From owner-freebsd-chat Wed May 15 8:35:54 2002 Delivered-To: freebsd-chat@freebsd.org Received: from nef.ens.fr (nef.ens.fr [129.199.96.32]) by hub.freebsd.org (Postfix) with ESMTP id CC03837B40C for ; Wed, 15 May 2002 08:35:43 -0700 (PDT) Received: from corto.lpt.ens.fr (corto.lpt.ens.fr [129.199.122.2]) by nef.ens.fr (8.10.1/1.01.28121999) with ESMTP id g4FFZgH08039 ; Wed, 15 May 2002 17:35:42 +0200 (CEST) Received: from (rsidd@localhost) by corto.lpt.ens.fr (8.9.3/jtpda-5.3.1) id RAA14201 ; Wed, 15 May 2002 17:35:42 +0200 (CEST) Date: Wed, 15 May 2002 17:35:42 +0200 From: Rahul Siddharthan To: Drew Raines Cc: freebsd-chat@FreeBSD.ORG Subject: Re: internal hosts in email Message-ID: <20020515173542.B12847@lpt.ens.fr> Mail-Followup-To: Drew Raines , freebsd-chat@FreeBSD.ORG References: <3CE2702A.A67642FE@centtech.com> <20020515150303.GU16671@williams.mc.vanderbilt.edu> <3CE27B5F.EB6D7F4F@centtech.com> <20020515152446.GW16671@williams.mc.vanderbilt.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020515152446.GW16671@williams.mc.vanderbilt.edu>; from drew-dated-1022685887.50e0d6@rain3s.net on Wed, May 15, 2002 at 10:24:46AM -0500 X-Operating-System: FreeBSD 3.4-STABLE i386 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Drew Raines said on May 15, 2002 at 10:24:46: > > True, it alone is not security, and I'm not betting the ranch on it > > (nor would I ever). On the other hand, less information is a good > > thing when it comes to your internal nets. > > No, you're betting the ranch on your firewall. I don't see that. First, he didn't say he had a firewall, only a '"firewall" mail server' which sounded like a loose description for a mail relay to the outside world. Maybe some of the machines are exposed to the outside, maybe deliberately so. Second, > Someone would gain > intimate knowledge of your internal network anyway should they > compromise it. But that's a worst case scenario. Why make it easier for the kiddies? Keeping knowledge of the internal machine names secret would not stop serious intruders, but it would stop (or at least slow down) script kiddies who're just looking for vulnerable machines on the net. No need to announce your machine names to the wide world. As for your concern about "needing" those headers: if they get as far as the "firewall mail server" which would munge them, they weren't needed. So if you see bounced mail from outside or from your "firewall mail server" you don't care. If the problem was in the internal network and they didn't get that far, the headers won't be touched. If it's message delays (in the internal network) which you want to keep track of, you can look at the internal mails which preserve those headers, and it's pretty easy to track such things anyway. I don't see what you're worried about. Rahul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message