diff --git a/content/notes/25-network-security-2.md b/content/notes/25-network-security-2.md
index 4d6e56e2f..30a9cf07a 100644
--- a/content/notes/25-network-security-2.md
+++ b/content/notes/25-network-security-2.md
@@ -118,8 +118,18 @@ three types
 limitaitons
 - IP spoofing
 - if multiple apps need special treatment, each has own app. gateway
-- client software must know how to ocnt
+- client software must know how to contact gateway
+	- e.g., must set IP of proxy in browser
+- filters oftenuser all or nothing policy for UDP
+- tradeoff: access with security
 
+# IDS
+- instrusion detection system
+- deep packet inspection
+	- look at contents (e.g., check strings in packet against DB of known virus, attack strings)
+- examine correlation among packets
+	- port scanning
+	- network mapping
+	- DoS attack
 
-
-# IDS
\ No newline at end of file
+multiple IDSs: different types of checking at different locations
\ No newline at end of file