Scott Ullrich wrote:
It is a delayed IDS. Generally an IPS hooks into the network stack directly and does not allow the traffic to pass through until its scanned.
And generally you probably aren't going to want to hook snort into your network stack like that, because of the limitations of PC hardware. Commercial IPS devices process rules through ASIC's, which enables them to fully evaluate every single packet before passing it without incurring much of a performance penalty (if any). We don't have that luxury in the PC hardware world.
