Rob wrote:
And I think that is very wise. There are many protocols that can be used to hide communication, and it is undoable to analyze all of them to the level where you can be sure it is innocent.
False positives ruin trust in a tool. ( crying wolf to often. ) If 99% of your alerts are false positives that tool is worthless. uwe _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
