It's possible to use difference in timing, for example packet reasembly timeouts, of target system and IDS to bypass detection. As workaround, timing parameters of IDS should be configured to match timing parameters of protected system.
vulners.com/securityvulns/securityvulns:doc:11268