DragonFly BSD
DragonFly users List (threaded) for 2005-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

OT a DNS/phishing puzzle


From: walt <wa1ter@xxxxxxxxxxxxx>
Date: Thu, 24 Feb 2005 20:22:19 -0800

I'm only posting this here because this audience is the most
sophisticated group I know, and this incident worries me a lot.

I'm accustomed to phishing emails by now, but this particular
one made me nervous, because I don't understand how DNS works.

The phishing email wanted me to click on this URL:
http://logon.personal.wamu2u.com:880/login/index.php

Okay, so I do a 'whois wamu2u.com' and get this response:
Domain Name : wamu2u.com
::Registrant::
        Name      : Constance Edwards
        Email     : edwards@xxxxxxxxxxx
        Address   : 1094 SE St Patricks Court, Port Orchard, WA
        Zipcode   : 98367
        Nation    : US

Okay, this much seems very reassuring.

The part that worries me is when I do an nslookup on the URL
(logon.personal.wamu2u.com) I get an IP address in China.

Anyone here understand DNS stuff well enough to explain how
this happens?

Can anyone else reproduce the results I've listed above?




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]