Date: Wed, 15 May 2002 17:35:42 +0200 From: Rahul Siddharthan <rsidd@online.fr> To: Drew Raines <drew-dated-1022685887.50e0d6@rain3s.net> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: internal hosts in email Message-ID: <20020515173542.B12847@lpt.ens.fr> In-Reply-To: <20020515152446.GW16671@williams.mc.vanderbilt.edu>; from drew-dated-1022685887.50e0d6@rain3s.net on Wed, May 15, 2002 at 10:24:46AM -0500 References: <3CE2702A.A67642FE@centtech.com> <20020515150303.GU16671@williams.mc.vanderbilt.edu> <3CE27B5F.EB6D7F4F@centtech.com> <20020515152446.GW16671@williams.mc.vanderbilt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Drew Raines said on May 15, 2002 at 10:24:46: > > True, it alone is not security, and I'm not betting the ranch on it > > (nor would I ever). On the other hand, less information is a good > > thing when it comes to your internal nets. > > No, you're betting the ranch on your firewall. I don't see that. First, he didn't say he had a firewall, only a '"firewall" mail server' which sounded like a loose description for a mail relay to the outside world. Maybe some of the machines are exposed to the outside, maybe deliberately so. Second, > Someone would gain > intimate knowledge of your internal network anyway should they > compromise it. But that's a worst case scenario. Why make it easier for the kiddies? Keeping knowledge of the internal machine names secret would not stop serious intruders, but it would stop (or at least slow down) script kiddies who're just looking for vulnerable machines on the net. No need to announce your machine names to the wide world. As for your concern about "needing" those headers: if they get as far as the "firewall mail server" which would munge them, they weren't needed. So if you see bounced mail from outside or from your "firewall mail server" you don't care. If the problem was in the internal network and they didn't get that far, the headers won't be touched. If it's message delays (in the internal network) which you want to keep track of, you can look at the internal mails which preserve those headers, and it's pretty easy to track such things anyway. I don't see what you're worried about. Rahul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020515173542.B12847>