Mod FWD

["RuF NineFiveNine" <ruf959 () postmaster co uk>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
1. Soft Computing in IDS - essam () louisville edu
2. IDS Functionality - ascii246 () postmaster co uk
____________________________________________________________

From: "Essam  Hamed" <essam () louisville edu>
Subject: Soft Computing in IDS
Date: Fri, 25 Aug 2000 10:18:53 -0500

Hello, I need any information/papers/systems about using fuzzy logic and
Neural Networks in IDS
Thanks
______________________________
Essam Hamed
Ph.D. Candidate
University Of Louisville
CECS Department
Intelligent Systems Lab-Room JS003
phone:(502)852-2599
email:essam () louisville edu
_________________________________

____________________________________________________________
From: "ascii 246" <ascii246 () postmaster co uk>
Subject: IDS Functionality
Date: Fri, 25 Aug 2000 07:32:26 +0100

HI, 

I have to make some recommendations on IDS to my Board of Directors, i am reasonably new to 
IDS technology, i need help in understanding some of the issues involved..The areas 
of clarification are.
1. why is packet reassembly important in IDS systems?. isnt this excessively CPU 
intensive, also i have a firewall that does Reassembly, am i still going to need 
reassembly functionality on the IDS aswell. 

2. We have bespoke apps developed in house, which are unlikely to appear in the 
"wild", however, we still would like to have attack recognition in place, is it possible 
to tailor bespoke signatures for inhouse apps, i know i can look for text or strings in 
signatures, but there are certain actions we would like to prevent, which are likely to 
occur from a series of connections, Eg . if this happens + then that happens  + then 
this happens = then this is would be defined as suspicious. can i do this with current 
IDS technology.

3. Host based.IDS will host based work unconnected from the network, if someone 
got physical access to the box, unplugged it from the network, and then downloaded 
the database, could the IDS prevent the download, or even shutdown the box ? 

4. What happens when my Network IDS gets overloaded, does it tell me?, and 
what can i do to share the load.

5. how should i budget the total cost of ownership for IDS, how much of it is capital 
cost, and how much is ongoing management.

thanks any help will be greatly appreciated
____________________________________________________________