Educause Security Discussion mailing list archives
Re: phishing link using Google...
From: "A. J. Wright" <ajw () UTK EDU>
Date: Wed, 30 Nov 2005 12:19:33 -0500
The Google URL contains an IP address: 203.52.104.73 ... Why not just block that in the traditional manner? --aj A. J. Wright -- <ajw () utk edu> Senior Security Analyst, Information Security Office University of Tennessee, Knoxville On 11/30/05 11:44 AM, "Michael Hornung" <hornung () CAC WASHINGTON EDU> wrote:
Hi Gary. One benefit of redirecting phishing targets through Google is so enterprises can't block the phishing site for their constituency using perhaps more traditional means - via DNS or advertising bogus routes for the destination web server's IP address. Since the destination is Google, and most places aren't going to block all HTTP traffic to Google to block a given phishing scam, it's harder to block users from getting to the site. In this instance one would have to do more - maybe work with Google to break the redirection on their end, or use an IDS or IPS to block the traffic based purely on the URI inside the TCP connections to Google. ____________________________________________________ Michael Hornung Computing & Communications hornung () washington edu University of Washington On Wed, 30 Nov 2005 at 10:04, Gary Flynn wrote: |Out of curiosity, why would someone use Google as the |start point of a phishing link? Is it just so something |familiar is near the front for anyone looking at it? | |<a |href="http://www.google.pt/url?sa=U&start=4&q=http://203.52.104.73/images/... /.pcb.peoples.com/">www.peoples.com</a> | |It works if the initial URL is www.google.com too.
Current thread:
- phishing link using Google... Gary Flynn (Nov 30)
- <Possible follow-ups>
- Re: phishing link using Google... Michael Hornung (Nov 30)
- Re: phishing link using Google... Robert Kerr (Nov 30)
- Re: phishing link using Google... A. J. Wright (Nov 30)
- Re: phishing link using Google... Jeni Li (Nov 30)
- Re: phishing link using Google... Gary Flynn (Nov 30)