Is it possible to block a host infected by a worm and generating lots of TCP SYNs using IOS Firewall and/or other IOS features?
IPS appliance is not an option in our net. We have just IOS router - nothing else.
ip inspect tcp max-incomplete host N block-time minutes
blocks DestinationIP, not the SourceIP.
Is it possible to use IOS IPS and Sig 3050 with "deny-attacker-inline" to achieve our goal?