<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>After re-reading this older post, I was reminded of <strong>Insertion, Evasion, and Denial of Service</strong>
by Thomas&nbsp;Ptacek, a landmark paper which "broke every shipping intrusion
detection product on the market" at the time of its writing (1998). A must read for us incident detection and response guys.<br><br></div> <div>-PJ</div> <div><br>&nbsp;</div> -------- Original Message --------<br>Subject: [dc401-l] Good Reading<br>From: <a href="mailto:entr0py@401unauthorized.org" onclick="return true;Popup.composeWindow('pcompose.php?sendto=entr0py%40401unauthorized.org');; return false;" target="_blank">entr0py@401unauthorized.org</a><br>Date: Thu, May 08, 2008 1:10 pm<br>To: <a href="mailto:dc401-l@dc401.org" onclick="return true;Popup.composeWindow('pcompose.php?sendto=dc401-l%40dc401.org');; return false;" target="_blank">dc401-l@dc401.org</a><br><br>dc401,<br><br>Last night at our meeting there was a discussion about good resources for<br>learning about Intrusion Detection. There is a lot of information about<br>there, and its hard to sift through it all. I figured that at least some<br>people on this list might benefit from others resources.<br><br>Here's a list of links to good articles about Intrusion Detection that I<br>have read and taken something from.<br><br>If you have more/others, please reply. It would be really nice to get a<br>good collection (on various topics as well).<br><br><br>Intro<br><a href="http://www.securityfocus.com/infocus/1203" target="_blank">http://www.securityfocus.com/infocus/1203</a><br><br>Terminology<br><a href="http://www.securityfocus.com/infocus/1728" target="_blank">http://www.securityfocus.com/infocus/1728</a><br><a href="http://www.securityfocus.com/infocus/1733" target="_blank">http://www.securityfocus.com/infocus/1733</a><br><br>Studying IDS data / Normal packet data<br><a href="http://www.securityfocus.com/infocus/1201" target="_blank">http://www.securityfocus.com/infocus/1201</a><br><a href="http://www.securityfocus.com/infocus/1220" target="_blank">http://www.securityfocus.com/infocus/1220</a><br><a href="http://www.securityfocus.com/infocus/1221" target="_blank">http://www.securityfocus.com/infocus/1221</a><br><a href="http://www.securityfocus.com/infocus/1222" target="_blank">http://www.securityfocus.com/infocus/1222</a><br><a href="http://www.securityfocus.com/infocus/1223" target="_blank">http://www.securityfocus.com/infocus/1223</a><br><a href="http://www.securityfocus.com/infocus/1696" target="_blank">http://www.securityfocus.com/infocus/1696</a><br><br>Other stuff:<br><a href="http://www.securityfocus.com/infocus/1670" target="_blank">http://www.securityfocus.com/infocus/1670</a><br><a href="http://www.securityfocus.com/infocus/1663" target="_blank">http://www.securityfocus.com/infocus/1663</a><br><a href="http://www.securityfocus.com/infocus/1231" target="_blank">http://www.securityfocus.com/infocus/1231</a><br>_______________________________________________<br>dc401-l mailing list<br><a href="https://email.secureserver.net/pcompose.php#Compose" target="_blank" ___onclick="return true;Popup.composeWindow('pcompose.php?sendto=dc401-l%40dc401.org'); return false;">dc401-l@dc401.org</a><br><a href="http://dc401.org/mailman/listinfo/dc401-l" target="_blank">http://dc401.org/mailman/listinfo/dc401-l</a></span></body></html>