Ipconfig /all

re: Ipconfig /all

bradley — Wed, 29 Dec 2004 13:25:00 GMT

And has Wayne as pointed out ..... a lot of info can be "bled" out via telnet. What precautions are you taking for telnet and email header files?

re: Ipconfig /all

bradley — Wed, 29 Dec 2004 11:49:00 GMT

Susan,
I'll stick to my guns. Don't unnecessarily publicize information which should be private. If you do, you should <know> the risks you undertake and take steps to fortify your defenses.

My big beef is the common practice of knowledgeable people who request this kind of information be posted by people who can't make a knowledgeable decision whether to comply.

- The arguement "Just because plenty other information is leaking makes this leak acceptable" just doesn't hold water. No, just because you divulge information through email headers is no reason for you to dump more information about yourself on the Public Internet. Private information should stay private.

- You have no idea what types of vulnerabilities might be discovered in the future and what types of exploits might be created. By divulging useful and probably critical informationn publicly you're just making it easier to get hacked and you're increasing the scope of compromise if you are hacked.

- You're creating a repository of easily searchable information for hacking and don't believe it can't be used. The current/recent Santy exploit is a good example of how this can happen... Like any Internet User, the exploit identifies victims by querying Google (The lookups have since been disabled by Google).

- Your arguement placing faith in your firewall is obsolete. Today, it's common knowledge that firewalls can only be a piece in an overall security solution and cannot be relied upon to protect against all threats, even a wide variety of common threats. There are too many ways for exploits to be undetectable by firewalls and gain access to your internal network... Anyone who runs Anti-Virus, Anti-Spam, Intrusion Detection and patches their internal machines knows this. If what you said can be relied upon, these technologies and practices wouldn't be necessary (and were unheard of 15 years ago). Don't get trapped by obsolete practices.

Network information should usually be protected like your SSI and Driver's License. It's a good security practice which doesn't even require you to pay a dime to implement.

Tony

The things you

TrackBack — Wed, 29 Dec 2004 03:26:00 GMT

The things you

TrackBack — Wed, 29 Dec 2004 03:25:00 GMT

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 23:19:00 GMT

And private IP ranges that are non routable are normally protected by a good ISA or firewall.

We certainly don't do like USAtoday and expose our netbios ports. A properly configured SBS box should be able to withstand typing/disclosing the internal IP address space of that network.

There's more risk in email header files IMHO which also exposes internal information. All I'm saying is what resources are you taking to protect that? I think header files are even more exposure as they give the version of your mailclient/Exchange and what patch status you have.

Like I said, there's more information, heck there's even a track back of your IP address when you post comments to the blog.

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 22:36:00 GMT

Everything you just said is precisely why a seasoned SBS Consultant will modify those settings when installing... or modify later when given an opportunity.

If an installation is "typical" I don't believe that the business or the SysAdmin should want that information posted publicly if they simply pause to consider the consequences.

I don't subscribe to the idea that just because people tend to set up generic installations it's reason to blab that kind of stuff where someone could easily harvest the information. What you're saying to the world is "If you come and get us, I'm just one of the pack." Is there safety in numbers? I don't think so in this case.

The only time someone can allow this kind of information to be publicly available is if they are taking extra steps to ensure their internal security approaches the type of security outside their firewall, and very few people <especially> in the SMB space is doing that.

There's no excuse for blatant carelessness. If you don't have to take a risk, don't do it.

Tony

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 20:45:00 GMT

We "blast" so much info out our SBS boxes anyway in just our email headers, Tony ...
.local
.lan
192.168.16.2 is so default in SBSland and in the world in general.

People have cleaned "so" much stuff off those IPconfigs that we could not diagnose there issues.

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 20:35:00 GMT

Private addresses are critical information. Basically if anyone gains a toe-hold into your network (it might be purely blind scripting)... for instance through a mismanaged VPN, knowledge of your internal addresses means instant network compromise instead of buying yourself time while the hacker is testing to find out where everything is.

Not everyone will consider exposing your private addresses critical. I'm just passing on conventional thought.

Tony

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 18:29:00 GMT

More often than not the two IP addresses are private IP ranges and there's no DNS info in there as most people have a router on the outside

Don't take out those private IP addresses 192.168.x.x and/or 10.0.0.x because they are normal class a/c addresses [like big whoop]

Granted clean out the public IP addresses, but not the private, as they aren't that big of a secret and they, more often than not, tell us what is set up wrong.

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 18:24:00 GMT

Ugh, you are correct that probably the number one request is to post back your IPCONFIG to a <Public Newsgroup>.

And I never stop being amazed at all the people who do just that.

So, now and forever as long as that Newsgroup is publicly accessible (and posts I've made over 10 years ago are still publicly searchable) every potential hacker knows your network's network ID, the IP address of a machine in your network, your network's DG and more. Heck, they even know a set of DNS IP addresses which might provide easy entry into your network if they could ever poison specified zone records on those machines (and anyone who knows the difficulties of public DNS can't dismiss this possibility easily).

So,
PLEASE.
Don't ask for anyone's IPCONFIG anything except through a private message. Don't post your IPCONFIG anything anywhere.

Unless you "sanitize" the info you post.

Here is one suggestion if you really feel you must post publicly...

1. Save your IPCONFIG to a file (ie. IPCONFIG /ALL > C:\ipconfigfile.txt)
2. Do a "Search and Replace" using Notepad of all the network IDs in your file, ie.
Search 192.168.16
Replace 10.0.2
3. Customize any other information as you see fit
4. Copy the sanitized IPCONFIG into your post.
5. When you receive a reply, save to a file and do a reverse "Search and Replace" to view the information in a way that's relevant to your network.

Tony Su

re: Ipconfig /all

bradley — Tue, 28 Dec 2004 02:51:00 GMT

Not sure if this is relevant or not but Windows has a command line tool to configure IP of a network interface. This is VERY useful for folks that travel to sites that do not use DHCP or that switch from sites that use DHCP to sites that do not and vice versa. The tool is “netsh” a full set of documents on the tool can be found at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netsh.mspx . I have several batch files that change my settings based on my location. A simple batch might look like this:

netsh interface ip set address name="LAN" source=static addr=10.0.0.220 mask=255.255.255.0 gateway=10.0.0.254 gwmetric=1

netsh interface ip add dns name="LAN" addr=10.0.0.1 index=1

netsh interface ip add dns name="LAN" addr=10.0.0.2 index=2

Carlos