RE: Am I over reacting?

[Michael Horn <z28fun () yahoo com>]

Thanks for the info guys.  It was defiantly showing
our NAT address.  I forget we have this lovely thing
called a firewall that so far can't be exploited; yet.

Michael
--- James.Fields () bcbsfl com wrote:
> I wouldn't worry too much about it, for these
> reasons:
>
> 1) IP addresses have to be revealed all the time in
> order for network
> communications to work.  DNS servers hand them out
> all the time.  Having
> them displayed on the screen isn't much of a
> giveaway - they can be seen
> in arp tables, using sniffers, and plenty of other
> tools.
>
> 2) There is a better than even chance that the IP
> address you are seeing
> is not the actual address of the computer being
> used.  Most corporate
> AND home customers these days are using RFC1918
> addressing and using
> Network Address Translation to make use of a smaller
> number of available
> IP addresses.
>
>
> -----Original Message-----
> From: Michael Horn [mailto:z28fun () yahoo com] 
> Sent: Wednesday, March 10, 2004 2:20 PM
> To: security-basics () securityfocus com
> Subject: Am I over reacting?
>
> I'm not sure if I'm over reacting on this or not
> since
> I'm new to the security scene.  This morning during
> an
> on-line seminar that one of our customers was
> holding;
> the presenter had his desktop shared out (so you
> could
> see everything).  One thing I noticed about the web
> meeting software was that it was showing everybody's
> IP. I've used other web meeting companies and none
> of
> them showed the IP's.  From my understanding if you
> have the IP your halfway to getting into their
> system.
>  If I was a bad boy I could run a port scan to see
> what they where running and then exploit it. Is my
> thinking correct or am I off base and over reacting?
>  
> Thank you for your input,
>  
> Michael Horn
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you're looking for faster
> http://search.yahoo.com
------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545
> off 
> any course! All of our class sizes are guaranteed to
> be 10 students or
> less 
> to facilitate one-on-one interaction with one of our
> expert instructors.
>
> Attend a course taught by an expert instructor with
> years of
> in-the-field 
> pen testing experience in our state of the art
> hacking lab. Master the
> skills 
> of an Ethical Hacker to better assess the security
> of your organization.
>
> Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
------------------------------------------------------------------------
> ----
>
>
>
>
>
> Blue Cross Blue Shield of Florida, Inc., and its
> subsidiary and affiliate companies are not
> responsible for errors or omissions in this e-mail
> message. Any personal comments made in this e-mail
> do not reflect the views of Blue Cross Blue Shield
> of Florida, Inc.  The information contained in this
> document may be confidential and intended solely for
> the use of the individual or entity to whom it is
> addressed.  This document may contain material that
> is privileged or protected from disclosure under
> applicable law.  If you are not the intended
> recipient or the individual responsible for
> delivering to the intended recipient, please (1) be
> advised that any use, dissemination, forwarding, or
> copying of this document IS STRICTLY PROHIBITED; and
> (2) notify sender immediately by telephone and
> destroy the document. THANK YOU.


__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------