I am wanting to test the auto-blocking features on the ids. I have successfully configured the device to do MANUAL blocking in which in adds ACL's to a cisco IOS router, and works great. I am interested in the auto-blocking, which no human intervention is required. I suppose i would 1) configure a signature to "block", and 2) initiate traffic that would set that alarm off...preferrably from the "outside" (internet). I think what i am needing is advice on what signature(s) to test, and what tool to trigger the signature(s), so that it will block. Any suggestions?
Thanks in advance.