IDS mailing list archives
Re: Detecting phising scams on wire
From: Matt.Carpenter () alticor com
Date: Tue, 6 Dec 2005 08:26:38 -0500
vulnerabilty () gmail com wrote on 12/06/2005 01:42:33 AM:
I am working on IPS signatures to detect phising scams on wire. the points in my mind are IPS should have capabilty to validate the IP addresses using reverselookup or by maintaining a list of blacklisted IPs. to check SSL validation for commercial sites on wire to prevents
urlspoofing
i would appreciate your comments and suggestion thanks in advance
No offense, but why not put your efforts into the email chain instead? This technology would seem best fit into an MTA-like application. IPS would be limited in its effectiveness against first-hand phishing, and would be worse against phishing on people's personal gmail/yahoo mail access. The only way I can see this being more value than an MTA-based solution is for the personal web-mail (since that doesn't traverse a corporate MTA), but that will be a tough sell for the corporate environment. Then again, technology advances tend to come from somebody asking "what if...." and then doing it. So don't let me stop you. Those are just my thoughts, in an attempt to spurn more comments. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Detecting phising scams on wire vulnerabilty (Dec 05)
- Re: Detecting phising scams on wire Matt . Carpenter (Dec 10)
- RE: Detecting phising scams on wire Mike Barkett (Dec 10)