Theres a tutorial by qod about intrusion detection systems -

http://www.antionline.com/showthread...hreadid=252880

A IDS system pretty much, looks at all the packets going into your computer. If the IDS thinks that theres something suspicious about a packet, it makes a log and gives you a alert. You give this log to your ISP (or their ISP) and let them decide.

People use this with a firewall because if someone manages to get into your computer, they can delete your firewall logs and whatever evidence there is on your computer. The IDS' existence is usually hard to notice, so the logs cant be found. Some IDS email you the log.