My network - WinNT network, Cisco 3600 router, Cisco PIX 515e with PDM v.2.1
File/Exchange server (NT4), Webserver (W2k), Antivirus server (W2k) in about 30 user network.
Sirs, I have been getting hits on my webserver from this address (18.104.22.168) steadily over the past day or so and I want to block it with my 515 Pix Device Manager. I see an Add Rules tab with fields for the source ip (them) and dest ip (me), would they be a class A address with subnet mask of 255.0.0.0? Also, will I want a separate rule for all protocol options listed (tcp, udp, ip, icmp) or can I leave it at any?
Any and all advice is appreciated, I would rather use this than trying to tear into the config manually. I know it's an easy question but worth the points if I can fix it quick. Thanks,