I specifically set IPS to block id 2101 (pic attached) but I just got an alert instead of blocked on my IPS
2009:07:04-22:10:15 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="47115" sid="0" class="" priority="3" generator="129" msgid="1"
2009:07:04-22:10:16 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="47115" sid="0" class="" priority="3" generator="129" msgid="1"
...........
2009:07:04-22:50:18 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="213.199.149.156" dstip="86.164.253.43" proto="6" srcport="80" dstport="54584" sid="0" class="" priority="3" generator="129" msgid="1"
2009:07:04-22:50:38 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="60115" sid="0" class="" priority="3" generator="129" msgid="1"
2009:07:04-22:50:39 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="60115" sid="0" class="" priority="3" generator="129" msgid="1"
