Penetration Testing mailing list archives

Re: Filtering email headers generated from internal network (Sensible?)

From: Brendan Murray <xasperated () gmail com>
Date: Thu, 12 May 2005 09:45:48 +1200

A few years, maybe 2, back I heard that someone in Germany (?) had
mapped the internal CIA (NSA?) network using the mail header
information. Unfortunately that might be urban legend since I could
never find the article - but if it is true then it would suggest 
obfuscating the headers would be a good thing, in the right
circumstances.

Now if anyone could fid me a pointer to that story I'd be very appreciative. 

On 5/10/05, anyluser <anyluser () yahoo com> wrote:


IMO there's a balance between sec through obscurity
(STO) and flat out information leakage.  Just as most
things in security, this as much a balance as any
other.

Generally speaking sec through obscurity implies (to
me) that you're relying on the obfuscation for more
then it's really worth.  If you think it'll keep you
safe, you're using STO.  If you're realistic about
your expectations then do a CBA (cost/benefit
analysis) and make your decision as to whether or not
it's worthwhile.

IMO if there's a mail routing infrastructure behind
your borders then you should obscure it to the
outside, if you have the time.  That'

Granted it wont make you secure but it'll least keep
your infrastructure details relatively private, which
being the paranoid lot we probably are is a good
thing.  :)


-----Original Message-----
From: Bipin Gautam [mailto:visitbipin () hotmail com]
Sent: Monday, May 09, 2005 10:36 AM
To: pen-test () securityfocus com
Subject: Filtering email headers generated from
internal network (Sensible?)

Is it sensible to filter extra email headers in the
gateway generated from your internal network before it
leaves your server, so that Information like...
User-Agent:, X-Virus-Scanned:,  and those EXTRA hopps
of  Received from: (headers........)     won't leak
out, which could be a valuable information for a
potential intruder. Moreover the trouble multiplies if
a software exploit is realesed before patch. It is
kinda Security by obscurity. But if it buys you some
extra time to act isn't is sensible to impliment or
just too paranoid?

drop your views,
Bipin Gautam
http://bipin.sosvulnerable.net/

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Current thread:

Filtering email headers generated from internal network (Sensible?) Bipin Gautam (May 09)
- RE: Filtering email headers generated from internal network (Sensible?) Eyal Udassin (May 11)
- <Possible follow-ups>
- RE: Filtering email headers generated from internal network (Sensible?) anyluser (May 09)
  - Re: Filtering email headers generated from internal network (Sensible?) Kyle Maxwell (May 11)
  - Re: Filtering email headers generated from internal network (Sensible?) Joachim Schipper (May 11)
  - Re: Filtering email headers generated from internal network (Sensible?) Brendan Murray (May 11)
    - Re: Filtering email headers generated from internal network (Sensible?) Sebastian Garcia (May 13)