Re: Reacting to IDS alerts

From: Windex King (
Date: 06/03/02

Date: Mon, 03 Jun 2002 00:48:48 -0400
From: Windex King <>

H C wrote:
> Second, are the attempts successful? If not...why
> bother?

I believe the context of this thread so far has been
with respect to IDS systems monitoring Internet facing

How much should things change when you're monitoring
internal systems? Should monitoring groups still not
care about multiple failed logons to a machine, etc.
as long as the "attacker" didn't get in?