Phishing & BotNets
RE: early detection Jan 06 2006 07:35PM
Alan Murphy (A Murphy F5 com)

Most anti-phishing work these days is done on the client side, but there
is a decent push underway to track and protect from these on the server
side. A few examples:

- has a few rules for snort that pull from and
block known phishing domains. These rules can easily be reworked for
your particular firewall/IPS/IDS device.

- An excellent phishing news database;
also hosts one of the domain lists referenced above.

- There has been some good work in web application firewall space
recently to protect sites and content owners from phishing linking and
data mining.

<shameless-plug> F5 has a method for protecting against these types of
intellectual property attacks before they get to the content servers
(posted in our development community forum):



There are other vendors doing similar work in the WAF space as well, but
I'll leave those for your google'ing enjoyment... ;)

Hope this helps...take care...

Alan Murphy a.murphy (at) f5 (dot) com [email concealed]
Product Management Engineer p. 206.272.5555
F5 Networks d. 206.272.6109
Seattle f. 206.448.6203
GnuPG Public Key ID: 0x08483FDF Key Server:
Fingerprint: D030 E086 85BF 9097 31EF E90A 1658 55ED 0848 3FDF

-----Original Message-----
From: Saeed Abu Nimeh [mailto:drellman (at) hotmail (dot) com [email concealed]]
Sent: Tuesday, December 13, 2005 12:32 AM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: early detection

Hi All,
I have two questions:
1)What are the early detection techniques used by companies to
determine/monitor phishing sites.
2) What are the techniques used for link analysis to fight phishing or
Are these tools available for users or they are specific for large
institutions. Is there a way to do experiments on them?
I know both questions might be broad but I want to have an idea.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus