What are the limitations of network intrusion detection systems?
Consider the following limitations: Address spoofing/proxying: One goal of intrusion detection is to point fingers at who is attacking you. This can be difficult for a number of reasons. In ‘Smurf’ attack, for example, you receive thousands of replies from a packet that you never sent. The NIDS and detect those replies, but cannot discover who sent the forged packet. In TCP Sequence Number Prediction, forged IP addresses are used so that the NIDS does not know precisely where the intruder is coming from. Finally, most intruders will ‘bounce’ their attacks via FTP or Web proxies, or stage their attacks from other sites they have broken into. Thus, it will be very difficult to find out who is attacking your site, and configuring IP address filters in your firewall won’t help. Resource limitation: NIDS suffer from the fact that it can take extensive resources to keep up with hackers. Most NIDS reassemble TCP streams, but few reassemble packets (because of the memory and CPU resources requ
