I have an IPS 4255 running 6.0(5)E2. The device is not running inline, it is functioning pretty much as an IDS. It has devices with which it can request blocks via ACLs on an interface. My problem is that the IPS seems to be blocking traffic without any reason. We've had 5 customer IP addresses be blocked, and when we go into IEV or even the CLI (using 'show events'), we can find no reason for the IP to be blocked. When we use the 'show events' command, we see the events for the block request, but no signature triggered at all! This is a serious problem as it has blocked several customers and we've had to temporarily disable the IPS system. We have a TAC open, they don't seem to know why it's happening either...any ideas on how I can see why these blocks are being requested? Perhaps someone else has seen this or can think of something TAC isn't?