Re: Reacting to IDS alertsFrom: Windex King (WindexKing@mor-lan-d.com)
- Previous message: josebianco: "Re: badnwidth monitor"
- Maybe in reply to: shawn merdinger: "Re: Reacting to IDS alerts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 Jun 2002 00:48:48 -0400 From: Windex King <WindexKing@mor-lan-d.com> To: firstname.lastname@example.org
H C wrote:
> Second, are the attempts successful? If not...why
I believe the context of this thread so far has been
with respect to IDS systems monitoring Internet facing
How much should things change when you're monitoring
internal systems? Should monitoring groups still not
care about multiple failed logons to a machine, etc.
as long as the "attacker" didn't get in?