Security Basics mailing list archives
RE: Am I over reacting?
From: Michael Horn <z28fun () yahoo com>
Date: Fri, 12 Mar 2004 05:46:33 -0800 (PST)
Thanks for the info guys. It was defiantly showing our NAT address. I forget we have this lovely thing called a firewall that so far can't be exploited; yet. Michael --- James.Fields () bcbsfl com wrote:
I wouldn't worry too much about it, for these reasons: 1) IP addresses have to be revealed all the time in order for network communications to work. DNS servers hand them out all the time. Having them displayed on the screen isn't much of a giveaway - they can be seen in arp tables, using sniffers, and plenty of other tools. 2) There is a better than even chance that the IP address you are seeing is not the actual address of the computer being used. Most corporate AND home customers these days are using RFC1918 addressing and using Network Address Translation to make use of a smaller number of available IP addresses. -----Original Message----- From: Michael Horn [mailto:z28fun () yahoo com] Sent: Wednesday, March 10, 2004 2:20 PM To: security-basics () securityfocus com Subject: Am I over reacting? I'm not sure if I'm over reacting on this or not since I'm new to the security scene. This morning during an on-line seminar that one of our customers was holding; the presenter had his desktop shared out (so you could see everything). One thing I noticed about the web meeting software was that it was showing everybody's IP. I've used other web meeting companies and none of them showed the IP's. From my understanding if you have the IP your halfway to getting into their system. If I was a bad boy I could run a port scan to see what they where running and then exploit it. Is my thinking correct or am I off base and over reacting? Thank you for your input, Michael Horn __________________________________ Do you Yahoo!? Yahoo! Search - Find what you're looking for faster http://search.yahoo.com
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
---- Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc. The information contained in this document may be confidential and intended solely for the use of the individual or entity to whom it is addressed. This document may contain material that is privileged or protected from disclosure under applicable law. If you are not the intended recipient or the individual responsible for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK YOU.
__________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Am I over reacting? Michael Horn (Mar 11)
- Re: Am I over reacting? Leo (Mar 12)
- <Possible follow-ups>
- RE: Am I over reacting? James . Fields (Mar 12)
- RE: Am I over reacting? Michael Horn (Mar 12)