Can I somehow skip IOS fw maximum tcp half-open "sessions" control (DoS countermeasure) for certain amounts of traffic (matched by ACL)? I saw several times (including today) that internal hosts (mostly infected by virus) reaches upper threshold defined for half-opened connections and then router run into trouble with forwarding other legal traffic. If you then just remove ip inspect rule from interface then, for example web browsing performance comes to normal. So, it would be nice if I could only log excessive number of half-opened connections instead of terminating it.
Of course, Cisco TAC suggests that you block unnecessary outbound connections to keep half-opened conn. rate below upper threshold, but sometimes it's not acceptable - you don't want to block any traffic if you are not sure that this is a virus and this is my situation in which my routers are used in small ISP, so it's "unethically" to block customer traffic:)
B.R. Igor