|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IE URL obfuscation - Detecting at Exchange Servers
From: Paul Szabo (psz
MATHS.USYD.EDU.AU)
Date: Thu Jan 01 2004 - 15:22:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Russ,
You wrote:
> Knowing that people continue to be concerned about the IE URL
> obfuscation technique, I decided to write up and publish a method of
> detecting such bad emails on Exchange Servers at reception time. ...
> http://www.ntbugtraq.com/badurls.asp
Why stop at URL obfuscation? Detect and stop messages with various other,
used-in-the-wild, attacks and viruses. Please see my perl script
http://www.maths.usyd.edu.au:8000/u/psz/pc/checkvirus
for many things you could (should) check for, and
http://www.maths.usyd.edu.au:8000/u/psz/pc/virus.html
for some comments.
Cheers,
Paul Szabo - pszmaths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
-----
Editor's Note: The 43rd Most Powerful Person in Networking says...
Marcus Ranum's new book "The Myth of Homeland Security" is now out and is available from http://www.amazon.com/ranum In this hard-hitting review of the homeland security business, Ranum shows us how the problem is vastly harder than it's being made to sound, and how special interests, butt covering, and bureaucracy are threatening to derail any chance of making progress.
-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]