Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Detecting phising scams on wire

from [Matt . Carpenter] Network Security [Permanent Link]
Subject: Re: Detecting phising scams on wire
Date: Tue, 6 Dec 2005 08:26:38 -0500 
vulnerabilty@gmail.com wrote on 12/06/2005 01:42:33 AM:


I am working on IPS signatures to detect phising scams on wire.
the points in my mind are 
IPS should have capabilty to validate the IP addresses using 
reverselookup or by maintaining a list of blacklisted IPs.
to check SSL validation for commercial sites on wire to prevents 

urlspoofing 

i would appreciate your comments and suggestion 

thanks in advance


No offense, but why not put your efforts into the email chain instead? 
This technology would seem best fit into an MTA-like application.  IPS 
would be limited in its effectiveness against first-hand phishing, and 
would be worse against phishing on people's personal gmail/yahoo mail 
access.

The only way I can see this being more value than an MTA-based solution is 
for the personal web-mail (since that doesn't traverse a corporate MTA), 
but that will be a tough sell for the corporate environment.

Then again, technology advances tend to come from somebody asking "what 
if...." and then doing it.  So don't let me stop you.  Those are just my 
thoughts, in an attempt to spurn more comments.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IM & P2P packets, net shark
Next by Date:  Re: IM & P2P packets, Joel Esler
Previous by Thread:  Detecting phising scams on wire, vulnerabilty
Next by Thread:  RE: Detecting phising scams on wire, Mike Barkett
Indexes:  [Date] [Thread] [Top] [All Lists]