Apropos of Craig Kittendorf's question about snort and other IDS software, a colleague of mine coincidentally just sent this list of URLs around. They looked like they'd be of interest to this list, so here they are.
Yet another company offering commercial support for SNORT. http://www.silicondefense.com/techsupport/supportpacks.htm IDS library http://online.securityfocus.com/ids Building an IDS solution using SNORT http://downloads.securityfocus.com/library/snort4-latest.pdf Managing Intrusion Detection Systems in Large Organizations, Part One http://online.securityfocus.com/infocus/1564 Managing Intrusion Detection Systems in Large Organizations, Part Two http://online.securityfocus.com/infocus/1567 The "death" of IDSs (by Bruce Schneier) http://www.counterpane.com/crypto-gram-0103.html#9 Network IDS Sensor Placement http://www.securityhorizon.com/whitepapers/technical/IDSplace.html NIDS placement in the real world http://www.packetnexus.com/docs/packetnexus/NIDS_Placement.pdf Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html Mark Post
