Thunderbird revealing internal IPs

Discussion in 'Firefox' started by scorpius, Nov 14, 2004.

  1. scorpius

    scorpius Guest

    Is there any special reason why Thunderbird is sending out internal IP
    as well? For instance, if you send out email using Thunderbird, you
    can read in the header:

    ....
    Received: from [192.168.xxx.xxx] (name.of.your.computer.net
    [external.ip.xxx.xxx])
    ....

    That is, before the external IP+hostname there's also the internal IP
    listed.
     
    scorpius, Nov 14, 2004
    #1
    1. Advertising

  2. scorpius

    Moz Champion Guest

    scorpius wrote:

    > Is there any special reason why Thunderbird is sending out internal IP
    > as well? For instance, if you send out email using Thunderbird, you
    > can read in the header:
    >
    > ...
    > Received: from [192.168.xxx.xxx] (name.of.your.computer.net
    > [external.ip.xxx.xxx])
    > ...
    >
    > That is, before the external IP+hostname there's also the internal IP
    > listed.



    A message is recorded and stamped with the IP of the originating device.


    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Nov 16, 2004
    #2
    1. Advertising

  3. scorpius

    Guest

    But isn't this a kind of privacy and security threat? Revealing
    internal IPs in such a manner, that is.
    Perhaps Thunderbird should at least include an option to turn this
    internal IP "revelation" on or off...


    > Moz Champion wrote:
    > scorpius wrote:
    >
    > > Is there any special reason why Thunderbird is sending out internal

    IP
    > > as well? For instance, if you send out email using Thunderbird, you
    > > can read in the header:
    > >
    > > ...
    > > Received: from [192.168.xxx.xxx] (name.of.your.computer.net
    > > [external.ip.xxx.xxx])
    > > ...
    > >
    > > That is, before the external IP+hostname there's also the internal

    IP
    > > listed.

    >
    >
    > A message is recorded and stamped with the IP of the originating

    device.
    >
    >
    > --
    > Mozilla Champion
    > UFAQ - http://www.UFAQ.org
    > Mozilla Champions - http://mozillachampions.mozdev.org
    > Mozilla Manual - http://mozmanual.mozdev.org/
     
    , Dec 7, 2004
    #3
  4. scorpius

    Moz Champion Guest

    wrote:

    > But isn't this a kind of privacy and security threat? Revealing
    > internal IPs in such a manner, that is.
    > Perhaps Thunderbird should at least include an option to turn this
    > internal IP "revelation" on or off...
    >
    >
    >
    >>Moz Champion wrote:
    >>scorpius wrote:
    >>
    >>
    >>>Is there any special reason why Thunderbird is sending out internal

    >
    > IP
    >
    >>>as well? For instance, if you send out email using Thunderbird, you
    >>>can read in the header:
    >>>
    >>>...
    >>>Received: from [192.168.xxx.xxx] (name.of.your.computer.net
    >>>[external.ip.xxx.xxx])
    >>>...
    >>>
    >>>That is, before the external IP+hostname there's also the internal

    >
    > IP
    >
    >>>listed.

    >>
    >>
    >>A message is recorded and stamped with the IP of the originating

    >
    > device.
    >
    >>
    >>--
    >>Mozilla Champion
    >>UFAQ - http://www.UFAQ.org
    >>Mozilla Champions - http://mozillachampions.mozdev.org
    >>Mozilla Manual - http://mozmanual.mozdev.org/

    >
    >


    How is that private? Its the address you are sending from

    A good firewall would suffice to protect the IP from any security threat
    (and thats your responsibility)

    An 'internal' IP is actually much safer than an external one actually.
    Consider, if someone tried to send anything to just that IP
    192.168.000.001 it could not be located, as that IP exists on thousands
    of internal systems, they require the connection IP as well

    the 192.168 blocks are reserved for internal addresses, heck even my
    computers use them for internal addressing as well, due to my use of a
    firewall.

