Sanjay, FYI: http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1271716,00.html
--- Gautam On Mon, Nov 24, 2008 at 1:24 PM, Gautam Singaraju <[EMAIL PROTECTED]> wrote: > Hi Sanjay, > > I have a hearsay that some commercial products are in fact attempting > this. I understand that inputs from IDSs are being used to 'refine' > email reputation and vice-versa; though I have not seen any numbers > that attempt these. > > The idea is that: IDSs can monitor connections from those senders > closely depending on the reputation (reputation 80 to 100: basic > checks; 50-80 moderate checks; less than 50 extensive checks). The > number of classes and boundaries could be variable. In comparison, > blacklist is just "good/bad". > > I want to test this theory that email reputation could be useful in > more mechanisms that just classifying emails. > --- > Gautam > > > > On Mon, Nov 24, 2008 at 1:10 PM, Sanjay R <[EMAIL PROTECTED]> wrote: >> Hi Gautam, >> Can you please mention those references that have tried to incorporate >> email reputation systems into an IDS? To me, it appears that this type >> of solutions are more close to creating a "black-list" rather than >> core functionality of IDS i.e detecting an attack (malicious >> activities). >> >> -sanjay >> >> On Sun, Nov 23, 2008 at 6:51 AM, Gautam Singaraju >> <[EMAIL PROTECTED]> wrote: >>> All, >>> >>> I have been working in email reputation system that has computed >>> sender reputations for over an year. I believe that there are couple >>> of efforts to incorporate email reputations into IDSs. Is someone in >>> the group working on this? Are there any IDSs which can be configured >>> to perform extensive analysis for non-reputable senders? I would be >>> interested in sharing this data with other researchers in the group. >>> >>> --- >>> Gautam >>> >>> ------------------------------------------------------------------------ >>> Test Your IDS >>> >>> Is your IDS deployed correctly? >>> Find out quickly and easily by testing it >>> with real-world attacks from CORE IMPACT. >>> Go to >>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw >>> to learn more. >>> ------------------------------------------------------------------------ >>> >>> >> >> >> >> -- >> Computer Security Learner >> > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
