sorry for posting it twice, i will delete it.
btw . here is my toc, as you could see, this was just 1.1, what is IDS.

Table of Contents:
Introduction
Copyright Information

1. IDS?
1.1 What is IDS?
1.2 HIDS
1.3 NIDS
1.4 Hybrid IDS
1.5 DIDS
1.6 Signature based detection
1.7 Anomaly based detection
1.8 Statistical based detection
1.9 Other methods of detection that are used
1.10 What is a Sniffer?
1.11 Common places to place your IDS sensor
1.12 Problems with IDS
1.12.1 False Positives
1.12.2 False Negatives

2. Snort?
2.1 What is Snort?
2.2 What makes it tick.
2.3 Some history.
2.4 System requirements.
2.5 Running Snort.
2.6 Snort's Components.
2.7.1 Packet Sniffer
2.7.2 Packet Decoder.
2.7.3 Preprocessor.
2.7.4 Rules.
2.7.5 Output and Logs.
2.7 Rules Basics
2.8 Preprocessor Basics
2.9 A look at snort.conf
2.10 Configuring and tweaking snort.
2.11 Updating Snort.

3. Shortcomings of NIDS and how they reflect on Snort
3.1 Architectural Issues
3.1.1 Sensor placement
3.1.2 Switches
3.1.3 Encryption
3.1.4 Gigabyte Ethernet
3.2 False Positives
3.3 False Negatives
3.4 Anti-IDS tactics
3.4.1 URL encoding
3.4.2 Unicode
3.4.3 Self-referenced Directory
3.4.4 Whisker
3.4.5 Snort and Stick
3.5 Fragmenting
3.6 Stateless packets
3.7 Session splicing
3.8 DoS
3.9 What snort is still vulnerable against

4. Conclusion

Apendex A

Apendex B

*Suggested Reading

by Q.o.D
12/13/03