Wieso IDS nur eine von mehreren Security-Massnahmen sein können: Interesting Payload to PLSQL exploit at Milw0rm von Paul Wright.
Instead of grant dba to scott the exploit payload inserts the values into sysauth$.
This will bypass many IDS signatures. David mentioned this to me quite a while ago and it is now public so better update those IDS rules.
Das Ganze anhand eines Exploits für Oracle 10g.