From owner-freebsd-chat Wed May 15 8:50:40 2002 Delivered-To: freebsd-chat@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 4A32F37B41C for ; Wed, 15 May 2002 08:50:10 -0700 (PDT) Received: (qmail 33116 invoked by uid 100); 15 May 2002 15:50:08 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15586.33711.748924.641222@guru.mired.org> Date: Wed, 15 May 2002 10:50:07 -0500 To: anderson@centtech.com Cc: Drew Raines , freebsd-chat@freebsd.org Subject: Re: internal hosts in email In-Reply-To: <3CE2811F.9325CAA7@centtech.com> References: <3CE2702A.A67642FE@centtech.com> <20020515150303.GU16671@williams.mc.vanderbilt.edu> <3CE27B5F.EB6D7F4F@centtech.com> <20020515152446.GW16671@williams.mc.vanderbilt.edu> <3CE2811F.9325CAA7@centtech.com> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.55 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In <3CE2811F.9325CAA7@centtech.com>, Eric Anderson typed: > Drew Raines wrote: > > > True, it alone is not security, and I'm not betting the ranch on it > > > (nor would I ever). On the other hand, less information is a good > > > thing when it comes to your internal nets. > > No, you're betting the ranch on your firewall. Someone would gain > > intimate knowledge of your internal network anyway should they > > compromise it. > How is that? Security is something that takes place throughout the network, not > just on the firewall (firewalls in my case). Are you saying it's perfectly safe > to bleed internal host information out to the world? What about simply removing > the IP addresses, and leaving the hostnames in? What difference does it make? If they break into a host that can contact an internal host by name, they have that capability. If your goat is running a firewall itself, they can ask it for a list of machines that it will accept messages from. If it's not running a firewall - well, that's not a good thing. If this system is some kind of DNS server, they can ask your DNS server for names, or possibly check the config files. Worst comes to worst, they can always go back to IP address scanning. It's clearly possible to strip the headers, as anonymous remailers do that regularly. I'd suggest looking into one or more of them, to see if they can be configured to do what you want to do. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message