Well I have installed suricata with NFQ to work as an IPS. I am going to test some evasions techniques on my IPS using http-phpBB exploit What kind of rules should I put to drop??? any ideas :)