This directory contains two signature-based wrappers for detecting an attack
that acquires root privileges using a vulnerability of the mail subsystem, 
in particular /bin/mail.
The attack was describe in the paper "State Transition Analysis: A
Rule-based Intrusion detection Approach", in IEEE transactions on
software engineer vol 21, No. 3 March 1995.
Both wrappers are able to detect the attack, but they follow two different
ways to implement signature matching

The mseqstat.wr uses the sequence features in WDL to match the signature.

The mstat.wr uses the WQL database to keep track of states in signature 
matching.

The two wrappers are part of the ID wrapper suite for Task 1.
