Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Filtering email headers generated from internal network (Sensible?)

from [Brendan Murray] Network Security [Permanent Link]
Subject: Re: Filtering email headers generated from internal network (Sensible?)
Date: Thu, 12 May 2005 09:45:48 +1200 
A few years, maybe 2, back I heard that someone in Germany (?) had
mapped the internal CIA (NSA?) network using the mail header
information. Unfortunately that might be urban legend since I could
never find the article - but if it is true then it would suggest 
obfuscating the headers would be a good thing, in the right
circumstances.

Now if anyone could fid me a pointer to that story I'd be very appreciative. 

On 5/10/05, anyluser <anyluser@yahoo.com> wrote:


IMO there's a balance between sec through obscurity
(STO) and flat out information leakage.  Just as most
things in security, this as much a balance as any
other.

Generally speaking sec through obscurity implies (to
me) that you're relying on the obfuscation for more
then it's really worth.  If you think it'll keep you
safe, you're using STO.  If you're realistic about
your expectations then do a CBA (cost/benefit
analysis) and make your decision as to whether or not
it's worthwhile.

IMO if there's a mail routing infrastructure behind
your borders then you should obscure it to the
outside, if you have the time.  That'

Granted it wont make you secure but it'll least keep
your infrastructure details relatively private, which
being the paranoid lot we probably are is a good
thing.  :)


-----Original Message-----
From: Bipin Gautam [mailto:visitbipin@hotmail.com]
Sent: Monday, May 09, 2005 10:36 AM
To: pen-test@securityfocus.com
Subject: Filtering email headers generated from
internal network (Sensible?)

Is it sensible to filter extra email headers in the
gateway generated from your internal network before it
leaves your server, so that Information like...
User-Agent:, X-Virus-Scanned:,  and those EXTRA hopps
of  Received from: (headers........)     won't leak
out, which could be a valuable information for a
potential intruder. Moreover the trouble multiplies if
a software exploit is realesed before patch. It is
kinda Security by obscurity. But if it buys you some
extra time to act isn't is sensible to impliment or
just too paranoid?

drop your views,
Bipin Gautam
http://bipin.sosvulnerable.net/

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Betarun 2005 for OpenInfreno in San Diego, CA - May 21st, 2005, sck@nogas.org
Next by Date:  RE: Penetration Test Hardware Vendor, amoeba
Previous by Thread:  Re: Filtering email headers generated from internal network (Sensible?), Joachim Schipper
Next by Thread:  Re: Filtering email headers generated from internal network (Sensible?), Sebastian Garcia
Indexes:  [Date] [Thread] [Top] [All Lists]