[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog] disclosure of network information



On Thu, Aug 28, 2003 at 09:50:29PM +0800, one one wrote:
> hi.
> i was looking at the headers of mail on this list and it apparently shows the internal ip addresses of some posters, from their mailer, one can deduce the operating system of their workstation
> see below.
> 
> Received: from vaio ([192.168.1.4] helo=cmusisi-IBM.uol.co.ug) by nemesis.eahd.or.ug with esmtp (Exim 4.20) id 19sLeU-0000Fz-5y for afnog at afnog.org; Thu, 28 Aug 2003 15:13:22 +0300
> Message-Id: <5.1.0.14.2.20030828143528.02439708 at 192.168.1.251>
> X-Sender: cmusisi at 192.168.1.251
> 
> just wondering if this information shouldnt be hidden.

I don't see why.

It's on every message they send outbound. If they don't want this
information publicised, it's up to them to remove it (e.g. get their
firewall to remove the Received: headers). There's certainly no reason for
the afnog list to do so, because presumably they send to other people and
mailing lists as well.

However I don't personally believe in security through obscurity. If I were
able to break into their firewall and thus have access to their 192.168.1
network, it wouldn't take me two seconds to find out the IP addresses of all
machines on that network anyway.

On the other hand, leaving the information on does actually help to locate
problems, and it could help track abusers within their own network.

Regards,

Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>