Glad I started off a good thread….

TS – You say one mans false positive is another’s’ positive and but why is this? I can see that most companies would not want Kazaa and all the other P2P apps running, but some might allow it with their policy so we have a difference in acceptable traffic right there and I'm answering my own question…

But do they have ‘templates’ for IDS systems because surely in this day and age 9 out of 10 corporate networks would have pretty consistent policies?

You know, no P2P software, no spyware and obviously no malicious traffic?