Look at TrustedSource http://www.trustedsource.org/
-----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Tremaine Lea Envoyé : 25 novembre 2008 20:32 À : Sanjay R Cc : Gautam Singaraju; [email protected] Objet : Re: Email reputation for inout to IDSs? Hi Sanjay, Conversely to your point, IP addresses/email addresses that have poor reputations due to being a source of UCE/UBE go under heightened scrutiny or may be blocked based on the implementers policy/preference for other protocols. There are a few IPS/IDS solutions out there utilizing email reputation as part of their solutions, and they primarily get their strength from a centralized managed db on the part of the vendor supplying the solution. Cheers, --- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire The best way to find out if you can trust somebody is to trust them. - Ernest Hemingway On Tue, 2008-11-25 at 21:09 +0530, Sanjay R wrote: > Hi Gautam: > My general feeling towards the reputation system is "It is not a > security mechanism" and it should be proven either by me or by someone > else in more formal words/way. > now let us take the scenario that you posed. each email has a > reputaion value associated with it (magically!!) and IDS should scan > it based on its reputaion value (in this way, we are anyway defeating > the very purpose of having IDS). First thing is " what are parameters > to be used in calculating reputaion?" Another thing is: You must be > knowing that a virus/worm spread quite randomly (loosly speaking) and > many emails infacted by a new virus will be having high reputaion > values and therefore, bypass the IDS ( a case of false negative). > Let me know if you are not convinced or I have missed something in your views. > -sanjay > > On Tue, Nov 25, 2008 at 12:14 AM, Gautam Singaraju > <[EMAIL PROTECTED]> wrote: > > Sanjay, > > > > FYI: > > http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1271716,00.html > > > > --- > > Gautam > > > > > > > > On Mon, Nov 24, 2008 at 1:24 PM, Gautam Singaraju > > <[EMAIL PROTECTED]> wrote: > >> Hi Sanjay, > >> > >> I have a hearsay that some commercial products are in fact attempting > >> this. I understand that inputs from IDSs are being used to 'refine' > >> email reputation and vice-versa; though I have not seen any numbers > >> that attempt these. > >> > >> The idea is that: IDSs can monitor connections from those senders > >> closely depending on the reputation (reputation 80 to 100: basic > >> checks; 50-80 moderate checks; less than 50 extensive checks). The > >> number of classes and boundaries could be variable. In comparison, > >> blacklist is just "good/bad". > >> > >> I want to test this theory that email reputation could be useful in > >> more mechanisms that just classifying emails. > >> --- > >> Gautam > >> > >> > >> > >> On Mon, Nov 24, 2008 at 1:10 PM, Sanjay R <[EMAIL PROTECTED]> wrote: > >>> Hi Gautam, > >>> Can you please mention those references that have tried to incorporate > >>> email reputation systems into an IDS? To me, it appears that this type > >>> of solutions are more close to creating a "black-list" rather than > >>> core functionality of IDS i.e detecting an attack (malicious > >>> activities). > >>> > >>> -sanjay > >>> > >>> On Sun, Nov 23, 2008 at 6:51 AM, Gautam Singaraju > >>> <[EMAIL PROTECTED]> wrote: > >>>> All, > >>>> > >>>> I have been working in email reputation system that has computed > >>>> sender reputations for over an year. I believe that there are couple > >>>> of efforts to incorporate email reputations into IDSs. Is someone in > >>>> the group working on this? Are there any IDSs which can be configured > >>>> to perform extensive analysis for non-reputable senders? I would be > >>>> interested in sharing this data with other researchers in the group. > >>>> > >>>> --- > >>>> Gautam > >>>> > >>>> ------------------------------------------------------------------------ > >>>> Test Your IDS > >>>> > >>>> Is your IDS deployed correctly? > >>>> Find out quickly and easily by testing it > >>>> with real-world attacks from CORE IMPACT. > >>>> Go to > >>>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > >>>> to learn more. > >>>> ------------------------------------------------------------------------ > >>>> > >>>> > >>> > >>> > >>> > >>> -- > >>> Computer Security Learner > >>> > >> > > > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ Mise en garde concernant la confidentialité : Le présent message, comprenant tout fichier qui y est joint, est envoyé à l'intention exclusive de son destinataire; il est de nature confidentielle et peut constituer une information protégée par le secret professionnel. Si vous n'êtes pas le destinataire, nous vous avisons que toute impression, copie, distribution ou autre utilisation de ce message est strictement interdite. Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement l'expéditeur par retour de courriel et supprimer le courriel. Merci! Confidentiality Warning: This message, including any attachment, is sent only for the use of the intended recipient; it is confidential and may constitute privileged information. If you are not the intended recipient, you are hereby notified that any printing, copying, distribution or other use of this message is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email, and delete it. Thank you! ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
