> From: Kurt 
...
> So anyway, I want to set up an IDS. 
... 
> Now that
> being said, where would you all place the thing? On
> the wan line, picking up attempts? Or on the lan line?
...
> And then there is this dmz thing that I don't
> seem to fully understand. All I'm really trying to
> accomplish is some learning and maybe get a kick out
> of checking things. Do any of you have any suggestions
> as to the placement, and why? Appreciate it.
> 

I'd place it on the lan side to start out with to 
determine if my firewall is letting anything in it
shouldn't. Then I'd put it on the wan side and see
if anyone is attempting to get in. And also so I 
could try to break in. I haven't gotten
around to doing one of these yet.

A dmz is *generally* a box sitting on the wan side for
the purpose of allowing some traffic in (CMIIW). Although 
there are many possible configurations. So many in fact 
that my generalized statement above is mostly useless.
A dmz can be a production box for allowing some browsing
capability. It may also include a system designed
to record and report on break-in attempts. It may contain
totally bogus information about a company so that it looks 
attractive to crackers to try to break in to. Et cetera,
et cetera, et cetera.