>4) This whole thread is getting far afield of IDs. I already dropped >my subscriptions to several other security mailing lists because they >had a high noise level from people who had installed "crack" and >"COPS" and thus decided they were security experts. Please let's not >let that happen to this list too? Can we please go back to intrusion >detection as a topic? > >For instance, let's get back to the fact that more than 75% of system >abuses in typical commcercial environments comes from insiders. Is >anyone looking at what is different about these insiders that can be >detected or monitored? > >--spaf > I agree that the noise level is a little high. I joined the list to learn more about IDS and security (I have installed crack and COPS but don't consider myself a security expert yet). What about sniffing inside a firewall. Is there any way yet of possibly detecting a sniffer? -Chris ------------------------------------------------------------- Thomson Electronic Information Resources 205 VanBuren Street 3rd Floor Herndon, VA 22070 (703) 736-1784 csteel@teir.com http://amra.labs.thomtech.com -------------------------------------------------------------