Re: Hiding IP in E-Mail..

[Tim Greer <chatmaster () charter net>]

On Tue, 2003-09-02 at 14:20, malxbox () wanadoo fr wrote:
> Tim Greer <chatmaster () charter net> wrote :
> > If your IP doesn't show, then SMTP is broken in my opinion.  If you want
> > to get around having your IP show, use a web mail service and a proxy to
> > send through it, or just use a remailer.  IPs (should) are shown in the
> > header for good reason, you shouldn't try and get around this.
>
> But suppose you see in mail headers IP adresses of private ranges like 10.X.X.X, 172.16.X.X or 192.168.X.X
> For example this one from my ISP : 172.22.135.25
>
> Wouldn't it be better that this kind of adresses be hidden or replaced by public IP range adresses ?
> In my opinion, showing this in mail headers represents a security risk.
>
> Have a nice day and thank you very much for all knowledge you share.

It's only a security risk if your system or network is at risk.  If your
security model is at risk due to someone knowing the IP, you should
consider not connecting the network to the Internet or implementing some
type of controls (as well as securing the system(s) and network, of
course).
-- 
Tim Greer <chatmaster () charter net>


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------