I have tried to read up on the IP INSPECT capabilties in IOS.
I can see its usefulness for FTP since it has the smarts to "open new ports" in the ACLs to allow FTP data transfers between two random ports.
I had been lead to belive that it had intrusion detection capabilities, (such as blocking an IP for some time after X unsuccesful login attempts. But I read nothing about it.
Can anyone confirm that it does not have the ability to detect unsuccesful login attempts and then block that IP for a random amount of time ?
And if the job falls on the server to detect the invalid login attempts, would the server then tell the router to block a certain IP address ? What is the best method to do this ? SNMP ? Or just have a telnet script that goes in and adds an entry in an ACL ?