    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 7, 2004
    #4
  5. scorpius

    :: BRIAN :: Guest

    On 11/14/2004 4:53 AM scorpius wrote:
    > Is there any special reason why Thunderbird is sending out internal IP
    > as well? For instance, if you send out email using Thunderbird, you
    > can read in the header:
    >
    > ...
    > Received: from [192.168.xxx.xxx] (name.of.your.computer.net
    > [external.ip.xxx.xxx])
    > ...
    >
    > That is, before the external IP+hostname there's also the internal IP
    > listed.


    Is Thunderbird adding them? Or is it your ISP? My ISP puts my assigned
    IP address in email headers no matter what program they are composed and
    sent with.
    --
    Brian

    Email Info -
    http://68.1.17.8/p0nykiller/email.htm
     
    :: BRIAN ::, Dec 8, 2004
    #5
  6. scorpius

    Guest

    True, but from the message source you can see sender's both internal
    and external IP. Makes it easier to hack, but also easier to track the
    abuse in larger networks/lans.
     
    , Dec 8, 2004
    #6
  7. scorpius

    Moz Champion Guest

    wrote:
    > True, but from the message source you can see sender's both internal
    > and external IP. Makes it easier to hack, but also easier to track the
    > abuse in larger networks/lans.
    >


    If a sender is concerned about hacking, then he/she should take the
    basic steps of protecting themselves. A simple firewall, even of the
    hardward kind is simply good sense, and protects the user from 'abuse'
    based on revealing their IP (external OR internal).

    And since it takes determined 'hacking' with both an external and
    internal IP to navigate, the question becomes why? Just what makes
    hacking into your IP (internal or external) so valuable for a hacker to
    risk jail time (if caught) - in most cases, nothing. A hacker capable of
    navigating both would soon move on to sites where he/she has at least
    the possibility of gaining something, like a bank site or such. What
    does a hacker stand to gain from anything on the normal users computer?

    In any case, does the user refuse to put his snail mail return address
    on a letter, because he might get an anthrax laced letter in return?

    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 9, 2004
    #7
  8. scorpius

    Guest

    Moz Champion schrieb:

    > wrote:
    >
    > And since it takes determined 'hacking' with both an external and
    > internal IP to navigate, the question becomes why? Just what makes
    > hacking into your IP (internal or external) so valuable for a hacker to
    > risk jail time (if caught) - in most cases, nothing. A hacker capable of
    > navigating both would soon move on to sites where he/she has at least
    > the possibility of gaining something, like a bank site or such. What
    > does a hacker stand to gain from anything on the normal users computer?


    Passwords, Online Banking Account Data, Email Addresses, Using the
    Computer to compromitt others and or DDoS attacks against other.

    Are that enough?

    Till then,
    Jan-Peter
     
    , Dec 9, 2004
    #8
  9. scorpius

    Moz Champion Guest

    wrote:

    > Moz Champion schrieb:
    >
    >> wrote:
    >>
    >> And since it takes determined 'hacking' with both an external and
    >> internal IP to navigate, the question becomes why? Just what makes
    >> hacking into your IP (internal or external) so valuable for a hacker
    >> to risk jail time (if caught) - in most cases, nothing. A hacker
    >> capable of navigating both would soon move on to sites where he/she
    >> has at least the possibility of gaining something, like a bank site or
    >> such. What does a hacker stand to gain from anything on the normal
    >> users computer?

    >
    >
    > Passwords, Online Banking Account Data, Email Addresses, Using the
    > Computer to compromitt others and or DDoS attacks against other.
    >
    > Are that enough?
    >
    > Till then,
    > Jan-Peter


    For a single user? Nonsense. If a hacker could hack that good he would
    target CEO's or Banks or some such where the rewards are greatly increased.
    And once again, use of a firewall negates the attacks anyway. A hacker
    cant load to your machine past your firewall. Email addresses are a dime
    a dozen, ask any spammer.

