Reply From: William T Wilson <fluffy@dunadan.com>
On Mon, 1 Jun 1998, the public wrote:
> True all the way, but it would be possible to give them something ELSE
> than what they intended to download. It would be more of a trap, but
This is a reasonably good idea, but how do you get the bad guys to
download your trojan? Many perpetrators of breakins don't download
anything at all.
> But often, you do not know the direct routing of email on the inside of
> a firewall. Where I work, there is an externally-available email
> address and (though not often used) an internal email address. If you
The internal email address should probably not be able to send or receive
mail from the rest of the world, otherwise it becomes not an internal
email address but an external address that not very many people know
about.
> will also get a response. The headers of that response will dictate the
> path of the mail inside the intranet of the firewalled domain. Not a
If the internal email system is going to be allowed to communicate with
the rest of the world (which it shouldn't), then the mail server ought to
at least sanitize the email (i.e. rewrite the headers, scan for viruses,
and stuff). Otherwise you are really losing the purpose of having
separate internal and external email, because you cannot guarantee that a
bad guy will not be reading your email headers anyway. He could break
into the system at your upstream provider, break into the recipient's mail
system, or simply watch the traffic going by on the net (if he happened to
be in the right plaee at the right time).
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jun 1 23:18:58 1998