On Wed, 2002-03-06 at 06:22, Carr, Aaron [CNTUS] wrote: > You may wish to clarify your meaning of "retaliate". When I think
As a HIDS we tend to think of "retaliation" (which is such an aggresive term) more in terms of "recovery". So if someone deletes the password file we can copy a recovery version off a CDROM. In some ways this is real-time retaliation because you are thwarting the attackers as they act. What good does retaliation really get you though (apart from a whole load of legal headache)? Wouldn't "recovery" be a better goal to aim for? Mark. -- Mark Crosbie IDS/9000 Product Architect http://www.hp.com/security/products/ids Hewlett-Packard MS 47 LA [EMAIL PROTECTED] 19447 Pruneridge Avenue (408) 447-2308 Cupertino, CA 95014 (408) 447-6766 FAX