Hey all, I have a quick question. I currently am being flooded from one IP with SMTP packets going to my email server. I am trying to block this IP address at the router level but cannot seem to get it. I am hoping this is a simple thing, but am not sure. The offending IP address is 192.165.243.110 Here is my current ACL for the incoming connections:
==SNIP==
access-list 101 deny tcp any any eq 28
access-list 101 deny udp any any eq tftp
access-list 101 deny tcp any any eq 135
access-list 101 deny udp any any eq 135
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq 4444
access-list 101 deny tcp host 192.165.243.110 any
access-list 101 deny udp host 192.165.243.110 any
access-list 101 deny ip host 192.165.243.110 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
==SNIP==
Now I could go into detail about every line, but the lines I am concerned about are the ones denying access to that IP address. By all accounts, blocking it at udp, tcp and ip should work but it is not. Anyone have any suggestions as to what I am doing wrong? Thanks!
Joe