Frank Cheong wrote: > In-Reply-To: > > o yes, I also get these kind of attack these few days while some of them > > leaving a MAC Address 00.30.B6.D0.3C.EC so what can I do to stop these > > attack now ? As all I got is only a MAC address. Your pix already stopped it. That MAC address is whatever device your pix is connected to on the outside interface (if not, then a source of what everyone else here is seeing is on your DMZ!). You can only see local MAC addresses, due to the nature of how layer2 <-> layer3 conversions work. If you don't want the pix to drop the traffic, create an acl on your upstream router and block at the edge, or ask your ISP to do the same per: http://www.cymru.com/Documents/secure-ios-template.html Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 15:09:25 PST