IDS mailing list archives

Re: Email reputation for inout to IDSs?

From: "Gautam Singaraju" <gautam.singaraju () gmail com>
Date: Mon, 24 Nov 2008 13:24:28 -0500

Hi Sanjay,

I have a hearsay that some commercial products are in fact attempting
this. I understand that inputs from IDSs are being used to 'refine'
email reputation and vice-versa; though I have not seen any numbers
that attempt these.

The idea is that: IDSs can monitor connections from those senders
closely depending on the reputation (reputation 80 to 100: basic
checks; 50-80 moderate checks; less than 50 extensive checks). The
number of classes and boundaries could be variable. In comparison,
blacklist is just "good/bad".

I want to test this theory that email reputation could be useful in
more mechanisms that just classifying emails.
---
Gautam



On Mon, Nov 24, 2008 at 1:10 PM, Sanjay R <2sanjayr () gmail com> wrote:

Hi Gautam,
Can you please mention those references that have tried to incorporate
email reputation systems into an IDS? To me, it appears that this type
of solutions are more close to creating a "black-list" rather than
core functionality of IDS i.e detecting an attack (malicious
activities).

-sanjay

On Sun, Nov 23, 2008 at 6:51 AM, Gautam Singaraju
<gautam.singaraju () gmail com> wrote:

All,

I have been working in email reputation system that has computed
sender reputations for over an year. I believe that there are couple
of efforts to incorporate email reputations into IDSs. Is someone in
the group working on this? Are there any IDSs which can be configured
to perform extensive analysis for non-reputable senders? I would be
interested in sharing this data with other researchers in the group.

---
Gautam

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------




--
Computer Security Learner


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Email reputation for inout to IDSs? Gautam Singaraju (Nov 24)
- Re: Email reputation for inout to IDSs? Sanjay R (Nov 25)
  - Re: Email reputation for inout to IDSs? Gautam Singaraju (Nov 25)
    - Re: Email reputation for inout to IDSs? Gautam Singaraju (Nov 25)
    - Re: Email reputation for inout to IDSs? Sanjay R (Nov 25)
    - Re: Email reputation for inout to IDSs? Tremaine Lea (Nov 26)
    - Re: Email reputation for inout to IDSs? Joel Snyder (Nov 26)
    - Re: Email reputation for inout to IDSs? Sanjay R (Nov 26)
    - Re: Email reputation for inout to IDSs? Tremaine Lea (Nov 26)
    - RE: Email reputation for inout to IDSs? Bourque Daniel (Nov 26)
    - Re: Email reputation for inout to IDSs? Sanjay R (Nov 26)
- Re: Email reputation for inout to IDSs? bart knippenberg (Nov 26)