|
|
Sponsored Content
Special Forums
Cybersecurity
how to hide the IP in the email header?
Post 5286 by Neo on Thursday 9th of August 2001 10:36:41 PM
08-09-2001
Administrator
Also, I must take some issue with the broad statment:
.... security by obscurity never works....
Security-by-obscurity is not considered a very secure form of security, but we all use security-by-obsurity every day of our lives. The Department of Defense is the US has many 'obscurity' techniques and processes used to augument security management and security services.
In fact, obscurity can be a great enhancement to a very solid 'non obscurity program'.
For example: take the user name ROOT. I have plenty of servers where we have removed the user name ROOT and replaced it with something else, say 'barbara'. So, someone sniffing the network when you accidently login as 'barbara' might not be so excited because they are looking for 'root'. Of course, the UID is still 0 and 'barbara' is not the name of the superuser. However, a little obscurity can help and does.
Same is true with TELNET. Change the port to something else and port scanners get really confused.
Same is true with SENDMAIL. Change the configuration file to say 'welcome to sendmail version 2.3' and the version is so different than anything in the exploit database that the 'obscurity is very useful'.
Same is true for a login MOTD and getty. Instead of 'Welcome to Linux Version 1.2' many change the TELNET return to read 'Welcome to Fore ATM Switch Fabric'
Or even 'Welcome to Microsoft 2000 Professional' ... when you are running UNIX!! The indications and ramifications are obvious.
I totally agree, obscurity is not great, but it does have some nice applications that are useful combined with other stronger methods
.... security by obscurity never works....
Security-by-obscurity is not considered a very secure form of security, but we all use security-by-obsurity every day of our lives. The Department of Defense is the US has many 'obscurity' techniques and processes used to augument security management and security services.
In fact, obscurity can be a great enhancement to a very solid 'non obscurity program'.
For example: take the user name ROOT. I have plenty of servers where we have removed the user name ROOT and replaced it with something else, say 'barbara'. So, someone sniffing the network when you accidently login as 'barbara' might not be so excited because they are looking for 'root'. Of course, the UID is still 0 and 'barbara' is not the name of the superuser. However, a little obscurity can help and does.
Same is true with TELNET. Change the port to something else and port scanners get really confused.
Same is true with SENDMAIL. Change the configuration file to say 'welcome to sendmail version 2.3' and the version is so different than anything in the exploit database that the 'obscurity is very useful'.
Same is true for a login MOTD and getty. Instead of 'Welcome to Linux Version 1.2' many change the TELNET return to read 'Welcome to Fore ATM Switch Fabric'
Or even 'Welcome to Microsoft 2000 Professional' ... when you are running UNIX!! The indications and ramifications are obvious.I totally agree, obscurity is not great, but it does have some nice applications that are useful combined with other stronger methods
|
|
9 More Discussions You Might Find Interesting
1. Linux
say i have these many file in a directory named exam.
1)/exam/newfolder/link.txt.
2)/exam/newfolder1/
and i create a tar say exam.tar
well the problem is,
when i read the tar file i dont find any metadata about the directories,as you cannot create a tar containig empty directories.
on the... (2 Replies)
Discussion started by: Tanvirk
2 Replies
2. Shell Programming and Scripting
Dear all-
I have a requirement to send an email via email with body content which looks something below-
Email body contents
--------------------
RequestType: Update
DateAcctOpened: 1/5/2010
Note that header information and data content should be normal text..
Please advice on... (5 Replies)
Discussion started by: sureshg_sampat
5 Replies
3. Shell Programming and Scripting
Dear All-
My requirement is as below-
Header file
$ cat HEADER.txt
RequestId:
RequestDate:
Data file
$ cat DATAVAL.txt
1001|2009-03-01
I need to send the combined data below as email body via mailx command
------------------
RequestId:1001
RequestDate:2009-03-01
I would like... (4 Replies)
Discussion started by: sureshg_sampat
4 Replies
4. UNIX for Dummies Questions & Answers
How can i tweak sendmail configuration files so that the "Received:" field is removed from email header information?
