nanog mailing list archives
Re: ISP phishing
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 23 Jun 2005 16:41:17 +0200
Robert Boyle wrote:
At 05:37 AM 6/23/2005, you wrote:Hi guys. I notice a large increase in recent weeks of ISP directed phishing - largely because of worms moving backward to using the user's own domain for the spam, but not just in the from: address. I believe this started out as a "let's feel this out" or "wow, that worked, let's phish ISP's directly too". I now have several reports that point to this becoming a serious problem. Old with a spark of new, but definitely a problem. Anyone else dealing with this?Due to the huge number of variants in the wild, our AV software can't keep up (probably nobody's can). Instead, we enabled a global rule which blocks any email from accounts such as billing, root, postmaster, antivirus, abuse, security, etc. which don't originate from our management IP space where our people work. As a result, we have stopped these phishing scams for our users dead in their tracks. -Robert
We did as well, but we did not yet find a solution for legit bounces.. it naturally breaks that. It's a temporary solution to what I see that is going to become very big.
Current thread:
- ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Robert Boyle (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Joel Jaeggli (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Joel Jaeggli (Jun 23)
- Re: ISP phishing Valdis . Kletnieks (Jun 23)
- Re: ISP phishing Gadi Evron (Jun 23)
- Re: ISP phishing Robert Boyle (Jun 24)
- Re: ISP phishing Robert Boyle (Jun 23)
- Re: ISP phishing Mark Tombaugh (Jun 28)
- Re: ISP phishing Brad Knowles (Jun 28)
- Re: ISP phishing Paul Wouters (Jun 28)
- Re: ISP phishing Robert Boyle (Jun 28)
- Re: ISP phishing Brad Knowles (Jun 28)