An insider attack scenario

[pamaclark () yahoo com]

Hi,

I'm new to IDS/IPS...

Suppose a company has a large network, which is divided into several sub-network segments. Due to finance or staffs 
restrictions, the company could only use a limited number of sensors, hence leave some internal sub-networks 
unmonitored. I guess this is quite common in real world right?

So, if I were an inside attacker, I may find out sensor locations (either physical of logical locations) by 
fingerprinting the sensors as discussed in some previous threads or whatever tricks. Means I will know which 
sub-networks are monitored and others are not, right? So that I can launch attacks to those unmonitored network 
segments without being detected.

Does this sound plausible? And what current IDS/IPS technologies can be used to against this?

Thanks