Re: Email reputation for inout to IDSs?



Why would you want to do this on an ids? Al lot of email gateways have
a similar funktion (Sender base reputation filtering). I believe it
should be perfomed by the email gateway and not the ids/ips system. If
you want to do this on your ips I believe it will be overloaded or has
to be sized much bigger as normal.

Best regards

Bart Knippenberg

2008/11/23 Gautam Singaraju <gautam.singaraju@xxxxxxxxx>:
All,

I have been working in email reputation system that has computed
sender reputations for over an year. I believe that there are couple
of efforts to incorporate email reputations into IDSs. Is someone in
the group working on this? Are there any IDSs which can be configured
to perform extensive analysis for non-reputable senders? I would be
interested in sharing this data with other researchers in the group.

---
Gautam

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: Email reputation for inout to IDSs?
    ... Objet: Re: Email reputation for inout to IDSs? ... There are a few IPS/IDS solutions out there utilizing email reputation ... reputaion value associated with it and IDS should scan ...
    (Focus-IDS)
  • Re: Email reputation for inout to IDSs?
    ... But i think the question was to use reputation to ... decide the degree of scanning the traffic by an IDS => IDS will scan ... prevalent behavior of many network managers in applying bias to their ... That alone should help to bubble up alerts in the console of the ...
    (Focus-IDS)
  • RE: IDS that retaliates.
    ... tracks down offenders and notifies authorities etc. (I know ISS' X-Force had ... Subject: IDS that retaliates. ... sender, except where the sender specifically states them ...
    (Security-Basics)
  • Re: Email reputation for inout to IDSs?
    ... Incorporating reputation services into IDPs is an outstanding way to help provide the IDP with additional information that might help it to do a better job. ... For example, correlating the Spamhaus PBL with IDS alerts would be outstanding information, because anyone on the PBL generating a alert is likely to be bot-infected or intentionally malicious. ... In a more complex case, the presence of an IP on a reputation service could also affect the behavior of an IDP when it comes to actually dropping or resetting connections. ...
    (Focus-IDS)
  • Re: iTunes 8.2.1 now out
    ... use IDs that don't belong to them. ... doesn't work properly" or "Bloody iTunes is a bag of crap"? ... in order to protect their reputation. ...
    (uk.comp.sys.mac)