[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF related crash? (fwd)

On Sun, 2003-02-23 at 16:41, Sancho2k.net Lists wrote:
> What Henning is probably getting at is the sheer effectiveness of 
> obfuscating information on a support list. Chances are you could 
> determine IP information anyways, if from nothing else than looking at 
> the header for the IP of the sending mail relay. Obfuscating data makes 
> it difficult to see into the problem. Giving the pertinent information 
DS, please understand that what I'm about to say is in no way directed
to you... you're simply the messenger/interpreter.
But GODDAMMIT, I'm tired of people suggesting that nothing get
obfuscated because "hackers could get it anyways".  It's ridiculous to
suggest that because a very small minority set of bad people might be
able to dig up the relevant information (in this case, a netblock of
incredibly vulnerable hosts), that it's a bad idea to hide it in a
posted firewall ruleset to a public mailing list from the other hordes
of minimally qualified script kiddies.  Gimme a fucking break.
We're talking about the external netblock, people.  Not the internal
routing table, not a handful of relevant macros, not a trace.  Just a
NETWORK ADDRESS.  How could obfuscating this possibly rate as "the worst
advice of the day" on anyone's radar?
Please keep in mind that I am a critic of "security through obscurity"
as well.  But, as my momma used to say, "pick your battles wisely".