Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Filtering email headers generated from internal network (Sensible?)

from [Sebastian Garcia] Network Security [Permanent Link]
Subject: Re: Filtering email headers generated from internal network (Sensible?)
Date: Fri, 13 May 2005 03:55:20 -0800 
I hope this was what you were looking for.

In 2002, www.trustmatta.com consultants analysed CIA PoP (Points of
Presence) on the Internet. 

Their quote:

"...Through entirely using open sources (primarily Internet search
engines, WHOIS servers & DNS requests), Matta has undertaken the task of
performing Internetbased counterintelligence against the Central
Intelligence Agency (CIA), with some surprising results. It should be
clearly noted that, at no point did we port scan or directly probe any
CIA Internetbased networks, as all of our intelligence was gathered
using open sources. This counterintelligence was undertaken entirely
within English and American
law regarding computer misuse and control of data. If Matta had been
authorised to launch a determined attack (encompassing network scanning
and aggressive probing of the CIA<A1><C7>s infrastructure) more
information would have been gleaned. In the interests of Matta retaining
professionalism, entirely open sources were used in-line with the law."

It's worth noting that the information they gatter from emails was
minimal. And they didn't found interal ip address in emails.
I think this was the "urban legend" part.

http://www.trustmatta.com/downloads/Matta_Counterintelligence.pdf
http://www.trustmatta.com/services/docs/cia-map.jpg


Sebas


On Thu, 2005-05-12 at 09:45 +1200, Brendan Murray wrote:

A few years, maybe 2, back I heard that someone in Germany (?) had
mapped the internal CIA (NSA?) network using the mail header
information. Unfortunately that might be urban legend since I could
never find the article - but if it is true then it would suggest 
obfuscating the headers would be a good thing, in the right
circumstances.

Now if anyone could fid me a pointer to that story I'd be very appreciative. 

On 5/10/05, anyluser <anyluser@yahoo.com> wrote:


IMO there's a balance between sec through obscurity
(STO) and flat out information leakage.  Just as most
things in security, this as much a balance as any
other.

Generally speaking sec through obscurity implies (to
me) that you're relying on the obfuscation for more
then it's really worth.  If you think it'll keep you
safe, you're using STO.  If you're realistic about
your expectations then do a CBA (cost/benefit
analysis) and make your decision as to whether or not
it's worthwhile.

IMO if there's a mail routing infrastructure behind
your borders then you should obscure it to the
outside, if you have the time.  That'

Granted it wont make you secure but it'll least keep
your infrastructure details relatively private, which
being the paranoid lot we probably are is a good
thing.  :)


-----Original Message-----
From: Bipin Gautam [mailto:visitbipin@hotmail.com]
Sent: Monday, May 09, 2005 10:36 AM
To: pen-test@securityfocus.com
Subject: Filtering email headers generated from
internal network (Sensible?)

Is it sensible to filter extra email headers in the
gateway generated from your internal network before it
leaves your server, so that Information like...
User-Agent:, X-Virus-Scanned:,  and those EXTRA hopps
of  Received from: (headers........)     won't leak
out, which could be a valuable information for a
potential intruder. Moreover the trouble multiplies if
a software exploit is realesed before patch. It is
kinda Security by obscurity. But if it buys you some
extra time to act isn't is sensible to impliment or
just too paranoid?

drop your views,
Bipin Gautam
http://bipin.sosvulnerable.net/

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


-- 
Sebastian Garcia
Si6 - Laboratorio de Seguridad Informatica
CITEFA
San Juan B. de La Salle 4397 
B1603ALO Villa Martelli - Pcia. Bs. As.
Tel: (54-11) 4709-8289 
e-mail: sgarcia@citefa.gov.ar - www.citefa.gov.ar/si6/
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x4305E810
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Penetration Test Hardware Vendor, Jose Maria Lopez Hernandez
Next by Date:  RE: Penetration Test Hardware Vendor, Eyal Udassin
Previous by Thread:  Re: Filtering email headers generated from internal network (Sensible?), Brendan Murray
Next by Thread:  [Full-disclosure] coldfusion pentest, fatb
Indexes:  [Date] [Thread] [Top] [All Lists]