Thank you once again for your fine work. I did as you suggested and re-read post 8000. Perhaps there is a hint in there as to the reason for A.B.'s disappearance. I've lifted the relevant section where he is discussing the use of I20 in NICs for intrusion detection:
"Just to make this absolutely clear, let me describe one I have been toying with intellectually. Erwin, please strike
this from your mind after reading it since the idea is proprietary with me, and please don't tell anyone else.
First some background. Traditional Intrusion Detection (ID) is host-based or network-based (i.e. in gateways or
other network devices). ID is signature-based (known virus DNA like "I Love You" in an email) or
anomaly-based (perhaps a configuration or execution file changed erroneously, or something else very subtle is
judged to be abnormal -- I'm leaving this vague on purpose, and also because there is a lot of very sophisticated
research on-going in this area.) You can imagine that every system administrator would prefer to detect an
intrusion before it reaches any host computer, thereby eliminating any chance of the virus defeating defenses on a
host computer. This means an efficient network-based detection scheme would be treasured by enterprises in
general and eCommerce sites in particular.
Network-based ID of either type generally is limited to pretty dumb stuff like firewalls. One reason for this is that
packets, being just pieces of messages, carry less information than a fully assembled message. Since an
off-loaded NIC assembles messages, it follows that the best place to conduct network-based detection would be
at an offloaded, intelligent NIC. By maintaining a constant software platform in all iLANs, the market for a
powerful, subtle ID vertical solution for iLANs would be huge. This observation is so obvious, so important, and
so practical to implement, that you can count on this application alone to drive the iLAN market." |
