[84093] in North American Network Operators' Group
RE: FW: Need some help: IDEAS, Inc.
daemon@ATHENA.MIT.EDU (Hannigan, Martin)
Sun Sep 4 00:41:11 2005
Date: Sun, 4 Sep 2005 00:40:16 -0400
From: "Hannigan, Martin" <hannigan@verisign.com>
To: "Todd Vierling" <tv@duh.org>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
> > > this is NOT a good solution, since a successful phish attack
> > > in this case
> > > would look exactly like the official red cross web site.
> >
> > How's that one work?
>=20
> One form of DirectNIC's redirection, which the phisher was=20
> supposedly using
> (I didn't check myself), uses a <FRAMESET> to hide the=20
> redirect inside a
> frame, thereby not showing the real address in the browser=20
> without deeper
> inspection.
Understood. If it's being pointed at redcross.org, a known
good guy site, that wouldn't be a problem, would it? It seems
that if the scammer is removed from the operation, it's not really
a problem anymore.=20
I'm interested because I think there could be value in a page(s)
on an SP that says "This site terminated due to fraudulent activity"
and pointers to how to not be sucked into these things.=20
> Personally, I'd prefer registrar lock myself, as that keeps=20
> the distinction
> between scam and non-scam clear.=20
Registrar lock is preferred on my part. The redirect idea was
creative.=20
-M<
