IDS mailing list archives
Re: Email reputation for inout to IDSs?
From: "Gautam Singaraju" <gautam.singaraju () gmail com>
Date: Mon, 24 Nov 2008 13:24:28 -0500
Hi Sanjay, I have a hearsay that some commercial products are in fact attempting this. I understand that inputs from IDSs are being used to 'refine' email reputation and vice-versa; though I have not seen any numbers that attempt these. The idea is that: IDSs can monitor connections from those senders closely depending on the reputation (reputation 80 to 100: basic checks; 50-80 moderate checks; less than 50 extensive checks). The number of classes and boundaries could be variable. In comparison, blacklist is just "good/bad". I want to test this theory that email reputation could be useful in more mechanisms that just classifying emails. --- Gautam On Mon, Nov 24, 2008 at 1:10 PM, Sanjay R <2sanjayr () gmail com> wrote:
Hi Gautam, Can you please mention those references that have tried to incorporate email reputation systems into an IDS? To me, it appears that this type of solutions are more close to creating a "black-list" rather than core functionality of IDS i.e detecting an attack (malicious activities). -sanjay On Sun, Nov 23, 2008 at 6:51 AM, Gautam Singaraju <gautam.singaraju () gmail com> wrote:All, I have been working in email reputation system that has computed sender reputations for over an year. I believe that there are couple of efforts to incorporate email reputations into IDSs. Is someone in the group working on this? Are there any IDSs which can be configured to perform extensive analysis for non-reputable senders? I would be interested in sharing this data with other researchers in the group. --- Gautam ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. -------------------------------------------------------------------------- Computer Security Learner
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Email reputation for inout to IDSs? Gautam Singaraju (Nov 24)
- Re: Email reputation for inout to IDSs? Sanjay R (Nov 25)
- Re: Email reputation for inout to IDSs? Gautam Singaraju (Nov 25)
- Re: Email reputation for inout to IDSs? Gautam Singaraju (Nov 25)
- Re: Email reputation for inout to IDSs? Sanjay R (Nov 25)
- Re: Email reputation for inout to IDSs? Tremaine Lea (Nov 26)
- Re: Email reputation for inout to IDSs? Joel Snyder (Nov 26)
- Re: Email reputation for inout to IDSs? Sanjay R (Nov 26)
- Re: Email reputation for inout to IDSs? Tremaine Lea (Nov 26)
- RE: Email reputation for inout to IDSs? Bourque Daniel (Nov 26)
- Re: Email reputation for inout to IDSs? Sanjay R (Nov 26)
- Re: Email reputation for inout to IDSs? Gautam Singaraju (Nov 25)
- Re: Email reputation for inout to IDSs? Sanjay R (Nov 25)