Saw that there was another thread here with almost the same question, but it was geared a bit more towards detecting snort:
http://www.antionline.com/showthread...hreadid=270550

I found this little blurb about detecting if someone is running a NIDS (Network IDS) on another site:

"A NIDS is essentially a sniffer, so therefore standard sniffer detection techniques can be used. Such techniques are explained in http://www.robertgraham.com/pubs/sni...q.html#detect.
An example would be to do a traceroute against the victim. This will often generate a low-level event in the IDS. Traceroutes are harmless and frequent on the net, so they don't indicate an attack. However, since many attacks are preceded by traceroutes, IDSs will log them anyway. As part of the logging system, it will usually do a reverse-DNS lookup. Therefore, if you run your own DNS server, then you can detect when somebody is doing a reverse-DNS lookup on your IP address in response to your traceroute. "
-Snippet taken from www.ticm.com/kb/faq/idsfaq.html

Interesting site, lots of useful faq's pertaining to IDS's