IDS: need your help about IPS and IDS,thanks

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

need your help about IPS and IDS,thanks

From: "Lily" <xiaoche111 () hotmail com>
Date: Sat, 13 Nov 2004 22:52:31 +0800

hi,all
I have some questions to ask which must be simple to you I think.
1.IPS must build normal model while IDS can use the abnormal model(misuse detection)?If it is what's the difference 
between the IDS's anomaly detection and IPS?
2.Has someone formally use the data mining technology in the IPS?
3.Besides the DoS and buffer overflow etc,has any other way be used in IPS just like the users behaviour analysis?
4.Why someone said IPS can not log the trace of the attacks while IDS can do?I think IPS can do it easily.Maybe because 
IPS is in-line and log the trace needing many time?
So depressed with the IDS/IPS and my thesis is flying in the sky:(
Thank you in advance.

Lily

By Date By Thread

Current thread:

need your help about IPS and IDS,thanks Lily (Nov 16)
- RE: need your help about IPS and IDS,thanks Andy Cuff (Nov 17)
- <Possible follow-ups>
- RE: need your help about IPS and IDS,thanks Eric McCarty (Nov 16)
  - Re: need your help about IPS and IDS,thanks Lily (Nov 17)
    - RE: need your help about IPS and IDS,thanks Andy Cuff (Nov 18)
    - RE: need your help about IPS and IDS,thanks Chris Petersen (Nov 19)