Could you provide sample CISCO syntax ACL filters to perform the above? I'm not clear how you filter out these kind of attacks. Thanks,
--curtis
This is actually an incoming filter... 'sho access-list 102' shows you counts on hits for each line; pretty interesting, actually. Each line says permit any kind of ip data from anywhere, from any IP address, to the network specified. For an outgoing filter you'd reverse it so it looked like 'acc 102 permit ip <our-net> <inverted-mask> any'. no acc 102 acc 102 permit ip any 198.138.103.0 0.0.0.255 acc 102 permit ip any 205.199.164.0 0.0.0.255 acc 102 permit ip any 204.193.157.0 0.0.0.255 acc 102 permit ip any 199.171.193.0 0.0.0.255 acc 102 permit ip any 199.67.58.0 0.0.0.255 acc 102 permit ip any 205.160.86.0 0.0.0.255 acc 102 permit ip any 192.135.189.0 0.0.0.255 acc 102 permit ip any 198.133.170.0 0.0.0.255 ! not all of these are /16s, I was just lazy yesterday ! eventually the 0.0.0.255.255s should become more specific acc 102 permit ip any 206.42.0.0 0.0.255.255 acc 102 permit ip any 137.239.0.0 0.0.255.255 acc 102 permit ip any 198.69.0.0 0.0.255.255 acc 102 permit ip any 206.161.0.0 0.0.255.255 acc 102 permit ip any 205.164.128.0 0.0.255.255 acc 102 permit ip any 170.115.0.0 0.0.255.255 acc 102 permit ip any 207.106.0.0 0.0.255.255 acc 102 permit ip any 199.234.208.0 0.0.255.255 acc 102 permit ip any 207.8.128.0 0.0.255.255 acc 102 permit ip any 192.157.69.47 0.0.0.0 acc 102 permit ip any 192.41.177.87 0.0.0.0 ! acc 102 permit ip any 198.32.136.82 0.0.0.0 acc 102 deny ip any any Avi