Re: [ISN] Software Hits Back at Hacker with Viruses

From: mea culpa (jerichoat_private)
Date: Mon Jun 01 1998 - 17:10:54 PDT

  • Next message: mea culpa: "Re: [ISN] Software Hits Back at Hacker with Viruses"

    Reply From: William T Wilson <fluffyat_private>
    
    On Mon, 1 Jun 1998, the public wrote:
    
    > True all the way, but it would be possible to give them something ELSE
    > than what they intended to download.  It would be more of a trap, but
    
    This is a reasonably good idea, but how do you get the bad guys to
    download your trojan?  Many perpetrators of breakins don't download
    anything at all. 
    
    > But often, you do not know the direct routing of email on the inside of
    > a firewall.  Where I work, there is an externally-available email
    > address and (though not often used) an internal email address.  If you
    
    The internal email address should probably not be able to send or receive
    mail from the rest of the world, otherwise it becomes not an internal
    email address but an external address that not very many people know
    about. 
    
    > will also get a response.  The headers of that response will dictate the
    > path of the mail inside the intranet of the firewalled domain.  Not a
    
    If the internal email system is going to be allowed to communicate with
    the rest of the world (which it shouldn't), then the mail server ought to
    at least sanitize the email (i.e. rewrite the headers, scan for viruses,
    and stuff).  Otherwise you are really losing the purpose of having
    separate internal and external email, because you cannot guarantee that a
    bad guy will not be reading your email headers anyway.  He could break
    into the system at your upstream provider, break into the recipient's mail
    system, or simply watch the traffic going by on the net (if he happened to
    be in the right plaee at the right time). 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:59 PDT