Re: [nznog] New phish - Westpac
It's a typical spammer setup that's using zombies to provide DNS. Makes it more difficult to shut them down. The web server is located in India. We've already notified them of the compromised host, and also asked joker.com to pull the domains. Both this domain, and the domains that the nameservers respond to, are bogus. I'm not going to hold my breath waiting for joker to act though :-) Cheers, Gordon
Gordon Smith wrote:
I'm not going to hold my breath waiting for joker to act though :-)
traceroute secwestpac.com
Looks like GG has killed the route outbound from New Zealand traceroute to secwestpac.com (210.212.134.2), 64 hops max, 44 byte packets 1 drew.router.bw (10.4.6.254) 0.709 ms 0.474 ms 0.533 ms 2 dsl.bw (10.10.69.254) 1.703 ms 1.554 ms 1.505 ms 3 219-88-160-1.jetstream.xtra.co.nz (219.88.160.1) 139.575 ms 73.358 ms 143.285 ms 4 203.96.122.59 (203.96.122.59) 77.224 ms 184.149 ms 105.514 ms 5 fid-int.tkbr4.global-gateway.net.nz (202.50.245.198) 60.790 ms 65.843 ms 59.394 ms 6 vlan-283.tkbr4.global-gateway.net.nz (202.50.245.197) 59.068 ms 58.437 ms 59.557 ms 7 210.55.202.65 (210.55.202.65) 59.215 ms !H * 59.743 ms !H
On Mon, 19 Sep 2005, Drew Broadley wrote:
Gordon Smith wrote:
I'm not going to hold my breath waiting for joker to act though :-)
Looks like GG has killed the route outbound from New Zealand
Having worked for various isps/carriers over the last few years, and been faced with requests to do this from time to time, I'm interested to know what people think about the blocking of such sites. Is it ok for an ISP to do? Is it ok for a Telco/Carrier to do? (difference being that they've probably got more - or even all - of the ISPs behind them, who then don't get a choice) Are there alternatives? --David
On Mon, 19 Sep 2005, David Robb wrote:
Are there alternatives?
Wait until the phishers catchup with the normal spammers and make the IP of their websites move every 10 minutes. Personally I'm surprised it hasn't happened already, certainly it will happen if people get efficient at blocking single IPs. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
Simon Lyall wrote:
On Mon, 19 Sep 2005, David Robb wrote:
Are there alternatives?
Wait until the phishers catchup with the normal spammers and make the IP of their websites move every 10 minutes. Personally I'm surprised it hasn't happened already, certainly it will happen if people get efficient at blocking single IPs.
*troll* Bring on DNS based routing/firewalling !
On 9/19/05, David Robb
Having worked for various isps/carriers over the last few years, and been faced with requests to do this from time to time, I'm interested to know what people think about the blocking of such sites.
Is it ok for an ISP to do? Is it ok for a Telco/Carrier to do? (difference being that they've probably got more - or even all - of the ISPs behind them, who then don't get a choice)
Are there alternatives?
"This new application provides the most comprehensive array of optimization and content management options currently available for cable operators and internet protocol service providers seeking to selectively disable undesirable network traffic and improve service levels on their networks. Applications such as Skype, Peer-2-Peer (P2P) messaging, streaming media and instant messaging increasingly cause congestion on service provider networks and interrupt or degrade service for other critical applications." http://www.verso.com/news/article.asp?ID=296 As soon as you start applauding at best partial technical control of "evil," you are potentially opening the door to a far wider range of impositions that might violate your idea of "good.". One might hope the competitive market place might route around such damage, but...
--David
Hamish. -- http://del.icio.us/Hamish.MacEwan
participants (5)
-
David Robb -
Drew Broadley -
Gordon Smith -
Hamish MacEwan -
Simon Lyall