Home page logo
/

basics logo Security Basics mailing list archives

RE: Am I over reacting?
From: Michael Horn <z28fun () yahoo com>
Date: Fri, 12 Mar 2004 05:46:33 -0800 (PST)

Thanks for the info guys.  It was defiantly showing
our NAT address.  I forget we have this lovely thing
called a firewall that so far can't be exploited; yet.

Michael
--- James.Fields () bcbsfl com wrote:
I wouldn't worry too much about it, for these
reasons:

1) IP addresses have to be revealed all the time in
order for network
communications to work.  DNS servers hand them out
all the time.  Having
them displayed on the screen isn't much of a
giveaway - they can be seen
in arp tables, using sniffers, and plenty of other
tools.

2) There is a better than even chance that the IP
address you are seeing
is not the actual address of the computer being
used.  Most corporate
AND home customers these days are using RFC1918
addressing and using
Network Address Translation to make use of a smaller
number of available
IP addresses.


-----Original Message-----
From: Michael Horn [mailto:z28fun () yahoo com] 
Sent: Wednesday, March 10, 2004 2:20 PM
To: security-basics () securityfocus com
Subject: Am I over reacting?

I'm not sure if I'm over reacting on this or not
since
I'm new to the security scene.  This morning during
an
on-line seminar that one of our customers was
holding;
the presenter had his desktop shared out (so you
could
see everything).  One thing I noticed about the web
meeting software was that it was showing everybody's
IP. I've used other web meeting companies and none
of
them showed the IP's.  From my understanding if you
have the IP your halfway to getting into their
system.
 If I was a bad boy I could run a port scan to see
what they where running and then exploit it. Is my
thinking correct or am I off base and over reacting?
 
Thank you for your input,
 
Michael Horn

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you're looking for faster
http://search.yahoo.com


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention
this ad and get $545
off 
any course! All of our class sizes are guaranteed to
be 10 students or
less 
to facilitate one-on-one interaction with one of our
expert instructors.

Attend a course taught by an expert instructor with
years of
in-the-field 
pen testing experience in our state of the art
hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security
of your organization.

Visit us at: 

http://www.infosecinstitute.com/courses/ethical_hacking_training.html

------------------------------------------------------------------------
----





Blue Cross Blue Shield of Florida, Inc., and its
subsidiary and affiliate companies are not
responsible for errors or omissions in this e-mail
message. Any personal comments made in this e-mail
do not reflect the views of Blue Cross Blue Shield
of Florida, Inc.  The information contained in this
document may be confidential and intended solely for
the use of the individual or entity to whom it is
addressed.  This document may contain material that
is privileged or protected from disclosure under
applicable law.  If you are not the intended
recipient or the individual responsible for
delivering to the intended recipient, please (1) be
advised that any use, dissemination, forwarding, or
copying of this document IS STRICTLY PROHIBITED; and
(2) notify sender immediately by telephone and
destroy the document. THANK YOU.




__________________________________
Do you Yahoo!?
Yahoo! Search - Find what youÂ’re looking for faster
http://search.yahoo.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]