    The threat is overstated for most users. A hacker even if he knows your
    IP address is foiled if you have a firewall (even just a basic hardware
    one). My IP address is hanging out there everytime I post, yet anyone
    who tries to access it gets NOTHING, its completely stealthed, they cant
    even tell I am online.



    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 9, 2004
    #9
  10. scorpius

    Guest

    Moz Champion schrieb:

    > wrote:
    >
    >> Moz Champion schrieb:
    >>
    >>> wrote:
    >>>
    >>> And since it takes determined 'hacking' with both an external and
    >>> internal IP to navigate, the question becomes why? Just what makes
    >>> hacking into your IP (internal or external) so valuable for a hacker
    >>> to risk jail time (if caught) - in most cases, nothing. A hacker
    >>> capable of navigating both would soon move on to sites where he/she
    >>> has at least the possibility of gaining something, like a bank site
    >>> or such. What does a hacker stand to gain from anything on the normal
    >>> users computer?

    >>
    >>
    >>
    >> Passwords, Online Banking Account Data, Email Addresses, Using the
    >> Computer to compromitt others and or DDoS attacks against other.
    >>
    >> Are that enough?
    >>
    >> Till then,
    >> Jan-Peter

    >
    >
    > For a single user? Nonsense. If a hacker could hack that good he would
    > target CEO's or Banks or some such where the rewards are greatly increased.
    > And once again, use of a firewall negates the attacks anyway. A hacker
    > cant load to your machine past your firewall. Email addresses are a dime
    > a dozen, ask any spammer.
    >
    > The threat is overstated for most users. A hacker even if he knows your
    > IP address is foiled if you have a firewall (even just a basic hardware
    > one). My IP address is hanging out there everytime I post, yet anyone
    > who tries to access it gets NOTHING, its completely stealthed, they cant
    > even tell I am online.


    Wrong!

    The othe way round is the Point.

    First not the so called hackers nor the Script Kiddies are the Problem.

    there are many People out there that try to get your PC for exact the
    points I´ve mentioned.

    Not so long ago, there was a test how secure PC´s are. With Linux,XP
    with and without firewall and as far as I know MacOS X.
    After connecting them to the Internet the First try of Intrusion
    appeared after 4Minutes. I think that says all.

    And that´s because with hundreds of thousands of badly secured PC´s you
    can generate much more traffic than with hundreds of good secured Servers.

    There are poeople who are selling the power of compromised Private Pc´s
    for money to companys that are yusing them to distribute theyr Spam.

    Till then,
    Jan-Peter
     
    , Dec 9, 2004
    #10
  11. scorpius

    Moz Champion Guest

    wrote:

    > Moz Champion schrieb:
    >
    >> wrote:
    >>
    >>> Moz Champion schrieb:
    >>>
    >>>> wrote:
    >>>>
    >>>> And since it takes determined 'hacking' with both an external and
    >>>> internal IP to navigate, the question becomes why? Just what makes
    >>>> hacking into your IP (internal or external) so valuable for a hacker
    >>>> to risk jail time (if caught) - in most cases, nothing. A hacker
    >>>> capable of navigating both would soon move on to sites where he/she
    >>>> has at least the possibility of gaining something, like a bank site
    >>>> or such. What does a hacker stand to gain from anything on the
    >>>> normal users computer?
    >>>
    >>>
    >>>
    >>>
    >>> Passwords, Online Banking Account Data, Email Addresses, Using the
    >>> Computer to compromitt others and or DDoS attacks against other.
    >>>
    >>> Are that enough?
    >>>
    >>> Till then,
    >>> Jan-Peter

    >>
    >>
    >>
    >> For a single user? Nonsense. If a hacker could hack that good he would
    >> target CEO's or Banks or some such where the rewards are greatly
    >> increased.
    >> And once again, use of a firewall negates the attacks anyway. A hacker
    >> cant load to your machine past your firewall. Email addresses are a
    >> dime a dozen, ask any spammer.
    >>
    >> The threat is overstated for most users. A hacker even if he knows
    >> your IP address is foiled if you have a firewall (even just a basic
    >> hardware one). My IP address is hanging out there everytime I post,
    >> yet anyone who tries to access it gets NOTHING, its completely
    >> stealthed, they cant even tell I am online.

