Running an IPS on the border, on a system which is a firewall with no services is “easier”.
Personally, I have the habit to check evebox when I see something strange in network connections.
I agree that Intrusion Prevention is hard, both for us (as users) and for rules writers.