Catching Spammers with IDS
From: Greg Martin (greg_at_ddos.com)
Date: 04/12/05
- Previous message: Chris Mills: "Sniffing split connections"
- Next in thread: Paul Schmehl: "Re: Catching Spammers with IDS"
- Reply: Paul Schmehl: "Re: Catching Spammers with IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 12 Apr 2005 03:10:12 -0000 To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
I am interested in hearing some of your stories on how to catch spammers on your network.
I know some of their possible characteristics are a definable pattern such as massive # of MX queries on local dns resolver
or common of late with the big spammers is to use compromised hosts (proxy spamming) which will be thousands of outgoing or incoming reverse DNS lookups at high rate.
A quick google returns very little on this subject, so how are _you_ using current IDS technology to proactively look for spammers?
Please share your knowledge, snort rules, bpf's anything to help bring and end to this nuisance
- Greg Martin
--------------------------------------------------------------------------
Stop hurting your network!
The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning.
It also finds compromised systems with application-based intrusion detection.
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
- Previous message: Chris Mills: "Sniffing split connections"
- Next in thread: Paul Schmehl: "Re: Catching Spammers with IDS"
- Reply: Paul Schmehl: "Re: Catching Spammers with IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
