A friend of mine, Espen Grøndahl, has created his very own IDS. To be precise, it is not a IDS per se, but a tool to visualize firewall logs. It's written in Perl and visualizes OpenBSD's pf firewall log. The IDS is called Fireplot and can be downloaded here. It is really easy to identify port scans, like this plot shows.
Two friends of Espen decided they wanted to test Fireplot, so they crafted and launched a nice "attack":
"WTF are these pictures doing in my IDS log?!?"
The original Fireplot log can be seen here:
They even got some Star Wars in there. Quite funny.