> Michael Richardson wrote: > but firewall vendors have screwed that up so badly, that > this is now better done by dedicated IDS. I don't pretend to be a firewall expert but the IDS I use (and pasted examples of earlier) is built-in the firewall and works for my needs. I don't care much about an IDS that generates 100 alarms per second, the reason being I have not enough qualified staff to analyze 100 IDS alarms per second. IDS systems that generate tons of alarms are primarily a means of selling an IDS system to the unsuspecting decision maker that does not know jack about them. Michel.