I would like to ask about any possible limitations for an IDS configured for shunning connections by integrating with a Cisco ASA; I have the following questions in this regard:
1- Is it the particular malicious traffic which will be blocked, or the complete IP address and port number from which the attack is received which will be blocked?
2- How long will the ACL added for shunning remain in the ASA config?
3- Will the first packet reach to the victim, and if so what would be the implications?
4- Are there any advantages for the IPS mode over the IDS mode?