Jasper Bryant-Greene wrote: > Marcos Agüero wrote: >> Jasper Bryant-Greene escribió: >>> Seriously though, it wouldn't be that hard to forward the POST on >>> to the real bank website, would it? >> I think so, but would be very easy to detect. Logs would show lots of >> diferent user logging in from the same IP Address. > > Phishing scams are public in nature. They aren't trying to avoid > detection :) and the IP address would of course be spoofed.
No it wouldn't. IP address spoofing is easy over UDP but incredibly difficult over TCP. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/