Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Renan Nepomuceno on January 17, 2003, 09:24:14 AM

Title: bugs on e-smith or security flaws
Post by: Renan Nepomuceno on January 17, 2003, 09:24:14 AM

To All,

       I just test the e-smith 5.5 proxy server and use a windows 98 PC to connect the internet and it appears that my private ip which was 192.168.40.23 was detected by the site www.taruo.net (this site is a japanese if you want to test just go to the site and click the the 3rd button).

      Do you think this is squid problem which is regards to transparency of the squid or should it be integrate with masquarading.

Thanks in advance
  renan

Title: Re: bugs on e-smith or security flaws
Post by: Nate on January 17, 2003, 10:11:32 AM

Seeing an ip address isn't a security flaw, at least IMO.  Especially when  it's a 192.168 address that won't 'fly' across the net anyway.

Title: Re: bugs on e-smith or security flaws
Post by: Renan Nepomuceno on January 17, 2003, 01:02:03 PM

NATE,
 
       Yes Nate your correct that 192.168's ip isn't routable on internet but seeing your private ip on the net, to my opinion is not correct and may cause you a security breaches because hacker can penetrate to your network.

best regards,
 renan

Title: Re: bugs on e-smith or security flaws
Post by: Terry Brummell on January 17, 2003, 01:07:51 PM

This thread may help...

http://forums.contribs.org/index.php?topic=6479.msg23272#msg23272

Title: Re: bugs on e-smith or security flaws
Post by: Gordon Rowell on January 21, 2003, 01:43:50 AM

Please report any security issues, or suspected security issues,  with
the Mitel Networks SME Server (nee e-smith server and gateway) to:

     smesecurity@mitel.com

and only to that address.

As with all products, you should contact the vendor (in this case,
Mitel Networks), for any security related issues. You should not
post them to open discussion forums.

Thanks,

Gordon