    >
    >
    > Wrong!
    >
    > The othe way round is the Point.
    >
    > First not the so called hackers nor the Script Kiddies are the Problem.
    >
    > there are many People out there that try to get your PC for exact the
    > points I´ve mentioned.
    >
    > Not so long ago, there was a test how secure PC´s are. With Linux,XP
    > with and without firewall and as far as I know MacOS X.
    > After connecting them to the Internet the First try of Intrusion
    > appeared after 4Minutes. I think that says all.
    >
    > And that´s because with hundreds of thousands of badly secured PC´s you
    > can generate much more traffic than with hundreds of good secured Servers.
    >
    > There are poeople who are selling the power of compromised Private Pc´s
    > for money to companys that are yusing them to distribute theyr Spam.
    >
    > Till then,
    > Jan-Peter


    You say it yourself, its UNSECURED systems that people get into.

    Besides, thats not the point.
    Do you park on the next street, hop a couple fences, and then go into
    your house, so people dont know your address, or do you pull into the
    driveway?
    Do you refuse to show your license as proof of ID, because it has your
    address on it?
    You never tell anyone your address, because it CAN be used to rob your
    house?

    So what. Someone knows I live at 123 Main Street Nowheresville, the door
    is still locked, the security systems are still in place. So whats the
    danger of someone knowing your address, which in computer nomenclature
    is your IP?

    Do you refuse to put your return address on snail mail you send? After
    all, its revealing where you live isnt it? Do you take your outbound
    snail mail to another town, so that folks who get it cant tell your
    approximate location from just the postage mark?

    An IP is just an address, nothing more.

    There is more 'house' crime than electronic computer crime currently.
    You are more subject to have a physical break in at your home than to
    have someone hack into your computer. You lock the doors to your house
    when you leave, even tho you know it wont absolutely STOP a thief.

    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 10, 2004
    #11
  12. scorpius

    Guest

    Moz Champion schrieb:
    > wrote:
    >
    >> Moz Champion schrieb:
    >>
    >>> wrote:
    >>>
    >>>> Moz Champion schrieb:
    >>>>
    >>>>> wrote:
    >>>>>
    >>>>> And since it takes determined 'hacking' with both an external and
    >>>>> internal IP to navigate, the question becomes why? Just what makes
    >>>>> hacking into your IP (internal or external) so valuable for a
    >>>>> hacker to risk jail time (if caught) - in most cases, nothing. A
    >>>>> hacker capable of navigating both would soon move on to sites where
    >>>>> he/she has at least the possibility of gaining something, like a
    >>>>> bank site or such. What does a hacker stand to gain from anything
    >>>>> on the normal users computer?
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> Passwords, Online Banking Account Data, Email Addresses, Using the
    >>>> Computer to compromitt others and or DDoS attacks against other.
    >>>>
    >>>> Are that enough?
    >>>>
    >>>> Till then,
    >>>> Jan-Peter
    >>>
    >>>
    >>>
    >>>
    >>> For a single user? Nonsense. If a hacker could hack that good he
    >>> would target CEO's or Banks or some such where the rewards are
    >>> greatly increased.
    >>> And once again, use of a firewall negates the attacks anyway. A
    >>> hacker cant load to your machine past your firewall. Email addresses
    >>> are a dime a dozen, ask any spammer.
    >>>
    >>> The threat is overstated for most users. A hacker even if he knows
    >>> your IP address is foiled if you have a firewall (even just a basic
    >>> hardware one). My IP address is hanging out there everytime I post,
    >>> yet anyone who tries to access it gets NOTHING, its completely
    >>> stealthed, they cant even tell I am online.

