H C wrote: > Second, are the attempts successful? If not...why > bother? I believe the context of this thread so far has been with respect to IDS systems monitoring Internet facing servers/traffic. How much should things change when you're monitoring internal systems? Should monitoring groups still not care about multiple failed logons to a machine, etc. as long as the "attacker" didn't get in? W K
- Reacting to IDS alerts JM
- Re: Reacting to IDS alerts shawn merdinger
- Re: Reacting to IDS alerts Billy D Walls
- Re: Reacting to IDS alerts H C
- RE: Reacting to IDS alerts Windex King
- RE: Reacting to IDS alerts Matthew F. Caldwell
- RE: Reacting to IDS alerts Don Weber
