Re: Detecting phising scams on wire

[Matt.Carpenter () alticor com]

vulnerabilty () gmail com wrote on 12/06/2005 01:42:33 AM:

> I am working on IPS signatures to detect phising scams on wire.
> the points in my mind are 
> IPS should have capabilty to validate the IP addresses using 
> reverselookup or by maintaining a list of blacklisted IPs.
> to check SSL validation for commercial sites on wire to prevents 
urlspoofing 
> i would appreciate your comments and suggestion 
>
> thanks in advance
No offense, but why not put your efforts into the email chain instead? 
This technology would seem best fit into an MTA-like application.  IPS 
would be limited in its effectiveness against first-hand phishing, and 
would be worse against phishing on people's personal gmail/yahoo mail 
access.

The only way I can see this being more value than an MTA-based solution is 
for the personal web-mail (since that doesn't traverse a corporate MTA), 
but that will be a tough sell for the corporate environment.

Then again, technology advances tend to come from somebody asking "what 
if...." and then doing it.  So don't let me stop you.  Those are just my 
thoughts, in an attempt to spurn more comments.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------