a novice question.

[raj2569 () yahoo com (RajKumar S.)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
hello all, 

from all the mails i have been getting here i belive that all the IDS
products have all the available attack signatures. ie even if the network
that i use do not contain any solaris or NT my IDS s/w will check for all
the possible exploits that can be mounted against an nt or solaris.

now why is this necessary. since the performance of an IDS system can be
improved if the number of attack signature can be reduced. 

one use of having all the attack sig is that it will be possible to log
all the possible attacks that are mounted against my network. but most of
the time they do not cause any harm, for eg if i am runnig a server v1.8
and it explicitly fixed a bug found in v1.7, am i required to have the
attack sig of the bug which was fixed. what use will that sig be to me

pl correct me if i got some ideas wrong

raj