- NZNOG - lists.nznog.org

Notification of NZRR Database changes
by NZRR Database Notifications 19 Sep '05

19 Sep '05

Dear Colleague, This is to notify you that some object(s) in NZRR database which you either maintain or are listed as to-be-notified have been added, deleted or changed. These objects are used to configure the various NZIX route servers (http://nzix.net/) so you can expect the relevant servers to be reloaded in the near future. The reloading of the servers is staggered over a period of time so that if you are peering with both servers at an exchange, you can maintain at least one BGP session at all times and consequently a full set of routes. --- PREVIOUS OBJECT: route-set: AS9439:RS-ROUTES:AS23655 descr: advertised to AS9439 by Snap Internet Limited - AS23655 members: 132.181.0.0/16^16-29, 202.124.96.0/19^19-29, 203.97.28.0/22^22-29, 202.27.186.0/23^23-29, 202.36.178.0/23^23-29, 202.36.218.0/23^23-29, 202.37.100.0/23^23-29, 202.37.124.0/23^23-29, 210.55.30.0/23^23-29, 210.55.206.0/23^23-29, 192.156.225.0/24^24-29, 202.50.117.0/24^24-29, 202.50.169.0/24^24-29, 210.54.15.0/24^24-29, 210.55.4.0/24^24-29, 210.55.7.0/24^24-29 admin-c: RPA1-NZRR tech-c: RPA1-NZRR notify: rpsl-admin(a)nzix.net notify: nznog(a)list.waikato.ac.nz notify: noc(a)snap.net.nz mnt-by: MAINT-NZRR-NZ changed: rpsl-admin(a)nzix.net 20050913 source: NZRR REPLACED BY: route-set: AS9439:RS-ROUTES:AS23655 descr: advertised to AS9439 by Snap Internet Limited - AS23655 members: 132.181.0.0/16^16-29, 202.124.96.0/20^20-29, 203.97.28.0/22^22-29, 202.27.186.0/23^23-29, 202.36.178.0/23^23-29, 202.36.218.0/23^23-29, 202.36.220.0/23^23-29, 202.37.100.0/23^23-29, 202.37.124.0/23^23-29, 202.49.120.0/23^23-29, 210.55.30.0/23^23-29, 210.55.206.0/23^23-29, 192.156.225.0/24^24-29, 202.49.115.0/24^24-29, 202.49.125.0/24^24-29, 202.50.117.0/24^24-29, 202.50.169.0/24^24-29, 203.96.112.0/24^24-29, 210.54.15.0/24^24-29, 210.55.4.0/24^24-29, 210.55.7.0/24^24-29 admin-c: RPA1-NZRR tech-c: RPA1-NZRR notify: rpsl-admin(a)nzix.net notify: nznog(a)list.waikato.ac.nz notify: noc(a)snap.net.nz mnt-by: MAINT-NZRR-NZ changed: rpsl-admin(a)nzix.net 20050920 source: NZRR

1 0

Price list from kevin
by Kevn Wong 18 Sep '05

18 Sep '05

Dear sir, How is your weekend? I'm kevin from Pcarcher data Technology Ltd. We are a manufacturer and Exporter from china, we make and sell the VGA Card and networking products. We have our own factory, the factory are with 4 STM product line, and all products go out the door of factory after double QA and QC, so we can deliever the goods to our client within 4 working day after we get client's payment, and we can supply 13 months warranty to our client, hope that we can do the business with you, I believe we will become your good supplier, and supply the best products and service to you. Enclosed is our price list of these products, please check it, hope that you can find some you products which you like, looking forward to hearing from you again, anyways thanks for your support. My msn is w_qifan(a)hotmail.com. Cisco 1721 US$300.00/Pcs WS-C2950-24 US$310.00/Pcs WS-C2950T-24 US$450.00/Pcs 2610XM US$700.00/Pcs 2620XM US$710.00/Pcs 2621XM US$710.00.Pcs BTW now we have the DI-524 and DI-624 in stock, they are original products, and our offer are follows, please check it. DI-524 US$29.0/Pcs 54Mbps http://www.dlink.com/products/?pid=316 DI-624 US$40.5/Pcs 108Mbps http://www.dlink.com/products/?pid=6 Have a nice day Best Regards Kevin Pcarcher Data Tehcnology Ltd Room 2106, BaoAn Plaza, ShenNan Road,Shen Zhen City,China Tel: +86 755 82818860 Fax: +86 755 82818640

