> After reading about sick puppy, then his detractors, then his supporter, then > his detractor, then his <his detractor> detractor. I'm moved to ask, 'can't > we all just get along?' In which case we don't need IDS, right? > How about we talk about a new intrusion strategy. I'll > start by asking how much interest does the group see in proactive strategies > that allow a rule base to take action when someone misbehaveson a system? As soon as someone can clearly define "misbehavin" we'll be on the fast track to a solution. Shucks, we can't even agree with our walls on this one subject.... One of our sysadmins think that because FTP exists, anyone ought to be able to FTP anyting anywhere. <I can assure you this is not the general opinion>. Kinda like a filtering router... programming the router ain't easy, but it's a lot easier than trying to get the policies written and approved! Boy this job is fun :)