internal ip address

--[ UxBoD ]-- uxbod at splatnix.net
Wed Feb 6 20:19:11 GMT 2008


Your not wrong Matt, but what concerns me more is MTAs that give away their identity with respect to what software they are running.  It becomes easier to attack as potential vulnerabilities are easier to find.

It also depends on what somebodies objective it aswell, do you target a individuals PC or go after the cream a nice central data store.our

Understanding and appreciating your threat level is very important, especially when trying to convince SOX auditors why certain things are not being done ;)

Perhaps the ability to cloak certain information is not a bad thing, and I do take on board your comments, but how far do you go ?  I do not believe that it would be to hard to write a MS plugin for stripping certain information ie. the clients IP address perhaps it should be added to the SMTP RFC ?

IMHO I would prefer to educate our staff on how easy social engineering can be undertaken to glean sensitive information from the company! and even stop staff from signing upto loads of different mailing lists and publishing their company email addresses all over the net.  Unfortunately management do not always see it the same way ;) 

Regards,

-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list