Blocking and shunning mean the same thing.

The original term was shunning, but when dealing with overseas customers the term was confusing so it was renamed to blocking.

Blocking is the feature in IDS systems where the sensor establishes a telnet or ssh connection to a router, switch, or firewall that the user has designated. The sensor then creates an acl on the router or switch that denies the ip address of the attacker machine, or in the case of the Pix firewall will execute the firewall's own shun command to deny the attacker ip address.

All Cisco IDS versions will support blocking.

For version 4.x sensors refer to the following areas of the configuration guide:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#32394

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap5.htm#987105

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#31460 (In step 4 set the EventAction to either Block Host or Block Connection)

With Blocking/shunning the sensor connects to and reconfigures another network device which does the deny.

Some other IDS vendors have also implemented the ability for the IDS itself to drop or deny the offending packet without having to rely on another networking device. This feature is not implemented in version 4.x or prior versions of Cisco IDS.