Reply From: William T Wilson <fluffyat_private> On Mon, 1 Jun 1998, the public wrote: > True all the way, but it would be possible to give them something ELSE > than what they intended to download. It would be more of a trap, but This is a reasonably good idea, but how do you get the bad guys to download your trojan? Many perpetrators of breakins don't download anything at all. > But often, you do not know the direct routing of email on the inside of > a firewall. Where I work, there is an externally-available email > address and (though not often used) an internal email address. If you The internal email address should probably not be able to send or receive mail from the rest of the world, otherwise it becomes not an internal email address but an external address that not very many people know about. > will also get a response. The headers of that response will dictate the > path of the mail inside the intranet of the firewalled domain. Not a If the internal email system is going to be allowed to communicate with the rest of the world (which it shouldn't), then the mail server ought to at least sanitize the email (i.e. rewrite the headers, scan for viruses, and stuff). Otherwise you are really losing the purpose of having separate internal and external email, because you cannot guarantee that a bad guy will not be reading your email headers anyway. He could break into the system at your upstream provider, break into the recipient's mail system, or simply watch the traffic going by on the net (if he happened to be in the right plaee at the right time). -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:59 PDT