I have some questions about Cisco guard:
1: Guard can defense spoof IP attack only, right?
2: Can Guard defense BOT.NET attack (real IP attack)? If yeah, how to do it?
3: Guard use "dst_ip/dst_ip_ratio/dst_port/dst_port_ratio/global/protocol/src_ip/src_ip_many_dst_ips/src_ip_many_ports" to check attack traffic, right?
4:If work in netflow ,so Guard only detect attack base on ?source IP address, destination IP address, source port number, destination port number, protocol type, type of services, and the router input interface? only, is it right?