal comments made in this e-mail
> do not reflect the views of Blue Cross Blue Shield
> of Florida, Inc. The information contained in this
> document may be confidential and intended solely for
> the use of the individual or entity to whom it is
> addressed. This document may contain material that
> is privileged or protected from disclosure under
> applicable law. If you are not the intended
> recipient or the individual responsible for
> delivering to the intended recipient, please (1) be
> advised that any use, dissemination, forwarding, or
> copying of this document IS STRICTLY PROHIBITED; and
> (2) notify sender immediately by telephone and
> destroy the document. THANK YOU.
>
>

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Joe Luna: "RE: Source of hack attempts"
• Maybe in reply to: Michael Horn: "Am I over reacting?"
• Next in thread: Leo: "Re: Am I over reacting?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]