snort started out as an open-source IDS that allowed for extremely easy configuration of rules (and reactions). It's now somewhat of a Swiss Army Knife for network administrators.

I, for one, use it with the flexresp module to both sniff out and close P2P client connections (and other forms of dubious traffic) on some of the networks I manage.