    >>
    >>
    >>
    >> Wrong!
    >>
    >> The othe way round is the Point.
    >>
    >> First not the so called hackers nor the Script Kiddies are the Problem.
    >>
    >> there are many People out there that try to get your PC for exact the
    >> points I´ve mentioned.
    >>
    >> Not so long ago, there was a test how secure PC´s are. With Linux,XP
    >> with and without firewall and as far as I know MacOS X.
    >> After connecting them to the Internet the First try of Intrusion
    >> appeared after 4Minutes. I think that says all.
    >>
    >> And that´s because with hundreds of thousands of badly secured PC´s
    >> you can generate much more traffic than with hundreds of good secured
    >> Servers.
    >>
    >> There are poeople who are selling the power of compromised Private
    >> Pc´s for money to companys that are yusing them to distribute theyr Spam.
    >>
    >> Till then,
    >> Jan-Peter

    >
    >
    > You say it yourself, its UNSECURED systems that people get into.


    Aprroximately 90% of the Private PC´s on the Internet

    > Besides, thats not the point.
    > Do you park on the next street, hop a couple fences, and then go into
    > your house, so people dont know your address, or do you pull into the
    > driveway?
    > Do you refuse to show your license as proof of ID, because it has your
    > address on it?
    > You never tell anyone your address, because it CAN be used to rob your
    > house?
    >
    > So what. Someone knows I live at 123 Main Street Nowheresville, the door
    > is still locked, the security systems are still in place. So whats the
    > danger of someone knowing your address, which in computer nomenclature
    > is your IP?
    >
    > Do you refuse to put your return address on snail mail you send? After
    > all, its revealing where you live isnt it? Do you take your outbound
    > snail mail to another town, so that folks who get it cant tell your
    > approximate location from just the postage mark?
    >
    > An IP is just an address, nothing more.


    That is wrong If I give My streetaddress I am the only one that get´s
    the Spam

    If anyone can break into my Computer because of my IP all the others in
    the Net will gett the Spam and I have to pay for it.

    > There is more 'house' crime than electronic computer crime currently.
    > You are more subject to have a physical break in at your home than to
    > have someone hack into your computer. You lock the doors to your house
    > when you leave, even tho you know it wont absolutely STOP a thief.


    Same as above if anyone broke into my appartment only I am robbed in the
    Internet everyone else is to.

    Jan-Peter
     
    , Dec 10, 2004
    #12
  13. scorpius

    Z Guest

    Moz Champion wrote:
    >> True, but from the message source you can see sender's both internal
    >> and external IP. Makes it easier to hack, but also easier to track the
    >> abuse in larger networks/lans.


    > If a sender is concerned about hacking, then he/she should take the
    > basic steps of protecting themselves. A simple firewall, even of the
    > hardward kind is simply good sense, and protects the user from 'abuse'
    > based on revealing their IP (external OR internal).
    >
    > And since it takes determined 'hacking' with both an external and
    > internal IP to navigate, the question becomes why? Just what makes
    > hacking into your IP (internal or external) so valuable for a hacker to
    > risk jail time (if caught) - in most cases, nothing. A hacker capable of
    > navigating both would soon move on to sites where he/she has at least
    > the possibility of gaining something, like a bank site or such. What
    > does a hacker stand to gain from anything on the normal users computer?
    >
    > In any case, does the user refuse to put his snail mail return address
    > on a letter, because he might get an anthrax laced letter in return?


    The question that is still unanswered is "Why is Thunderbird doing this?"

    Is there a good reason to tag e-mail with this extra information?

    If so, let's hear it.
     
    Z, Dec 12, 2004
    #13
  14. scorpius

    Z Guest

    Moz Champion wrote:
    > You say it yourself, its UNSECURED systems that people get into.


    And Thunderbird is making this _easier_.

    Why?
     
