Hi, My team is working on developing an IDS to *help with* denial of service attacks. This is my thesis project. There are quite a few IDS packages out there, and I am not sure what feature to focus on to make it better than other IDSes. From the viewpoint of a regular IDS, I need some feedback as to what is missing in existing products that I can hope to implement. Regarding Denial of Service attacks - I understand that, once they start there isnt really anything much one can do except sit through them. In such a case is there any useful activity an IDS can perform during/after such an attack?
Any kind of input, links to papers, resources, your own experience will be of a great help. Thanks a lot, N.R. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp