[EMAIL PROTECTED] wrote on 12/06/2005 01:42:33 AM: > I am working on IPS signatures to detect phising scams on wire. > the points in my mind are > IPS should have capabilty to validate the IP addresses using > reverselookup or by maintaining a list of blacklisted IPs. > to check SSL validation for commercial sites on wire to prevents urlspoofing > i would appreciate your comments and suggestion > > thanks in advance > No offense, but why not put your efforts into the email chain instead? This technology would seem best fit into an MTA-like application. IPS would be limited in its effectiveness against first-hand phishing, and would be worse against phishing on people's personal gmail/yahoo mail access.
The only way I can see this being more value than an MTA-based solution is for the personal web-mail (since that doesn't traverse a corporate MTA), but that will be a tough sell for the corporate environment. Then again, technology advances tend to come from somebody asking "what if...." and then doing it. So don't let me stop you. Those are just my thoughts, in an attempt to spurn more comments. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
