IDS: snort-inline inbound ruleset?

["John Flynn" <johnflynn () fastmail fm>]

Hi all,

I'm fairly new to the IDS scene. I want to deploy some sort of open
source IPS. I've read most of the stuff from the honeynet project and
those guys are doing a great job with snort-inline. They have a great
default ruleset to filter outgoing traffic. I was wondering if
snort-inline is a recommended approach for an IPS at this point and if
so, does someone have a good default blocking ruleset for incoming
untrusted traffic they could point me to? I have been having a huge
problem with false positive rates with snort on my network and i'm
struggling to come up with an IPS solution that won't block legitimate
traffic. Would people recommend I use hogwash or something else instead
of snort-inline? 
You folks are all doing a great thing here in this list...
John Flynn

-- 
http://fastmail.fm - A fast, anti-spam email service.