Sometimes we spend so much time discussion network based IDS that we end up not looking at other interesting places to look for intrusion signs.