    Z, Dec 12, 2004
    #14
  15. scorpius

    Moz Champion Guest

    wrote:

    > Moz Champion schrieb:
    >
    >> wrote:
    >>
    >>> Moz Champion schrieb:
    >>>
    >>>> wrote:
    >>>>
    >>>>> Moz Champion schrieb:
    >>>>>
    >>>>>> wrote:
    >>>>>>
    >>>>>> And since it takes determined 'hacking' with both an external and
    >>>>>> internal IP to navigate, the question becomes why? Just what makes
    >>>>>> hacking into your IP (internal or external) so valuable for a
    >>>>>> hacker to risk jail time (if caught) - in most cases, nothing. A
    >>>>>> hacker capable of navigating both would soon move on to sites
    >>>>>> where he/she has at least the possibility of gaining something,
    >>>>>> like a bank site or such. What does a hacker stand to gain from
    >>>>>> anything on the normal users computer?
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> Passwords, Online Banking Account Data, Email Addresses, Using the
    >>>>> Computer to compromitt others and or DDoS attacks against other.
    >>>>>
    >>>>> Are that enough?
    >>>>>
    >>>>> Till then,
    >>>>> Jan-Peter
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> For a single user? Nonsense. If a hacker could hack that good he
    >>>> would target CEO's or Banks or some such where the rewards are
    >>>> greatly increased.
    >>>> And once again, use of a firewall negates the attacks anyway. A
    >>>> hacker cant load to your machine past your firewall. Email addresses
    >>>> are a dime a dozen, ask any spammer.
    >>>>
    >>>> The threat is overstated for most users. A hacker even if he knows
    >>>> your IP address is foiled if you have a firewall (even just a basic
    >>>> hardware one). My IP address is hanging out there everytime I post,
    >>>> yet anyone who tries to access it gets NOTHING, its completely
    >>>> stealthed, they cant even tell I am online.
    >>>
    >>>
    >>>
    >>>
    >>> Wrong!
    >>>
    >>> The othe way round is the Point.
    >>>
    >>> First not the so called hackers nor the Script Kiddies are the Problem.
    >>>
    >>> there are many People out there that try to get your PC for exact the
    >>> points I´ve mentioned.
    >>>
    >>> Not so long ago, there was a test how secure PC´s are. With Linux,XP
    >>> with and without firewall and as far as I know MacOS X.
    >>> After connecting them to the Internet the First try of Intrusion
    >>> appeared after 4Minutes. I think that says all.
    >>>
    >>> And that´s because with hundreds of thousands of badly secured PC´s
    >>> you can generate much more traffic than with hundreds of good secured
    >>> Servers.
    >>>
    >>> There are poeople who are selling the power of compromised Private
    >>> Pc´s for money to companys that are yusing them to distribute theyr
    >>> Spam.
    >>>
    >>> Till then,
    >>> Jan-Peter

    >>
    >>
    >>
    >> You say it yourself, its UNSECURED systems that people get into.

    >
    >
    > Aprroximately 90% of the Private PC´s on the Internet
    >
    >> Besides, thats not the point.
    >> Do you park on the next street, hop a couple fences, and then go into
    >> your house, so people dont know your address, or do you pull into the
    >> driveway?
    >> Do you refuse to show your license as proof of ID, because it has your
    >> address on it?
    >> You never tell anyone your address, because it CAN be used to rob your
    >> house?
    >>
    >> So what. Someone knows I live at 123 Main Street Nowheresville, the
    >> door is still locked, the security systems are still in place. So
    >> whats the danger of someone knowing your address, which in computer
    >> nomenclature is your IP?
    >>
    >> Do you refuse to put your return address on snail mail you send? After
    >> all, its revealing where you live isnt it? Do you take your outbound
    >> snail mail to another town, so that folks who get it cant tell your
    >> approximate location from just the postage mark?
    >>
    >> An IP is just an address, nothing more.

