At 3:21 PM -0400 4/18/98, Alex P. Rudnev wrote:
During an in progress attack, you probably have to take extreme measures, Do you remember - it's not attack against you or attack by some of your customer's networks used as amplifier, but the attack initiated from your own network. You never note such thing withouth some permanent measurement.
It's why we saw this 100% helpless against the SMURF's.
But to protect your own network, all you need is the access rule I gave. You know your own broadcast address and netmask, and can put in a rule to block. You just can't block the presumed broadcast address used by other peoples networks. Logging attempted attacks which are blocked can't really be done with a cisco. You need something to monitor the line coming in. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++