[73242] in North American Network Operators' Group
Re: Phishing (Was Re: WashingtonPost computer security stories)
daemon@ATHENA.MIT.EDU (Eric Kuhnke)
Tue Aug 17 09:00:53 2004
Date: Tue, 17 Aug 2004 05:58:35 -0700
From: Eric Kuhnke <eric@fnordsystems.com>
To: nanog@merit.edu
In-Reply-To: <021c01c48413$639f3600$6401a8c0@alexh>
Errors-To: owner-nanog-outgoing@merit.edu
>>The mail originated from 68.77.56.130 (an ameritech.net DSL connection,
>>right now not pingable) and loads some images from www.citibank.com.
>>It links to http://61.128.198.51/Confirm/ - an IP address hosted by
>>Chinanet (transit to there supplied by Savvis from my point of view).
It's a 1 line rule with mod_rewrite and apache to block
nonexistant or off-site http referers attempting to display
GIF/JPG/PNG images... Sometimes I wonder why Citibank,
Paypal and others don't do this. It would cut down on the
displayed authenticity level of many basic phishes.