2 1

Re: [nznog] New phish - Westpac
by Simon Allard 18 Sep '05

18 Sep '05

> > Phising is no different to putting a skimmer and camera onto an ATM > machine and stealing the card details and pin numbers. Infact, how many of you check for skimmers and cameras before putting your card into an ATM or make sure the clerk behind the desk doesn't skim your credit card before giving it back? I would say not many people would. How is that any different from an average internet person and a phising website?

1 0

Re: [nznog] New phish - Westpac
by Simon Allard 18 Sep '05

18 Sep '05

> > You will need to come into the branch and do it there. > > > > If you do follow links and get stung then we'll treat it along the same > lines > > as "so you met this guy in a pub and he said 'can I borrow your ATM card > and > > pin number for ten minutes'.....". You can't compare a Phising site to that. The user doesn't know they are entering details into a trojaned website. Phising is no different to putting a skimmer and camera onto an ATM machine and stealing the card details and pin numbers.

1 0

Re: [nznog] New phish - Westpac
by Joel Van Velden 18 Sep '05

18 Sep '05

> >> >> Wait until the phishers catchup with the normal spammers and make the > IP >> of their websites move every 10 minutes. Personally I'm surprised it >> hasn't happened already, certainly it will happen if people get > efficient >> at blocking single IPs. > > That's why it's better done at the ISP level. > > If they have web caches which transparently proxy everything. (dunno how > many isp's still do this). But the URL itself can be blocked rather than > the IP. > > Carriers shouldn't block IP's IMHO. Can't ISP's just intercept http traffic destined for phishers' sites (based on url matching, not ip) and display a nice html message to the user how their bank account would have been cleaned out if it hadn't been for their nice friendly isp? :) Certainly blatantly blocking ip's at carrier level is rather nasty. what happens if that IP is a large virtual host server? Replacing content (as above) at least allows you to make it obvious to all users whats happening. -Joel > > Simon Allard > ihug Limited > > P +64 9 962 9827 > M +64 21 456 412 > E simon.allard(a)staff.ihug.co.nz > > _______________________________________________ > NZNOG mailing list > NZNOG(a)list.waikato.ac.nz > http://list.waikato.ac.nz/mailman/listinfo/nznog > >

2 1

Re: [nznog] New phish - Westpac
by Simon Allard 18 Sep '05

18 Sep '05

> I don't buy this line of reasoning any more. Don't open attachments > from people you don't know. Don't open attachments from people you do > know. Don't open attachments that have innocent looking icons like a > text file. Don't preview emails that have attachments. Now we're in an > arms race where trying to send any email attachments around the internet > is a sure fire way of getting someone to blackhole your entire email for > "malicious content"[1]. Even experienced users running around with all > the latest antivirus and ad zappers and everything can *still* > occasionally get infected with spyware.[2] How do you expect users to > keep up? I agree with this comment. If user education worked, ISP's wouldn't be hit with high call volumes when the big viruses hits. ISP's wouldn't need to have big virus/spam servers in front of their mail farms. Too many stupid users, and when those stupid users become educated, there are new stupid users who take their place. It's a never ending cycle. Every time a user rings the helpdesk, it hits the ISP's bottom line, hence why a lot of ISP's are in favour of blocking phising/virus ports etc. But I don't understand why carriers block stuff. Simon Allard ihug Limited P +64 9 962 9827 M +64 21 456 412 E simon.allard(a)staff.ihug.co.nz > _______________________________________________ > NZNOG mailing list > NZNOG(a)list.waikato.ac.nz > http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

Re: [nznog] New phish - Westpac
by Gordon Smith 18 Sep '05

18 Sep '05

It's a typical spammer setup that's using zombies to provide DNS. Makes it more difficult to shut them down. The web server is located in India. We've already notified them of the compromised host, and also asked joker.com to pull the domains. Both this domain, and the domains that the nameservers respond to, are bogus. I'm not going to hold my breath waiting for joker to act though :-) Cheers, Gordon

