Very interesting stuff. Certainly worth more investigation.
Something occurred to me while I read your thesis. Though maybe it was worth a mention. The TTL (time to live) could potentially cause the IDS module to be easily beaten. An attack could begin and immediately go into a sleep state with the intent to expire the TTL. Later resuming with it's actions going unnoticed.
I hope to see more on this. I think it is a very creative and useful idea.
Thanks, Brian
This is certainly something that will need to be researched and tuned in practical environments. In many cases, it's not practical to wait for over a certain period of time to perform the combination of commands needed to exploit software due to network or file issues. But it is a very valid point.
--Devon _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