    >
    >
    > That is wrong If I give My streetaddress I am the only one that get´s
    > the Spam
    >
    > If anyone can break into my Computer because of my IP all the others in
    > the Net will gett the Spam and I have to pay for it.
    >
    >> There is more 'house' crime than electronic computer crime currently.
    >> You are more subject to have a physical break in at your home than to
    >> have someone hack into your computer. You lock the doors to your
    >> house when you leave, even tho you know it wont absolutely STOP a thief.

    >
    >
    > Same as above if anyone broke into my appartment only I am robbed in the
    > Internet everyone else is to.
    >
    > Jan-Peter


    If anyone can break into your computer then its because YOU havent
    secured it well enough! Not because someone knows its IP!

    Its YOUR responsibility to protect your computer

    An IP is simply an address, nothing more. Look at my headers, see the IP
    there? Thats mine, yet it doesnt allow you to do anything at all with my
    computer, nothing. Its about as much benefit as knowing my street
    address, you cant just walk over and enter my house, as it is secured
    relative to the value of the contents

    Its YOUR job to lock your doors, and 'secure' your house, not prevent
    people from knowing your address.
    Its YOUR job to protect your computer, and 'secure' it, not prevent
    anyone from knowing its address

    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 12, 2004
    #15
  16. scorpius

    Moz Champion Guest

    Z wrote:

    > Moz Champion wrote:
    >
    >> You say it yourself, its UNSECURED systems that people get into.

    >
    >
    > And Thunderbird is making this _easier_.
    >
    > Why?


    How is Thunderbird making it easier?

    knowing the IP of a computer doesnt make it easier, if the computer is
    properly protected in the first place.

    For example, take a look at my headers, they show my IP (and always have
    for over 10 years now), yet if you try you wont even be able to tell
    that ANYTHING is connected at my end (completely stealthed)

    Once more, does printing your address on your drivers license, which is
    often produced as ID, make it easier to rob your house or break into it?
    Does printing your return mail address on a snail mail envelope make it
    easier to break into your house?

    You lock the windows and doors to your house to provide at least a
    minimal level of security, yet you dont do that with your computer?

    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 12, 2004
    #16
  17. scorpius

    Moz Champion Guest

    Z wrote:

    > Moz Champion wrote:
    >
    >>> True, but from the message source you can see sender's both internal
    >>> and external IP. Makes it easier to hack, but also easier to track the
    >>> abuse in larger networks/lans.

    >
    >
    >> If a sender is concerned about hacking, then he/she should take the
    >> basic steps of protecting themselves. A simple firewall, even of the
    >> hardward kind is simply good sense, and protects the user from 'abuse'
    >> based on revealing their IP (external OR internal).
    >>
    >> And since it takes determined 'hacking' with both an external and
    >> internal IP to navigate, the question becomes why? Just what makes
    >> hacking into your IP (internal or external) so valuable for a hacker
    >> to risk jail time (if caught) - in most cases, nothing. A hacker
    >> capable of navigating both would soon move on to sites where he/she
    >> has at least the possibility of gaining something, like a bank site or
    >> such. What does a hacker stand to gain from anything on the normal
    >> users computer?
    >>
    >> In any case, does the user refuse to put his snail mail return address
    >> on a letter, because he might get an anthrax laced letter in return?

    >
    >
    > The question that is still unanswered is "Why is Thunderbird doing this?"
    >
    > Is there a good reason to tag e-mail with this extra information?
    >
    > If so, let's hear it.


    Because all mail clients do it?
    Because it makes it more difficult for people to hack?
    Because it allows tracing of messages?

    How do you think they caught Mafia Boy, or the guy who wrote I Love You?
    How do you think they fight spammers, to figure out where they are
    sending from?

    Its not EXTRA information, its your address!

    --
    Mozilla Champion
    UFAQ - http://www.UFAQ.org
    Mozilla Champions - http://mozillachampions.mozdev.org
    Mozilla Manual - http://mozmanual.mozdev.org/
     
    Moz Champion, Dec 12, 2004
    #17
  18. On Sun, 12 Dec 2004 10:26:02 GMT, Moz Champion wrote in
    news:_0Vud.1078674$
    et:

    > Z wrote:
    >
    >> Moz Champion wrote:
    >>
    >>> You say it yourself, its UNSECURED systems that people
    >>> get into.

