RE: Am I over reacting?

[James.Fields () bcbsfl com]

I wouldn't worry too much about it, for these reasons:

1) IP addresses have to be revealed all the time in order for network
communications to work.  DNS servers hand them out all the time.  Having
them displayed on the screen isn't much of a giveaway - they can be seen
in arp tables, using sniffers, and plenty of other tools.

2) There is a better than even chance that the IP address you are seeing
is not the actual address of the computer being used.  Most corporate
AND home customers these days are using RFC1918 addressing and using
Network Address Translation to make use of a smaller number of available
IP addresses.


-----Original Message-----
From: Michael Horn [mailto:z28fun () yahoo com] 
Sent: Wednesday, March 10, 2004 2:20 PM
To: security-basics () securityfocus com
Subject: Am I over reacting?

I'm not sure if I'm over reacting on this or not since
I'm new to the security scene.  This morning during an
on-line seminar that one of our customers was holding;
the presenter had his desktop shared out (so you could
see everything).  One thing I noticed about the web
meeting software was that it was showing everybody's
IP. I've used other web meeting companies and none of
them showed the IP's.  From my understanding if you
have the IP your halfway to getting into their system.
 If I was a bad boy I could run a port scan to see
what they where running and then exploit it. Is my
thinking correct or am I off base and over reacting?
 
Thank you for your input,
 
Michael Horn

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you're looking for faster
http://search.yahoo.com

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----





Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or 
omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue 
Shield of Florida, Inc.  The information contained in this document may be confidential and intended solely for the use 
of the individual or entity to whom it is addressed.  This document may contain material that is privileged or 
protected from disclosure under applicable law.  If you are not the intended recipient or the individual responsible 
for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of 
this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK 
YOU.



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------