Penetration Testing mailing list archives
Re: Filtering email headers generated from internal network (Sensible?)
From: Brendan Murray <xasperated () gmail com>
Date: Thu, 12 May 2005 09:45:48 +1200
A few years, maybe 2, back I heard that someone in Germany (?) had mapped the internal CIA (NSA?) network using the mail header information. Unfortunately that might be urban legend since I could never find the article - but if it is true then it would suggest obfuscating the headers would be a good thing, in the right circumstances. Now if anyone could fid me a pointer to that story I'd be very appreciative. On 5/10/05, anyluser <anyluser () yahoo com> wrote:
IMO there's a balance between sec through obscurity (STO) and flat out information leakage. Just as most things in security, this as much a balance as any other. Generally speaking sec through obscurity implies (to me) that you're relying on the obfuscation for more then it's really worth. If you think it'll keep you safe, you're using STO. If you're realistic about your expectations then do a CBA (cost/benefit analysis) and make your decision as to whether or not it's worthwhile. IMO if there's a mail routing infrastructure behind your borders then you should obscure it to the outside, if you have the time. That' Granted it wont make you secure but it'll least keep your infrastructure details relatively private, which being the paranoid lot we probably are is a good thing. :) -----Original Message----- From: Bipin Gautam [mailto:visitbipin () hotmail com] Sent: Monday, May 09, 2005 10:36 AM To: pen-test () securityfocus com Subject: Filtering email headers generated from internal network (Sensible?) Is it sensible to filter extra email headers in the gateway generated from your internal network before it leaves your server, so that Information like... User-Agent:, X-Virus-Scanned:, and those EXTRA hopps of Received from: (headers........) won't leak out, which could be a valuable information for a potential intruder. Moreover the trouble multiplies if a software exploit is realesed before patch. It is kinda Security by obscurity. But if it buys you some extra time to act isn't is sensible to impliment or just too paranoid? drop your views, Bipin Gautam http://bipin.sosvulnerable.net/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Filtering email headers generated from internal network (Sensible?) Bipin Gautam (May 09)
- RE: Filtering email headers generated from internal network (Sensible?) Eyal Udassin (May 11)
- <Possible follow-ups>
- RE: Filtering email headers generated from internal network (Sensible?) anyluser (May 09)
- Re: Filtering email headers generated from internal network (Sensible?) Kyle Maxwell (May 11)
- Re: Filtering email headers generated from internal network (Sensible?) Joachim Schipper (May 11)
- Re: Filtering email headers generated from internal network (Sensible?) Brendan Murray (May 11)
- Re: Filtering email headers generated from internal network (Sensible?) Sebastian Garcia (May 13)