From what I saw in a recent thread on this forum, our network interfaces are behind a firewall that does SYN filtering for us. Is this true?

I so, can I drop my iptable rule for !SYN NEW connections?

I disabled the IPS for now... just too many problems. On a plus note our upstream network provider, GNAX, will be installing a Tipping Point IPS/DoS filter sometime in January which we will benefit from.