Edge ACLs should filter simple sources like that.
Coming from an EXTERNAL connect, you should NEVER have packets sourced with:
1. Any RFC1918 address
2. Any of your OWN addresses
3. Any other reserved space like loopback (127/8) or APIPA (169.254/16) or multicast (224/4) addresses
Every edge-facing interface should have a bare minimum ACL to **** things sourced from known-bad addresses. Your firewalls will take care of the rest of the magic.
Hello Syed, if it is comeing from within your own network, one thing that you can do to help trace it down fast is to put on port security on all cisco switches. Doing the mac address and limit it down to only one mac address. then if a 2nd one showes up it will shut down the port.
This wilil help you find out which port the person is using and able to trace it down faster. I have a feeling that after that person tries such an attack and his internet is down, they will complain real fast.
That i feel is the best way to trace the problem within your own network. Also make sure you have the spanning tree bpdu guard enable also. This will shut down anytime another switch tries to connect to a port it should not be connected to.
Hope that helps.