Re: userenv and NETLOGON errors

If all it takes to bring down a network is knowledge of the internal IP
schema, then you're screwed from the get-go.

Feel free to XXX out the public IP address, but any hacker hanging around
here who wants to know what your IP address setup is, already has more
information (Default server IP, default IP settings). We're trying to
determine which people have incorrect default settings, and bring them back
to the norm.

Security by obsecurity isn't any security at all. Especially when we're all
basically the same here.

Matt Gibson - GSEC

"Tony Su" <TonySu@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5B702688-54AB-418E-A084-429325C4DF8E@xxxxxxxxxxxxxxxx
> Matt,
> This question on whether to post IPCONFIG has been discussed to death.
>
> A short discussion which I participated is in Susan's blog archives. I'm
> not
> the only person to question this practice, in summary the information by
> itself is not a fatal compromise but
> - It's a substantial amount of very useful information to a hacker
> - Like everything else posted to a public forum/Internet, the information
> lives forever.
>
> In other words, the exploit that uses the information may not be common
> practice today, but if the information is still valid 8 years from now and
> the exploit is developed that uses that information, you'll regret what
> you
> thought was a minor indescretion.
>
> Tony
>
>
>
>
> "Matt Gibson" wrote:
>
>>
>> > Although others might disagree with me, I generally discourage posting
>> > IPCONFIGS for security reasons, but if there is no alternative the
>> > bottom
>> > line is getting fixed.
>>
>> Posting this makes people think there IS a security risk to it.
>>
>> You're spreading FUD, and making it harder for us to help people in this
>> newsgroup.
>>
>> Please stop.
>>
>> Matt Gibson - GSEC
>>
>>
>>


.

Relevant Pages

  • Re: VmWare and Pen-test Learning
    ... Learn Security Online, Inc. ... I looked at the couples of vulnerabilities and most of them I ... I think it all depends on how you practice. ... A straight-in shot to a corner pocket where your ...
    (Pen-Test)
  • Re: home security
    ... # and practice but how does one practice for a home invasion in the dead ... security. ... True I have seen criminals take chain saws to doors, ...
    (rec.guns)
  • Re: Pen Test vs. Health Check
    ... Ehm I belive that is the common understanding of the practice as it is ... given pen-test and identify the root of those problems and not only the fact ... An experienced 'attacker' will understand this and other problems as the ... practice if thought of as part of a bigger security process. ...
    (Pen-Test)
  • Re: IIS5 Null.Printer vulnerability exploitation tool
    ... The PoC tool for IIS5 Null.Printer Buffer Overflow vulnerability can ... Practice Lead | Security Assessment & Digital Forensics ... Comprehensive Information Security Training ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • RE: network security, network in general PODcast?
    ... Cause I'm not a security expert neither and I can argu with him on the Call for help show sometime. ... Objet : Re: network security, network in general PODcast? ... practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)