> sadly, in the real world, things don't often come in nice round numbers.
How true ! Assuming that "metr-ic" means "something that is quantifiable": > Offhand, I can think of false negative rate, A good indicator. How would you quantify it ? > false positive rate, Another good one ! How would you quantify it objectively ? > many Mbit/s it can keep up with, Nice shot: on which types of traffic ? > cost This is definitely easier ;) > and how many real attacks are covered in the ruleset. Woah ! This is a very, very juicy and difficult one. How do you count those little buggers ?! Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
