Re: Identifying Intrusions?

[fskrc1 () hotmail com]

Are you using a SEM/SIM for viewing this data?  If a source IP and MAC are spoofed then I'm unsure how the account 
would be compromised since the purpose of a compromise would be to send traffic back to the attacker.  A spoofed IP is 
a one way communication from source to destination (unless its used for DoS)as any return data would be sent to the 
spoofed IP and not the real IP.