Intrusion Detection Systems mailing list archives
Re: IDS engines put this together
From: mjr () nfr net (Marcus J. Ranum)
Date: Mon, 12 Jun 2000 14:13:04 -0400
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au Greg Shipley wrote:
Do current NIDS have signatures for SAPMing?
You can have an NFR generate an alert if there are more than a certain number of RCPT:s for a message. But I think it'll be hard to come up with a perfect algorithm for determining spam from desirable bulk mailings. That's the real trick. We have all the other pieces of the puzzle except that one. mjr. ----- Marcus J. Ranum Chief Technology Officer, Network Flight Recorder, Inc. Work: http://www.nfr.net Personal: http://pubweb.nfr.net/~mjr
Current thread:
- IDS engines put this together Lance Spitzner (Jun 11)
- RE: IDS engines put this together Bill Royds (Jun 11)
- connection request to port 25 SHAIFUL HASHIM (Jun 12)
- Re: connection request to port 25 Carric Dooley (Jun 12)
- Does anyone know if there is a firewall in the market that does not filter out ip packets with source route option filled in. Akshay Kumar Sreeramoju (Jun 12)
- Re: connection request to port 25 Joe Dauncey (Jun 18)
- Re: IDS engines put this together Greg Shipley (Jun 12)
- port 25 Tim Slighter (Jun 12)
- Re: IDS engines put this together Martin Roesch (Jun 12)
- <Possible follow-ups>
- Re: IDS engines put this together Marcus J. Ranum (Jun 12)
- Re: IDS engines put this together Marcus J. Ranum (Jun 12)
- Re: IDS engines put this together Martin Roesch (Jun 13)
- Re: IDS engines put this together Mark.Teicher () predictive com (Jun 13)
- Re: IDS engines put this together Andy Bradford (Jun 13)