On Mon, 19 Sep 2005, Jeremy Strachan wrote:
> Given the alternative is our users bank accounts being cleaned out - I'm
> all for Telco and/or ISP's blocking access to the site.
So you say it's ok for bank phishing. What about ebay/trademe/other
What if it were for Live Journal?
This is to notify you that some object(s) in NZRR database
which you either maintain or are listed as to-be-notified have
been added, deleted or changed.
These objects are used to configure the various NZIX route
servers (http://nzix.net/) so you can expect the relevant
servers to be reloaded in the near future. The reloading
of the servers is staggered over a period of time so that
if you are peering with both servers at an exchange, you
can maintain at least one BGP session at all times and
consequently a full set of routes.
descr: advertised to AS9439 by Snap Internet Limited - AS23655
changed: rpsl-admin(a)nzix.net 20050913
descr: advertised to AS9439 by Snap Internet Limited - AS23655
changed: rpsl-admin(a)nzix.net 20050920
How is your weekend?
I'm kevin from Pcarcher data Technology Ltd. We are a manufacturer and Exporter from china, we make and sell the VGA Card and networking products. We have our own factory, the factory are with 4 STM product line, and all products go out the door of factory after double QA and QC, so we can deliever the goods to our client within 4 working day after we get client's payment, and we can supply 13 months warranty to our client, hope that we can do the business with you, I believe we will become your good supplier, and supply the best products and service to you.
Enclosed is our price list of these products, please check it, hope that you can find some you products which you like, looking forward to hearing from you again, anyways thanks for your support. My msn is w_qifan(a)hotmail.com.
Cisco 1721 US$300.00/Pcs
BTW now we have the DI-524 and DI-624 in stock, they are original products, and our offer are follows, please check it.
DI-524 US$29.0/Pcs 54Mbps
DI-624 US$40.5/Pcs 108Mbps
Have a nice day
Pcarcher Data Tehcnology Ltd
Room 2106, BaoAn Plaza, ShenNan Road,Shen Zhen City,China
Tel: +86 755 82818860
Fax: +86 755 82818640
> Phising is no different to putting a skimmer and camera onto an ATM
> machine and stealing the card details and pin numbers.
Infact, how many of you check for skimmers and cameras before putting
your card into an ATM or make sure the clerk behind the desk doesn't
skim your credit card before giving it back?
I would say not many people would.
How is that any different from an average internet person and a phising
> > You will need to come into the branch and do it there.
> > If you do follow links and get stung then we'll treat it along the
> > as "so you met this guy in a pub and he said 'can I borrow your ATM
> > pin number for ten minutes'.....".
You can't compare a Phising site to that. The user doesn't know they are
entering details into a trojaned website.
Phising is no different to putting a skimmer and camera onto an ATM
machine and stealing the card details and pin numbers.
>> Wait until the phishers catchup with the normal spammers and make the
>> of their websites move every 10 minutes. Personally I'm surprised it
>> hasn't happened already, certainly it will happen if people get
>> at blocking single IPs.
> That's why it's better done at the ISP level.
> If they have web caches which transparently proxy everything. (dunno how
> many isp's still do this). But the URL itself can be blocked rather than
> the IP.
> Carriers shouldn't block IP's IMHO.
Can't ISP's just intercept http traffic destined for phishers' sites
(based on url matching, not ip) and display a nice html message to the
user how their bank account would have been cleaned out if it hadn't been
for their nice friendly isp? :)
Certainly blatantly blocking ip's at carrier level is rather nasty. what
happens if that IP is a large virtual host server?
Replacing content (as above) at least allows you to make it obvious to all
users whats happening.
> Simon Allard
> ihug Limited
> P +64 9 962 9827
> M +64 21 456 412
> E simon.allard(a)staff.ihug.co.nz
> NZNOG mailing list
> I don't buy this line of reasoning any more. Don't open attachments
> from people you don't know. Don't open attachments from people you do
> know. Don't open attachments that have innocent looking icons like a
> text file. Don't preview emails that have attachments. Now we're in
> arms race where trying to send any email attachments around the
> is a sure fire way of getting someone to blackhole your entire email
> "malicious content". Even experienced users running around with
> the latest antivirus and ad zappers and everything can *still*
> occasionally get infected with spyware. How do you expect users to
> keep up?
