OT a DNS/phishing puzzle

walt wa1ter at myrealbox.com
Thu Feb 24 20:22:19 PST 2005


I'm only posting this here because this audience is the most
sophisticated group I know, and this incident worries me a lot.

I'm accustomed to phishing emails by now, but this particular
one made me nervous, because I don't understand how DNS works.

The phishing email wanted me to click on this URL:
http://logon.personal.wamu2u.com:880/login/index.php

Okay, so I do a 'whois wamu2u.com' and get this response:
Domain Name : wamu2u.com
::Registrant::
        Name      : Constance Edwards
        Email     : edwards at xxxxxxxxxxx
        Address   : 1094 SE St Patricks Court, Port Orchard, WA
        Zipcode   : 98367
        Nation    : US

Okay, this much seems very reassuring.

The part that worries me is when I do an nslookup on the URL
(logon.personal.wamu2u.com) I get an IP address in China.

Anyone here understand DNS stuff well enough to explain how
this happens?

Can anyone else reproduce the results I've listed above?






More information about the Users mailing list