I mentioned this in a response to another post, but I thought I'd mention it here. If you want to learn more about intrusion detection and you are running Windoze, you can buy your own industrial strength IDS for you own PC. BlackICE Defender is a full network-based IDS that has been scaled down to fit on your PC, and it comes with a built-in firewall to boot. It has some really cool features, such as:
Extremely high performance. The test here compares the "Sentry" version against other network-based IDSs. The "Defender" version is higher performance than other personal firewalls, but it does both IDS and firewalling.
You can buy/download online and install it immediately without even having to reboot your machine.
It does some simple scans against the intruders (DNS, NetBIOS) and sometimes finds out who they are.
The cool thing is that the only product that could do both (BlackICE Sentry) is also available as a $40 personal version (BlackICE Defender) that you can install on your own (Windoze) machine. It includes a personal firewall to boot and is really easy to use. It also has extensive anti-evasion technique to solve problem number 3 that you mention. Go to networkice.com and download a copy of it if you don't believe me.
Slashdot Mirror
You should check out the IDS FAQ. It has tones of easy to understand, but technical information. The site has a bunch of other infosec information.
The cool thing is that the only product that could do both (BlackICE Sentry) is also available as a $40 personal version (BlackICE Defender) that you can install on your own (Windoze) machine. It includes a personal firewall to boot and is really easy to use. It also has extensive anti-evasion technique to solve problem number 3 that you mention. Go to networkice.com and download a copy of it if you don't believe me.