My website is under a DDOS attack and I have the ip address that is launching the attack. I have entered a deny packet filter to block the address on my BM 3.7 sp2 on NW6 sp3 server. However, I still see the address in my packet logs as sending information to my webserver and my webserver responding to it. I use NAT to my webserver.

I have contacted the ISP of the ip address that is attacking us to notify them. I have also contacted my ISP to block the address. But, why am I still seeing this address in my logs after entering in the filter? I have unloaded ipflt, filtsrv, and reinitialized system. Here is what my filter looks like.

Source Interface Type : Interface
Source Interface: All Interfaces
Destination Interface Type: Interface
Destination Interface: All Interfaces
Packet Type : HTTP Request
Protocol: TCP
Src Port: 1024-65535
Dest Port: 80
Src Addr Type: Host
Src IP Address: Attackers IP Address
Dest Addr Type: Host
Dest IP Address: my webserver private address

Thanks in advance for any replies.

Scott Leonard