Or else can i change Received: (from enswitch@localhost) in email header to something likeReceived: (from xyz@localhost)?
---------- Post updated at 09:57 PM ---------- Previous... (2 Replies)
Discussion started by: proactiveaditya
2 Replies
5. UNIX for Dummies Questions & Answers
Friends,
I need help with the following in UNIX.
Merge all csv files in one folder considering only 1 header row and ignoring header of all other files.
FYI - All files are in same format and contains same headers.
Thank you (4 Replies)
Discussion started by: Shiny_Roy
4 Replies
6. Shell Programming and Scripting
Hello There...
I have a sample input file ..
number:department:amount
125:Market:125.23
126:Hardware store:434.95
127:Video store:7.45
128:Book store:14.32
129:Gasolline:16.10
I will be doing some manipulations on all the records except the header, but the header should always be... (2 Replies)
Discussion started by: juzz4fun
2 Replies
7. Programming
Hi,
I need to somehow pipe the password to a command and run some SQL, for example, something like echo $password | sqlplus -s system @query01.sql
To make it not so obvious, I decided to try out writing a small C program that basically just do echo $password. So now I just do x9.out | sqlplus... (8 Replies)
Discussion started by: newbie_01
8 Replies
8. Shell Programming and Scripting
i have added the header also to the script you provided, it is working fine, but I am expecting to get the header over those rows for which the URL or port changes. URL will remain same for few rows and then it change, and once the URL change the header should come,
like in below input you can see... (11 Replies)
Discussion started by: mirwasim
11 Replies
9. Shell Programming and Scripting
I've been struggling with this one for quite a while and cannot seem to find a solution for this find/replace scenario. Perhaps I'm getting rusty.
I have a file that contains a number of metrics (exactly 3 fields per line) from a few appliances that are collected in parallel. To identify the... (3 Replies)
Discussion started by: verdepollo
3 Replies
LEARN ABOUT SUNOS
create-connector-security-map
asadmin-create-connector-security-map(1AS) User Commands asadmin-create-connector-security-map(1AS) NAME
asadmin-create-connector-security-map, create-connector-security-map - creates a security map for the named connector connection pool SYNOPSIS
create-connector-security-map --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile filename] [--terse=false] [--echo=false] [--interactive=true] --poolname connector_connection_pool_name --principals principal-name[, prin- cipal-name]*|--usergroups user-group[, user-group]* --mappedusername user_name [--mappedpassword password] mapname Creates a security map for the named connector connection pool. If the security map is not present, one is created. You must have first created a connector connection pool using the create-connector-connection-pool command. The enterprise information system is any system which holds the information. It can be a mainframe, a messaging system, a database system, or even an application. The --principals option and --usergroups option are mutually exclusive; only one should be used. This command is supported in remote mode only. OPTIONS
--user authorized domain application server administrative username. --password password to administer the domain application server. --host machine name where the domain application server is running. --port port number of the domain application server listening for administration requests. --secure if true, uses SSL/TLS to communicate with the domain application server. --passwordfile file containing the domain application server password. --terse indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well- formatted data for consumption by a script. Default is false. --echo setting to true will echo the command line statement on the standard output. Default is false. --interactive if set to true (default), only the required password options are prompted. --poolname connector connection pool name. --principals a comma separated list of J2EE principals. --usergroups a comma separated list of J2EE usergroups. --mappedusername the enterprise information system username. --mappedpassword the enterprise information system password. OPERANDS
mapname name of the security map to be created. Example 1: Using create-connector-security-map It is assumed that the connector pool has already been created using the create-connector-pool command. asadmin> create-connector-security-map --user admin --password adminadmin poolname connector-pool1 --principals principal1,principal2 --usergroups usergroup1,usergroup2 --mappedusername backend-username --mappedpassword backend-password securityMap1 Command create-connector-security-map executed successfully EXIT STATUS
0 command executed successfully 1 error in executing the command asadmin-delete-connector-security-map(1AS), asadmin-list-connector-security-maps(1), asadmin-update-connector-security-map(1AS) J2EE 1.4 SDK March 2004 asadmin-create-connector-security-map(1AS)