While you *could* write an IDS in perl, I am pretty sure any link with much activity would cause the PerlIDS(tm) to drop packets.
in reply to Re: How do *you* secure your network with Perl?
in thread How do *you* secure your network with Perl?
However, a better use for perl in your IDS implementation is in the role of analysis scripts. Your IDS implementation should probably consist of one or more "quick and dirty" systems -- snort (or your IDS of choice) with fewer rules, and one or more analysis machines. Perl excels in the analysis role -- processing "historical" data.