"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" [Local PDF Version]
[Local HTML Version]
This paper highlights some of the problems with network-based intrusion detection and is quite good, if somewhat theorhetical. Written by T. Ptacek and T. Newsham of Secure Networks, now held in the clutches of
By Martin Roesch! ;-) This paper discusses the architecture, performance, and uses of Snort. It also contains a comparative analysis of Snort to some other well know programs used for similar purposes. Additionally, there is a nice rules tutorial contained in the document for those of you wanting to know how the rules system works. I'll be presenting this paper at the USENIX LISA '99 conference next month in Seattle.