Full Disclosure mailing list archives
Re: Victory day - Sasser surrenders
From: Valdis.Kletnieks () vt edu
Date: Tue, 11 May 2004 13:05:54 -0400
On Tue, 11 May 2004 15:34:19 BST, Rob Clark <rob () cyber-worx co uk> said:
193.x.x.x isnt internal,,, is it?
I'd remove something from the mailer: Received: from [192.168.195.2] ([193.7.145.26])
Of course, that line was added by the system that received the mail *FROM* 193.7.145.26.. About all you can discover from it is that said box is probably NAT'ed, and gave an EHLO with the 192.168 address on it. For Sendmail, you can fix that information leakage by adding CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0, M=h') to your .mc file (the M=h causes it to use the interface name rather than the host hame on the ELHO). Oh, and that neither address has a workable in-addr.arpa PTR.. ;)
Attachment:
_bin
Description:
Current thread:
- RE: Victory day - Sasser surrenders, (continued)
- RE: Victory day - Sasser surrenders Poof (May 08)
- Re: Victory day - Sasser surrenders Lan Guy (May 09)
- Re: Victory day - Sasser surrenders Thilo Schulz (May 08)
- Re: Victory day - Sasser surrenders Tobias Weisserth (May 08)
- Re: Victory day - Sasser surrenders Tilo Eilers (May 08)
- Re: Victory day - Sasser surrenders Marcus Specht (May 10)
- Re: Victory day - Sasser surrenders fd (May 10)
- Re: Victory day - Sasser surrenders Jeff Workman (May 10)
- Re: Victory day - Sasser surrenders Rob Clark (May 11)
- Re: Victory day - Sasser surrenders Maxime Ducharme (May 11)
- Re: Victory day - Sasser surrenders Valdis . Kletnieks (May 11)
- RE: Victory day - Sasser surrenders Alerta Redsegura (May 11)
- Re: Victory day - Sasser surrenders p00p (May 11)
- Re: Victory day - Sasser surrenders Rob Clark (May 12)
- Re: Victory day - Sasser surrenders fd (May 10)
- Re: Victory day - Sasser surrenders Georgi Guninski (May 08)
- RE: Victory day - Sasser surrenders Jelmer (May 09)