shantanu bhattacharya wrote: [Charset iso-8859-1 unsupported, filtering to ASCII...] | Hi, | | What are the kind of Intrusions an Intrusion Detection software can | detect? What all it cannot? Also, specify the reasons. There's an upcoming conference on this very question. I can't find the URL offhand. I believe intrusion detection to be a misnomer, and that the really useful class of software is attack detection. Attacks (land, teardrop, phf, password file sucking) are relatively easy to detect with network sniffing software. Intrusions are hard to detect with network sniffers because, done properly, they look pretty much like real users. Most systems I've broken into, I get in through social engineering. Make a few phone calls. Log based analyzers do a better jobs of this; they have less data to munge through, and can build up 'expected' behavior patterns. -- Just be thankful that Microsoft does not manufacture pharmaceuticals.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:15 PDT