Jasper Bryant-Greene wrote:
> Marcos Agüero wrote:
>> Jasper Bryant-Greene escribió:
>>> Seriously though, it wouldn't be that hard to forward the POST on
>>> to the real bank website, would it?
>> I think so, but would be very easy to detect. Logs would show lots of
>> diferent user logging in from the same IP Address.
>
> Phishing scams are public in nature. They aren't trying to avoid
> detection :) and the IP address would of course be spoofed.
No it wouldn't. IP address spoofing is easy over UDP but incredibly
difficult over TCP.
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
