This paper talk about the future of IDS,
notably the facts, that IDS will not longer monitor
large network because of the fast evolution of technology
( network fasteness, packet content encryption ).
Basically, what they say is that new IDS should focus on
protecting one, and only one machine, and that it will be
better if they directly interact with the kernel networking stack.
( which, AFAIK, is possible by the use of netfilter )
Please read this article,
and say me what are your through for the future of prelude.
http://phrack.infonexus.com/search.phtml?view&article=p56-11
--
-- Yoann, http://www.mandrakesoft.com/~yoann/
It is well known that M$ products don't call free() after a malloc().
The Unix community wish them good luck for their future developments.
