Version 4.1 - 5.2.a CBAC
There are two really good documentation pages for Content Based Access Control. The first is a Introduction and Configuration. The second page is a bit more extensive Configuring CBAC page.
"The Context-Based Access Control (CBAC) feature of the Cisco IOS® Firewall Feature Set actively inspects the activity behind a firewall. CBAC specifies what traffic needs to be let in and what traffic needs to be let out by using access lists (in the same way that Cisco IOS uses access lists). However, CBAC access lists include ip inspect statements that allow the inspection of the protocol to make sure that it is not tampered with before the protocol goes to the systems behind the firewall."
CBAC supports inspection of:
cuseeme
ftp
h323
http
rcmd
realaudio
rpc
smtp
sqlnet
streamworks
tcp
tftp
udp
vdolive
It may be worth noting what CBAC doesn't do:
"CBAC does not provide intelligent filtering for all protocols; it only works for the protocols that you specify."
"CBAC protects against certain types of attacks, but not every type of attack. CBAC should not be considered a perfect, impenetrable defense."
CBAC provides three thresholds against DoS attacks:
•The total number of half-open TCP or UDP sessions
•The number of half-open sessions based upon time
•The number of half-open TCP-only sessions per host
Basically for this, you're inspecting outgoing traffic - which puts an entry in the state table. The return traffic is checked against this state table and established traffic is permitted.
Again, the best material for CBAC can be found in the INE videos - CCIE - Security - Advanced Technologies. There are about 2 hours of CBAC information and configuration (including CBAC HA).