I agree with this comment. If user education worked, ISP's wouldn't be
hit with high call volumes when the big viruses hits. ISP's wouldn't
need to have big virus/spam servers in front of their mail farms.
Too many stupid users, and when those stupid users become educated,
there are new stupid users who take their place. It's a never ending
cycle. Every time a user rings the helpdesk, it hits the ISP's bottom
line, hence why a lot of ISP's are in favour of blocking phising/virus
But I don't understand why carriers block stuff.
P +64 9 962 9827
M +64 21 456 412
> NZNOG mailing list
It's a typical spammer setup that's using zombies to provide DNS.
Makes it more difficult to shut them down.
The web server is located in India.
We've already notified them of the compromised host, and also asked
joker.com to pull the domains.
Both this domain, and the domains that the nameservers respond to, are
I'm not going to hold my breath waiting for joker to act though :-)
well well we have come full circle.. So who's going to gauge what will and
wont get through ay.
I'm all for letting people choose themselves.
If they don't like what they see - they can unplug. It's a big scary world
out there ay...
It's like the isp's/transport providers are the highways.
If people wanna walk out in front of a car on your highway (even though it's
obviously a big truck that's gonna run them down badly disguised as a
phishing scam.. - well - they have been warned.
They had to learn to walk in real life- maybe they should learn to 'walk' in
'our virtual world' ie fall over some of the pitfalls - just like we all
have done at some time..
You cant protect everyone all the time.
So many standards of wrong and right and possibly no right answer.
This is the bit where I go quiet again - after all I don't even work for an
ISP any more! Shudder...
From: David Robb [mailto:email@example.com]
Sent: Monday, 19 September 2005 4:28 p.m.
To: Russell Sharpe
Subject: Re: [nznog] New phish - Westpac
On Mon, 19 Sep 2005, Russell Sharpe wrote:
> I guess from a morality point of view...
> Is it in an ISP's best interest to protect its customers interests?
If you want to involve morality... many people don't like pornography.
There's lots of it out there. Should we block it?
NZNOG mailing list
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
MailScanner thanks transtec Computers for their support.
MailScanner Supplied by ITS-HelpDesk.
ext 4001 or email helpdesk(a)irl.cri.nz--
This electronic transmission and any documents accompanying this electronic
transmission contain confidential information belonging to the sender. This
information may be legally privileged. The information is intended only for
the use of the individual or entity named above. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on or regarding the
contents of this electronically transmitted information is strictly
>>>> Andy Linton <asjl(a)citylink.co.nz> 19/09/2005 4:15 p.m. >>>
>> So you say it's ok for bank phishing. What about ebay/trademe/other
>> auction/sales sites?
>Perhaps the correct response is some (more) user education and then allow
>evolution to take over - those people who are too stupid to work this out lose
>all their money and then they can't use the Internet any more. While ISPs will
>lose revenue from them they're probably the ones who cause 90% of the help
>desk calls and so profitability goes up and we all get more time for beer.
On a more general level it's a simple economic problem and we
shouldn't be expending that much energy into finding a technical
The current level of bank fraud is _obviously_ acceptable to the
banking institutions (1)... When it becomes unacceptable then we'll
see more secure (yes, less convenient) methods of conducting
e-banking. We'll probably also see the banks seriously publicise the
issues and most importantly, we'll see the banks start shying away
from accepting financial responsibility for these phished transactions
- currently they wear most of the losses.
(1) They are obviously acceptable because we haven't seen the banks go
ballistic to close this down from their end - don't think they don't
know how, or can't afford it... It's just more trouble than it's
currently worth. If we keep trying to solve the problem from a
technical perspective, the attacks just get better, and the banks get
to sit (relatively) idly by and not have to solve the root problems.
Product Manager - Product Line Management
Allied Telesyn Research Ltd
+64 3 339-9509 (ph)
+64 3 339-3001 (fax)
NOTICE: This message contains privileged and confidential
information intended only for the use of the addressee
named above. If you are not the intended recipient of
this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it.
If you have received this message in error please
notify Allied Telesyn Research Ltd immediately.
Any views expressed in this message are those of the
individual sender, except where the sender has the
authority to issue and specifically states them to
be the views of Allied Telesyn Research.