Cisco's NIDS was never intended to be anything major and it couldn't be at any time. PIX was built without extensions in mind wich is plain stupid. They're attempt to fix it today is also plain stupid, it wont achive half what the OPSEC alliance has. They don't even have a protocol for intruder blocking to integrate with available NIDS as in the OPSEC's SAMP.

Cisco stinks, their routers, switches and HA solutions are overcommed by Foundry and F5's kick-ass ****..

--Chief TroubleMaker