[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fighting Spoofing

To: silug-discuss@silug.org
Subject: Re: Fighting Spoofing
From: Nathan Nutter <nathan.nutter@gmail.com>
Date: Tue, 20 Jul 2004 12:04:36 -0700
In-Reply-To: <1090335008.2082.22.camel@localhost>
Organization: Southern Illinois Linux Users Group
References: <1090335008.2082.22.camel@localhost>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

I got the same email, but I looked at the source and the link to login
went to some computer in a Korean domain, unfortunately I just deleted
it, I should notified somebody.

On Tue, 20 Jul 2004 09:50:08 -0500, Travis Owens <openbook@linuxmds.com> wrote:
> Hello all!
> 
> Recently, I received a very deceiving, but convincing email that
> referred to a locked account due to being compromised and that I should
> "update" my information. At first glance, my "spidey-sense" was alerted
> and I looked everything over (so I thought) and it looked legit. Upon
> further inspection, I found out it was spoofing the originating site
> with extremely clever validity.
> 
> I did my research through various tools and tracked down tons of info on
> the machine, network, company and such in question. I will be submitting
> it to the originating website's security team, as well as the feds.
> (this is hard-core ID theft practicing)
> 
> Now in this case, they're not "spoofing" (i.e. proxying/anonymizing) the
> originating website, but rather using extremely well made web pages
> which give the illusion of being on the real site. However, this is
> really a "man-in-the-middle" style of attack and it got me thinking
> about how to fight/combat the "proxying" software used in those attacks.
> I have done a bit of googling for this aspect, but haven't come up with
> anything concrete in the way of connecting to the "spoofing" server and
> discovering what type of software they're using to "spoof" the real
> site--thus providing a basis for discovering flaws/holes in it to be
> exploited and shut down. Kinda like "reverse hacking a hacker" ;)
> 
> Does anyone know of such a tool? I'm thinking this would be similar to
> the technology used by Net Craft to learn what server software is used
> on any given webserver.
> 
> Since we're on a larger topic anyway, why don't I just throw the door
> wide open and let anything related to
> Spam/Spoofing/Fishing/Man-in-the-Middle/DDOS/trojans/rootkits/ID
> Theft/etc... come on in! :)
> 
> Thanks!
> --
> Travis Owens <openbook@linuxmds.com>
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
>

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Fighting Spoofing
  - From: Travis Owens <openbook@linuxmds.com>

Prev by Date: Fighting Spoofing
Next by Date: WebDAV or something better?
Prev by thread: Fighting Spoofing
Next by thread: Re: Fighting Spoofing
Index(es):
- Date
- Thread