5 5

Re: [nznog] New phish - Westpac
by Gavin Legge 18 Sep '05

18 Sep '05

<start drivvel> well well we have come full circle.. So who's going to gauge what will and wont get through ay. I'm all for letting people choose themselves. If they don't like what they see - they can unplug. It's a big scary world out there ay... It's like the isp's/transport providers are the highways. If people wanna walk out in front of a car on your highway (even though it's obviously a big truck that's gonna run them down badly disguised as a phishing scam.. - well - they have been warned. They had to learn to walk in real life- maybe they should learn to 'walk' in 'our virtual world' ie fall over some of the pitfalls - just like we all have done at some time.. You cant protect everyone all the time. So many standards of wrong and right and possibly no right answer. </end drivvel> This is the bit where I go quiet again - after all I don't even work for an ISP any more! Shudder... -----Original Message----- From: David Robb [mailto:ender(a)paradise.gen.nz] Sent: Monday, 19 September 2005 4:28 p.m. To: Russell Sharpe Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] New phish - Westpac On Mon, 19 Sep 2005, Russell Sharpe wrote: > I guess from a morality point of view... > Is it in an ISP's best interest to protect its customers interests? If you want to involve morality... many people don't like pornography. There's lots of it out there. Should we block it? --David _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. MailScanner Supplied by ITS-HelpDesk. ext 4001 or email helpdesk(a)irl.cri.nz-- This electronic transmission and any documents accompanying this electronic transmission contain confidential information belonging to the sender. This information may be legally privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on or regarding the contents of this electronically transmitted information is strictly prohibited.

1 0

Re: [nznog] New phish - Westpac
by neil gardner 18 Sep '05

18 Sep '05

>>>> Andy Linton <asjl(a)citylink.co.nz> 19/09/2005 4:15 p.m. >>> >> So you say it's ok for bank phishing. What about ebay/trademe/other >> auction/sales sites? > >Perhaps the correct response is some (more) user education and then allow >evolution to take over - those people who are too stupid to work this out lose >all their money and then they can't use the Internet any more. While ISPs will >lose revenue from them they're probably the ones who cause 90% of the help >desk calls and so profitability goes up and we all get more time for beer. On a more general level it's a simple economic problem and we shouldn't be expending that much energy into finding a technical solution. The current level of bank fraud is _obviously_ acceptable to the banking institutions (1)... When it becomes unacceptable then we'll see more secure (yes, less convenient) methods of conducting e-banking. We'll probably also see the banks seriously publicise the issues and most importantly, we'll see the banks start shying away from accepting financial responsibility for these phished transactions - currently they wear most of the losses. Regards Neil Gardner (1) They are obviously acceptable because we haven't seen the banks go ballistic to close this down from their end - don't think they don't know how, or can't afford it... It's just more trouble than it's currently worth. If we keep trying to solve the problem from a technical perspective, the attacks just get better, and the banks get to sit (relatively) idly by and not have to solve the root problems. Neil Gardner Product Manager - Product Line Management Allied Telesyn Research Ltd New Zealand +64 3 339-9509 (ph) +64 3 339-3001 (fax) NOTICE: This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify Allied Telesyn Research Ltd immediately. Any views expressed in this message are those of the individual sender, except where the sender has the authority to issue and specifically states them to be the views of Allied Telesyn Research.

1 0

Re: [nznog] New phish - Westpac
by Simon Allard 18 Sep '05

18 Sep '05

> > Wait until the phishers catchup with the normal spammers and make the IP > of their websites move every 10 minutes. Personally I'm surprised it > hasn't happened already, certainly it will happen if people get efficient > at blocking single IPs. That's why it's better done at the ISP level. If they have web caches which transparently proxy everything. (dunno how many isp's still do this). But the URL itself can be blocked rather than the IP. Carriers shouldn't block IP's IMHO. Simon Allard ihug Limited P +64 9 962 9827 M +64 21 456 412 E simon.allard(a)staff.ihug.co.nz

1 0