There are systems that do this already. They open a host of new
security problems on today's Internet -- it is usually possible to fool
the IDS into (a) detection of fake intrusions and (b) not detecting
real intrusions. (a) can result in denial of service to legitimate
users and services; many security mechanisms in use today can be made
to break down under these circumstances.
There's a paper on insertion and evasion attacks (which explains (b))
that was posted to BUGTRAQ some months ago. (a) can be as simple as
Not that I've *done* any of this, mind you.
-- <firstname.lastname@example.org> Kragen Sitaker <http://www.pobox.com/~kragen/> "Why are you withholding me?" -- name withheld "Oh... And dig this: I am a fish. 'Nuff said." -- Joe Blaylock (no further explanation) These are the denizens of the CLUG mailing list. Their five-year mission: