Re: Filtering email headers generated from internal network (Sensible?)

From: Brendan Murray (xasperated@gmail.com)
Date: Wed May 11 2005 - 17:45:48 EDT


A few years, maybe 2, back I heard that someone in Germany (?) had
mapped the internal CIA (NSA?) network using the mail header
information. Unfortunately that might be urban legend since I could
never find the article - but if it is true then it would suggest
obfuscating the headers would be a good thing, in the right
circumstances.

Now if anyone could fid me a pointer to that story I'd be very appreciative.

On 5/10/05, anyluser <anyluser@yahoo.com> wrote:
>
> IMO there's a balance between sec through obscurity
> (STO) and flat out information leakage. Just as most
> things in security, this as much a balance as any
> other.
>
> Generally speaking sec through obscurity implies (to
> me) that you're relying on the obfuscation for more
> then it's really worth. If you think it'll keep you
> safe, you're using STO. If you're realistic about
> your expectations then do a CBA (cost/benefit
> analysis) and make your decision as to whether or not
> it's worthwhile.
>
> IMO if there's a mail routing infrastructure behind
> your borders then you should obscure it to the
> outside, if you have the time. That'
>
> Granted it wont make you secure but it'll least keep
> your infrastructure details relatively private, which
> being the paranoid lot we probably are is a good
> thing. :)
>
>
> -----Original Message-----
> From: Bipin Gautam [mailto:visitbipin@hotmail.com]
> Sent: Monday, May 09, 2005 10:36 AM
> To: pen-test@securityfocus.com
> Subject: Filtering email headers generated from
> internal network (Sensible?)
>
> Is it sensible to filter extra email headers in the
> gateway generated from your internal network before it
> leaves your server, so that Information like...
> User-Agent:, X-Virus-Scanned:, and those EXTRA hopps
> of Received from: (headers........) won't leak
> out, which could be a valuable information for a
> potential intruder. Moreover the trouble multiplies if
> a software exploit is realesed before patch. It is
> kinda Security by obscurity. But if it buys you some
> extra time to act isn't is sensible to impliment or
> just too paranoid?
>
> drop your views,
> Bipin Gautam
> http://bipin.sosvulnerable.net/
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:20 EDT