The same is acceptable for IOS IPS? Not sure. Most of the IOS IPS functionality is not production-ready. Simply put, it doesn't work at all. You cannot even edit signature parameters in post-12.4(11)T (IPS5) releases, because SDM is broken. IOS IPS still lacks many important micro-engines. It is vulnerable to simple evasion attacks. And it doesn't work with IEV due to an unknown bug.
Did _you_ test Sig 3050 in IOS IPS?
In my understanding, IOS Firewall CBAC code itself should have functionality to block a host initiating to many TCP sessions (or too many half-open TCP sessions). (BTW Sig 3050 _is_ based on the CBAC code). And I don't understand why is this not implemented by cisco.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...