[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] disclosure of network information

To: one one <list-mail at linuxmail.org>
Subject: Re: [afnog] disclosure of network information
From: Brian Candler <B.Candler at pobox.com>
Date: Thu, 28 Aug 2003 15:32:46 +0100
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog at afnog.org
In-Reply-To: <20030828135029.24257.qmail at linuxmail.org>;from list-mail at linuxmail.org on Thu, Aug 28, 2003 at 09:50:29PM +0800
List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
List-Help: <mailto:afnog-request at afnog.org?subject=help>
List-Id: The AfNOG general discussion list <afnog.afnog.org>
List-Post: <mailto:afnog at afnog.org>
List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
References: <20030828135029.24257.qmail at linuxmail.org>
Sender: afnog-bounces at afnog.org
User-Agent: Mutt/1.2.5i

On Thu, Aug 28, 2003 at 09:50:29PM +0800, one one wrote:
> hi.
> i was looking at the headers of mail on this list and it apparently shows the internal ip addresses of some posters, from their mailer, one can deduce the operating system of their workstation
> see below.
> 
> Received: from vaio ([192.168.1.4] helo=cmusisi-IBM.uol.co.ug) by nemesis.eahd.or.ug with esmtp (Exim 4.20) id 19sLeU-0000Fz-5y for afnog at afnog.org; Thu, 28 Aug 2003 15:13:22 +0300
> Message-Id: <5.1.0.14.2.20030828143528.02439708 at 192.168.1.251>
> X-Sender: cmusisi at 192.168.1.251
> 
> just wondering if this information shouldnt be hidden.

I don't see why.

It's on every message they send outbound. If they don't want this
information publicised, it's up to them to remove it (e.g. get their
firewall to remove the Received: headers). There's certainly no reason for
the afnog list to do so, because presumably they send to other people and
mailing lists as well.

However I don't personally believe in security through obscurity. If I were
able to break into their firewall and thus have access to their 192.168.1
network, it wouldn't take me two seconds to find out the IP addresses of all
machines on that network anyway.

On the other hand, leaving the information on does actually help to locate
problems, and it could help track abusers within their own network.

Regards,

Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>

References:
- [afnog] disclosure of network information
  - From: "one one" <list-mail at linuxmail.org>
- [afnog] disclosure of network information
  - From: "one one" <list-mail at linuxmail.org>

Prev by Date: [afnog] how to partition my disk
Next by Date: RE: [afnog] how to partition my disk
Prev by thread: [afnog] disclosure of network information
Next by thread: [afnog] how to partition my disk
Index(es):
- Date
- Thread