Lisa's answer below is 100% technically correct. I however, will caution you in the method and frequency of implementing TCP RSTs. A couple of scenarios can arise from being overzealous with the response.
First off there's the world of false positives. Although the CiscoSecure engine is one of the better engines on the market it is not accurate 100% of the time. What you don't want to do is send RSTs to a valid connection that is being reported as a false positive.
You also need to be careful using RSTs for attacks like NIMDA or or aggressive dataflows. The scenario may also arise where between packet inspection and crafting RSTs the processing burden on your sensor could degrade and even become back logged. I've seen a sensor in this scenario backlogged by 8 hours of heavy NIMDA traffic.
Hope this helps.