    >>
    >>
    >> And Thunderbird is making this _easier_.
    >>
    >> Why?

    >
    > How is Thunderbird making it easier?
    >
    > knowing the IP of a computer doesnt make it easier, if the
    > computer is properly protected in the first place.
    >
    > For example, take a look at my headers, they show my IP
    > (and always have for over 10 years now), yet if you try you
    > wont even be able to tell that ANYTHING is connected at my
    > end (completely stealthed)
    >
    > Once more, does printing your address on your drivers
    > license, which is often produced as ID, make it easier to
    > rob your house or break into it? Does printing your return
    > mail address on a snail mail envelope make it easier to
    > break into your house?
    >
    > You lock the windows and doors to your house to provide at
    > least a minimal level of security, yet you dont do that
    > with your computer?
    >


    It's time for another plug for Steve Gibson's public service
    site with its tools for evaluating one's security:
    http://www.grc.com

    Flatus
     
    Flatus Ohlfahrt, Dec 12, 2004
    #18
  19. scorpius

    Z Guest

    Moz Champion wrote:
    >> The question that is still unanswered is "Why is Thunderbird doing this?"
    >> Is there a good reason to tag e-mail with this extra information?
    >> If so, let's hear it.


    > Because all mail clients do it?


    Not true.

    Outlook Express 6 : not tagged with my internal IP
    Received from: from m1...

    Thunderbird 1.0 : tagged with my internal IP
    Received from: from 192.168...

    OE 6 tags outgoing e-mail with my computer name, which is useless to TCP
    hackers.


    > Because it makes it more difficult for people to hack?


    Assuming the "Received from" information on an e-mail message is
    correct, it's the _external_ IP that is the key to tracking the true sender.


    > Because it allows tracing of messages?


    The external IP allows for that.


    > How do you think they caught Mafia Boy, or the guy who wrote I Love You?


    They caught both of those malcontents because their e-mails were tagged
    with their internal LAN IPs?


    > Its not EXTRA information, its your address!


    To use your own "home" analogy, it's a map to the inside of my home that
    gets appended to every single e-mail I send with Thunderbird.

    I'm rather surprise that OE, for all its huge holes and warts, is better
    than Thunderbird at keeping the road map to my internal network private.
     
    Z, Dec 12, 2004
    #19
  20. scorpius

    Tx2 Guest

    In article <A2vtd.407345$a85.156607@fed1read04>, :: BRIAN :: <user@
    127.0.1.1>, a.k.a says...


    > Is Thunderbird adding them? Or is it your ISP? My ISP puts my assigned
    > IP address in email headers no matter what program they are composed and
    > sent with


    Not your internal LAN one they don't.
     
    Tx2, Dec 12, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jens Meyer
    Replies:
    3
    Views:
    2,221
    Walter Roberson
    Nov 9, 2003
  2. jaygreg

    Revealing IP Addresses

    jaygreg, Aug 6, 2006, in forum: Computer Security
    Replies:
    4
    Views:
    621
    Sebastian Gottschalk
    Aug 6, 2006
  3. Radium

    I would like "" to answer my question

    Radium, Aug 25, 2007, in forum: Computer Support
    Replies:
    3
    Views:
    604
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Aug 26, 2007
  4. hanson

    Re: Cameras Create Highly Revealing Snapshots

    hanson, Jul 2, 2011, in forum: Digital Photography
    Replies:
    15
    Views:
    468
    Anton Shepelev
    Jul 6, 2011
  5. Martijn Lievaart

    HSRP: virtual IPs without real IPs?

    Martijn Lievaart, Feb 9, 2012, in forum: Cisco
    Replies:
    4
    Views:
    1,182
    Martijn Lievaart
    Feb 15, 2012
Loading...

Share This Page