arian wrote:
I mean, come on: it's a crazy complex job. Not to mention that to attempt every variation on the fly would be too expensive performance-wise.

I agree that most of Layer 7 is going to be beyond IDS/IPS. Its simply a matter of normailzation. Layers 3 and Layers 4 represented in relatively normal forms.

TCP/IP stacks don't speak Shift_JIS or UTF-16, let alone nested encodings.

Not sure where in the world you get time to finish your research, but I should (will?) probably wrap this up soon if I can find the time.

Smack. Red Bull and Smack.

Thanks for the kind notes; now I have to quit making fun of your constant web 2.0/ajax worm stuff. :)

I've got some stuff up my sleeve I think you'll enjoy...

RE: Web hackers 9999, IDS 0