internal ip address

Matt Kettler mkettler at evi-inc.com
Wed Feb 6 19:17:10 GMT 2008


Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Denis Beauchemin wrote:
> | Alex,
> |
> | The IP addresses you use are non-routable.  That means nobody can access
> | your computers from the internet because no router will allow them.  So
> | don't worry about the whole world knowing about your internal IP
> addresses.
> 
> Those were my thoughts exactly.

Being non-routable helps you from a perspective of hackers using the information 
to directly break in to your network. However, an attacker probably knows all of 
your routable IPs anyway, so really that's not the threat vector.

The problem, in some situations, is the information exposed can still be used 
for other purposes. ie: studying the network structure so they know where to go 
once they get in via some other method. By googling around for postings on email 
list archives, you can often generate a lot of information about the network 
structure. Such information can also be used to aid social engineering attacks 
by figuring out who works with who.

Of course, this isn't exactly a "hardcore" risk factor like an open dialin, but 
it is information that an attacker can make use of. Whether that matters to your 
situation or not depends on your threat model, but anyone who sees it as 
presenting no risk at all is clearly mistaken. (ie: just because it is a trivial 
risk in the network of an ad agency, does not mean it's trivial in a financial 
organization where social engineering attacks are more likely.)



More information about the MailScanner mailing list