
Ask HN: Are business IP addresses confidential information? - obituary_latte
Our company uses office365 for email among other things. Wordpress for www. This is just one more method of hiding our offices IP address from potential attackers. I assume that the better our IP address is hidden, the more effort it would take to attack our firewall to try and infiltrate our network. I also implement things like policies preventing external resources in email and stringent port and website filtering. In addition, we pay for all available security enhancements offered by vendors (e.g. O365 advanced threat protection, safelinks, DLP, etc.).<p>In O365, I have strict spam filtering policies and safe links enabled. One of the features of this service is quarantining suspicious email. In this quarantine, you can review emails and delete or release them and mark sender as safe as part of the workflow. In this quarantine, one of the tools is a “preview” where you can see the original email. I noticed that despite lack of warnings about dangers of viewing the original emails, this preview was rendering images that are embedded in the emails. Even though safelinks is enabled and the src endpoints reflect this in the code, I wondered how the images were being served. So I set up a test to send myself an email designed to get caught and quarantined with an embedded image referring an image on a server I have in the cloud. I monitored the http logs as I opened the quarantined email preview and sure enough my local IP address appeared in the http log.<p>We are a small firm in the high net-worth financial services industry and am concerned that my local IP could be leaked this way. A determined attacker could theoretically use this avenue to find our local office IP to start attacking directly.<p>I reported to Microsoft and they replied that ip addresses aren’t confidential info and as such no action to fix would be made.<p>Am I just paranoid here and should IP addresses be considered confidential information in this day and age?
======
based2
[https://stackoverflow.com/questions/1298588/should-ip-
addres...](https://stackoverflow.com/questions/1298588/should-ip-addresses-
and-ports-be-considered-confidential)

------
Nextgrid
Any website you visit knows your IP address. If there was a danger associated
with that the web would've collapsed already.

~~~
obituary_latte
I guess the difference here is the targeting.

