Re: userenv and NETLOGON errors

You're giving up alot more than just the "internal IP schema" depending on
how you define that.

You're giving up
Info about your Host Machine
Servers in the network, both IP address and name
MAC adresses
Network Address range
Default Gateway
Whether NBT is enabled
DNS suffix listWhat DNS you use (and maybe ripe for poisoning)
NIC driver

And the list goes on...

The point is that posting this information to a newsgroup means the
information will "live forever." Stuff I've posted and forgotten is still
searchable more than a decade later. Can you guarantee at the rate exploits
are created that one won't take advantage of this info? At the very least,
<today> if an exploit were able to gain a toe-hold in a network this info is
a treasure trove if it could be downloaded or installed with the exploit, the
exploit will know how and what to probe without doing any "discovery."

It's a slippery slope posting this kind of sensitive info where it'll
probably never die...

Recommendations to avoid posting IPCONFIG to a public forum...

1. "Sanitize" the configuration. This can be as easy to do as pasting into
Notepad, then doing a Find/Replace, eg 192.168.16 > 192.168.224 before
posting. If desired this can easily be reversed in Notepad later.

2. Post the IPCONFIG as a webpage, then post a link to your webpage to the
public forum. You can take down the webpage when you're done. People might
still cache your webpage somewhere, but you've drastically reduced your
exposure.

The other thing that veteran members of a forum can do is not to ask for the
IPCONFIG as a knee jerk reaction(I'm not necessarily saying that is the case
here). It's often possible to suggest a solution based on certain assumptions
and to qualify your suggestion because of those assumptions. Let the <reader>
decide for himself how valid your suggestion is, and if the situation is
different that person can always post back... and in this case the solution
might be resolved without exposing personal information.

IMO.
Tony






"Matt Gibson" wrote:

> If all it takes to bring down a network is knowledge of the internal IP
> schema, then you're screwed from the get-go.
>
> Feel free to XXX out the public IP address, but any hacker hanging around
> here who wants to know what your IP address setup is, already has more
> information (Default server IP, default IP settings). We're trying to
> determine which people have incorrect default settings, and bring them back
> to the norm.
>
> Security by obsecurity isn't any security at all. Especially when we're all
> basically the same here.
>
> Matt Gibson - GSEC
>
> "Tony Su" <TonySu@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:5B702688-54AB-418E-A084-429325C4DF8E@xxxxxxxxxxxxxxxx
> > Matt,
> > This question on whether to post IPCONFIG has been discussed to death.
> >
> > A short discussion which I participated is in Susan's blog archives. I'm
> > not
> > the only person to question this practice, in summary the information by
> > itself is not a fatal compromise but
> > - It's a substantial amount of very useful information to a hacker
> > - Like everything else posted to a public forum/Internet, the information
> > lives forever.
> >
> > In other words, the exploit that uses the information may not be common
> > practice today, but if the information is still valid 8 years from now and
> > the exploit is developed that uses that information, you'll regret what
> > you
> > thought was a minor indescretion.
> >
> > Tony
> >
> >
> >
> >
> > "Matt Gibson" wrote:
> >
> >>
> >> > Although others might disagree with me, I generally discourage posting
> >> > IPCONFIGS for security reasons, but if there is no alternative the
> >> > bottom
> >> > line is getting fixed.
> >>
> >> Posting this makes people think there IS a security risk to it.
> >>
> >> You're spreading FUD, and making it harder for us to help people in this
> >> newsgroup.
> >>
> >> Please stop.
> >>
> >> Matt Gibson - GSEC
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: userenv and NETLOGON errors
    ... > You can go on asking for an IPCONFIG if you wish, but I'd still ask you to ... > the lifetime of the network I wouldn't ... > I don't agree at all with the old saw you mis-quote "Security by Obscurity ... > everyone should have no problem posting their Driver's License and Social ...
    (microsoft.public.windows.server.sbs)
  • Re: userenv and NETLOGON errors
    ... the lifetime of the network I wouldn't know ... I don't agree at all with the old saw you mis-quote "Security by Obscurity ... The same thing applies to posting true IPCONFIGs. ... IPCONFIG can be exploited, I'm going to decline being that specific because ...
    (microsoft.public.windows.server.sbs)
  • Re: File & Printer Sharing
    ... can you ping each other? ... posting the result of ipconfig /all here may help. ... Posting on MS newsgroup will benefit all readers and you may get more help. ... How to Setup Windows, Network, Remote Access on ...
    (microsoft.public.windowsxp.network_web)
  • Yes, The Life of the Party Is Moving On, Folks
    ... think about something as mundane as posting. ... Dollhouse, which almost too criminally easily achieved the unenviable ... all, for any who still foolishly doubted, that a network can make more ... Not that that hint ...
    (rec.arts.tv)
  • Re: userenv and NETLOGON errors
    ... From an ipconfig? ... I never knew doing that from my SBS server would ... Keep posting, I'll keep pointing out that it's FUD. ... security by obsecurity is no security at all. ...
    (microsoft.public.windows.server.sbs)