>>>Since this router has some filtering capabilities, I won't even
>>>be able to see any attacks that don't make it through the router. Do I
>>>care? Not really, I just want to know what does make it through.
If the router has some filtering capabilities, perhaps it also has
the ability to log packets that are rejected? If so, you could
have some warning of an attack without letting any of the nasties
Padgett's favorite architecture may be a "minefield" of PCs, each
one looking for a single bad address, but a more effective solution
is to simply have the router alarm every invalid destination address
in your net (as well as things like source addresses that belong to
you coming from the outside, etc).
If your current router doesn't have a filter language that supports
alarms, packet logs, and per-interface address checking, maybe your
next one will :-).