In accordance with one embodiment of the present invention, a method for
inline intrusion detection includes receiving a packet at a physical
interface of an intrusion detection system. The packet is tagged with a
first VLAN identifier associated with an external network. The network
further includes buffering the packet at the physical interface,
communicating a copy of the packet to a processor, and analyzing the copy
of the packet at the processor to determine whether the packet includes
an attack signature. The method also includes communicating a reply
message from the processor to the interface indicating whether the packet
includes an attack signature. If the packet does not contain an attack
signature the buffered copy of the packet is re-tagged with a second VLAN
identifier associated with a protected network and re-tagged packet is
communicated to the protected network.